Trojan.Deoplive
Résolu/Fermé
monkeyjack
Messages postés
6
Date d'inscription
vendredi 12 mars 2010
Statut
Membre
Dernière intervention
14 mars 2010
-
12 mars 2010 à 20:24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 14 mars 2010 à 19:33
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 14 mars 2010 à 19:33
11 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 mars 2010 à 21:06
12 mars 2010 à 21:06
slt 77colle le rapport arovax pour voir les fichiers infectés
puis
colle un rapport avec usbfix option 1 après avoir branché tous tes supports externes
puis
colle un rapport avec usbfix option 1 après avoir branché tous tes supports externes
monkeyjack
Messages postés
6
Date d'inscription
vendredi 12 mars 2010
Statut
Membre
Dernière intervention
14 mars 2010
12 mars 2010 à 21:44
12 mars 2010 à 21:44
Rapport arovax:
Scan log. Started at 03.12.2010 21:27:45
------------------------------------------
Start Processes scan
Completed Processes scan
Total items scanned: 21
Items found: 0
------------------------------------------
Start Registry scan
Name: UNKNOWN - BATINDICATOR [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\batindicator.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - LaunchHPOSIAPP [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\launchapp.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - IAStorIcon [ c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - [ ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - avast5 [ "c:\program files\alwil software\avast5\avastui.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - Adobe ARM [ "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @%systemroot%\system32\gpprnext.dll,-1 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ %systemroot%\system32\gpprnext.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3014 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @gptext.dll,-204 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @gptext.dll,-205 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}
Name: UNKNOWN - DAEMON Tools Lite [ "c:\program files (x86)\daemon tools lite\dtlite.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Completed Registry scan
Total items scanned: 25383
Items found: 19
------------------------------------------
Start Hosts file scan
Completed Hosts file scan
Total items scanned: 0
Items found: 0
------------------------------------------
Start Cookies scan
Completed Cookies scan
Total items scanned: 441
Items found: 0
------------------------------------------
Start File system scan
Name: Trojan.Deoplive
C:\Windows\system32\regedit.exe
Completed File system scan
Total items scanned: 4996
Items found: 1
------------------------------------------
Scanning Finished. 03.12.2010 21:28:02
Rapport usbfix:
############################## | UsbFix V6.099 |
User : Cyril (Administrateurs) # CYRIL-PC
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:39:44 | 12/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 460,99 Go (393,97 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 11,54 Go (1,62 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM # 7,84 Go (0 Mo free) [DragonAge] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 230,73 Mo (230,73 Mo free) # FAT32
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 15,04 Go (12,68 Go free) # FAT32
M:\ -> Disque fixe local # 465,76 Go (252,53 Go free) [IOMEGA_HDD] # NTFS
S:\ -> Disque fixe local # 458,89 Go (342,61 Go free) [STOCK] # NTFS
################## | Elements infectieux |
E:\autorun.inf
E:\DATA
L:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{1a72703a-0531-11df-b0ab-806e6f6e6963}
shell\AutoRun\command =E:\autorun.exe -auto
HKCU\..\..\Explorer\MountPoints2\{65fc497f-1c9d-11df-b46f-4061867b1a05}
shell\AutoRun\command =K:\AutoRun.exe
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.099 ! |
Scan log. Started at 03.12.2010 21:27:45
------------------------------------------
Start Processes scan
Completed Processes scan
Total items scanned: 21
Items found: 0
------------------------------------------
Start Registry scan
Name: UNKNOWN - BATINDICATOR [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\batindicator.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - LaunchHPOSIAPP [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\launchapp.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - IAStorIcon [ c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - [ ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - avast5 [ "c:\program files\alwil software\avast5\avastui.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - Adobe ARM [ "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @%systemroot%\system32\gpprnext.dll,-1 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ %systemroot%\system32\gpprnext.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3014 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @gptext.dll,-204 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @gptext.dll,-205 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}
Name: UNKNOWN - DAEMON Tools Lite [ "c:\program files (x86)\daemon tools lite\dtlite.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Completed Registry scan
Total items scanned: 25383
Items found: 19
------------------------------------------
Start Hosts file scan
Completed Hosts file scan
Total items scanned: 0
Items found: 0
------------------------------------------
Start Cookies scan
Completed Cookies scan
Total items scanned: 441
Items found: 0
------------------------------------------
Start File system scan
Name: Trojan.Deoplive
C:\Windows\system32\regedit.exe
Completed File system scan
Total items scanned: 4996
Items found: 1
------------------------------------------
Scanning Finished. 03.12.2010 21:28:02
Rapport usbfix:
############################## | UsbFix V6.099 |
User : Cyril (Administrateurs) # CYRIL-PC
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:39:44 | 12/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 460,99 Go (393,97 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 11,54 Go (1,62 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM # 7,84 Go (0 Mo free) [DragonAge] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 230,73 Mo (230,73 Mo free) # FAT32
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 15,04 Go (12,68 Go free) # FAT32
M:\ -> Disque fixe local # 465,76 Go (252,53 Go free) [IOMEGA_HDD] # NTFS
S:\ -> Disque fixe local # 458,89 Go (342,61 Go free) [STOCK] # NTFS
################## | Elements infectieux |
E:\autorun.inf
E:\DATA
L:\autorun.inf
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{1a72703a-0531-11df-b0ab-806e6f6e6963}
shell\AutoRun\command =E:\autorun.exe -auto
HKCU\..\..\Explorer\MountPoints2\{65fc497f-1c9d-11df-b46f-4061867b1a05}
shell\AutoRun\command =K:\AutoRun.exe
################## | Vaccin |
################## | ! Fin du rapport # UsbFix V6.099 ! |
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 mars 2010 à 21:47
12 mars 2010 à 21:47
ok
usbfix a vu des infections transitant par tes supports externes... alors
colle un rapport usbfix option 2 après avoir branché tous tes supports externes
puis remets un rapport arovax pour voir si l'infection est encore présente
puis pour bien vérifier le pc:
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
usbfix a vu des infections transitant par tes supports externes... alors
colle un rapport usbfix option 2 après avoir branché tous tes supports externes
puis remets un rapport arovax pour voir si l'infection est encore présente
puis pour bien vérifier le pc:
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
monkeyjack
Messages postés
6
Date d'inscription
vendredi 12 mars 2010
Statut
Membre
Dernière intervention
14 mars 2010
12 mars 2010 à 22:41
12 mars 2010 à 22:41
Rapport usbfix:
############################## | UsbFix V6.099 |
User : Cyril (Administrateurs) # CYRIL-PC
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:57:47 | 12/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 460,99 Go (393,91 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 11,54 Go (1,62 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM # 7,84 Go (0 Mo free) [DragonAge] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 230,73 Mo (230,73 Mo free) # FAT32
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 15,04 Go (12,68 Go free) # FAT32
M:\ -> Disque fixe local # 465,76 Go (252,53 Go free) [IOMEGA_HDD] # NTFS
S:\ -> Disque fixe local # 458,89 Go (342,61 Go free) [STOCK] # NTFS
################## | Elements infectieux |
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2823226816-3040431354-2244793164-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-500
(!) Non supprimé ! E:\autorun.inf
(!) Non supprimé ! E:\DATA
Supprimé ! L:\autorun.inf
Supprimé ! M:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
Supprimé ! S:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{1a72703a-0531-11df-b0ab-806e6f6e6963}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{65fc497f-1c9d-11df-b46f-4061867b1a05}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[?|?|?] C:\hiberfil.sys
[01/12/2006 23:37|--a------|904704] C:\msdia80.dll
[?|?|?] C:\pagefile.sys
[12/03/2010 21:59|--a------|2181] C:\UsbFix.txt
[13/07/2009 18:39|--ahs----|383562] D:\bootmgr
[17/02/2010 13:43|---hs----|0] D:\BT_HP.FLG
[06/01/2010 02:52|--ahs----|485] D:\CSP.DAT
[06/01/2010 03:04|--ahs----|15537] D:\DeployRp.log
[03/03/2010 14:37|--ahs----|0] D:\hpdrcu.prc
[17/02/2010 13:43|--ahs----|22] D:\language.ini
[06/01/2010 03:04|--ahs----|0] D:\RPCONFIG.LOG
[22/09/2009 22:30|-r-------|2126120] E:\Setup.exe
[16/07/2009 23:13|-r-------|1246440] E:\autorun.exe
[14/04/2009 04:17|-r-------|58] E:\autorun.inf
[25/07/2009 02:23|-r-------|26695] E:\cluf.rtf
[25/07/2009 02:23|-r-------|26877] E:\eula_cz.rtf
[25/07/2009 02:23|-r-------|22966] E:\eula_de.rtf
[25/07/2009 02:23|-r-------|18998] E:\eula_en.rtf
[25/07/2009 02:23|-r-------|21752] E:\eula_es.rtf
[25/07/2009 02:23|-r-------|26695] E:\eula_fr.rtf
[25/07/2009 02:23|-r-------|27549] E:\eula_hu.rtf
[25/07/2009 02:23|-r-------|21911] E:\eula_it.rtf
[25/07/2009 02:23|-r-------|23314] E:\eula_pl.rtf
[23/09/2009 20:22|-r-------|25335] E:\lisezmoi.txt
[23/09/2009 20:22|-r-------|23199] E:\readme_cz.txt
[23/09/2009 20:22|-r-------|24120] E:\readme_de.txt
[23/09/2009 20:22|-r-------|21369] E:\readme_en.txt
[23/09/2009 20:22|-r-------|22815] E:\readme_es.txt
[23/09/2009 20:22|-r-------|25335] E:\readme_fr.txt
[23/09/2009 20:22|-r-------|23761] E:\readme_hu.txt
[23/09/2009 20:22|-r-------|22695] E:\readme_it.txt
[23/09/2009 20:22|-r-------|23396] E:\readme_pl.txt
[24/10/2009 11:08|--a------|367168384] L:\NCIS.S06E09-EPZ.[Wawacity.eu].avi
[16/04/2009 14:49|--a------|734398848] L:\Deux.Soeurs.Pour.Un.Roi.TRUEFRENCH.DVDRIP.XVID-SYR.avi
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# M:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# S:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_Cyril-PC.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
Rapport Arovax
Rapport Scan log. Started at 03.12.2010 22:06:17
------------------------------------------
Start Processes scan
Completed Processes scan
Total items scanned: 24
Items found: 0
------------------------------------------
Start Registry scan
Name: UNKNOWN - BATINDICATOR [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\batindicator.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - LaunchHPOSIAPP [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\launchapp.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - IAStorIcon [ c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - [ ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - avast5 [ "c:\program files\alwil software\avast5\avastui.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - Adobe ARM [ "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @%systemroot%\system32\gpprnext.dll,-1 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ %systemroot%\system32\gpprnext.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3014 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @gptext.dll,-204 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @gptext.dll,-205 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}
Name: UNKNOWN - DAEMON Tools Lite [ "c:\program files (x86)\daemon tools lite\dtlite.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Completed Registry scan
Total items scanned: 25383
Items found: 19
------------------------------------------
Start Hosts file scan
Completed Hosts file scan
Total items scanned: 0
Items found: 0
------------------------------------------
Start Cookies scan
Completed Cookies scan
Total items scanned: 441
Items found: 0
------------------------------------------
Start File system scan
Name: Trojan.Deoplive
C:\Windows\system32\regedit.exe
Completed File system scan
Total items scanned: 5008
Items found: 1
------------------------------------------
Scanning Finished. 03.12.2010 22:07:08
Il est toujours là et je n'arrive pas à faire marcher RSIT j'ai un message d'erreur:
Autolt Error
Line -1:
Error: Variable used without being declared.
############################## | UsbFix V6.099 |
User : Cyril (Administrateurs) # CYRIL-PC
Update on 11/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:57:47 | 12/03/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7600 64-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 460,99 Go (393,91 Go free) [HP] # NTFS
D:\ -> Disque fixe local # 11,54 Go (1,62 Go free) [FACTORY_IMAGE] # NTFS
E:\ -> Disque CD-ROM # 7,84 Go (0 Mo free) [DragonAge] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible # 230,73 Mo (230,73 Mo free) # FAT32
K:\ -> Disque CD-ROM
L:\ -> Disque amovible # 15,04 Go (12,68 Go free) # FAT32
M:\ -> Disque fixe local # 465,76 Go (252,53 Go free) [IOMEGA_HDD] # NTFS
S:\ -> Disque fixe local # 458,89 Go (342,61 Go free) [STOCK] # NTFS
################## | Elements infectieux |
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2823226816-3040431354-2244793164-500
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-500
(!) Non supprimé ! E:\autorun.inf
(!) Non supprimé ! E:\DATA
Supprimé ! L:\autorun.inf
Supprimé ! M:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
Supprimé ! S:\$Recycle.Bin\S-1-5-21-2365327991-2489179212-3233634672-1000
################## | Registre |
################## | Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{1a72703a-0531-11df-b0ab-806e6f6e6963}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{65fc497f-1c9d-11df-b46f-4061867b1a05}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[?|?|?] C:\hiberfil.sys
[01/12/2006 23:37|--a------|904704] C:\msdia80.dll
[?|?|?] C:\pagefile.sys
[12/03/2010 21:59|--a------|2181] C:\UsbFix.txt
[13/07/2009 18:39|--ahs----|383562] D:\bootmgr
[17/02/2010 13:43|---hs----|0] D:\BT_HP.FLG
[06/01/2010 02:52|--ahs----|485] D:\CSP.DAT
[06/01/2010 03:04|--ahs----|15537] D:\DeployRp.log
[03/03/2010 14:37|--ahs----|0] D:\hpdrcu.prc
[17/02/2010 13:43|--ahs----|22] D:\language.ini
[06/01/2010 03:04|--ahs----|0] D:\RPCONFIG.LOG
[22/09/2009 22:30|-r-------|2126120] E:\Setup.exe
[16/07/2009 23:13|-r-------|1246440] E:\autorun.exe
[14/04/2009 04:17|-r-------|58] E:\autorun.inf
[25/07/2009 02:23|-r-------|26695] E:\cluf.rtf
[25/07/2009 02:23|-r-------|26877] E:\eula_cz.rtf
[25/07/2009 02:23|-r-------|22966] E:\eula_de.rtf
[25/07/2009 02:23|-r-------|18998] E:\eula_en.rtf
[25/07/2009 02:23|-r-------|21752] E:\eula_es.rtf
[25/07/2009 02:23|-r-------|26695] E:\eula_fr.rtf
[25/07/2009 02:23|-r-------|27549] E:\eula_hu.rtf
[25/07/2009 02:23|-r-------|21911] E:\eula_it.rtf
[25/07/2009 02:23|-r-------|23314] E:\eula_pl.rtf
[23/09/2009 20:22|-r-------|25335] E:\lisezmoi.txt
[23/09/2009 20:22|-r-------|23199] E:\readme_cz.txt
[23/09/2009 20:22|-r-------|24120] E:\readme_de.txt
[23/09/2009 20:22|-r-------|21369] E:\readme_en.txt
[23/09/2009 20:22|-r-------|22815] E:\readme_es.txt
[23/09/2009 20:22|-r-------|25335] E:\readme_fr.txt
[23/09/2009 20:22|-r-------|23761] E:\readme_hu.txt
[23/09/2009 20:22|-r-------|22695] E:\readme_it.txt
[23/09/2009 20:22|-r-------|23396] E:\readme_pl.txt
[24/10/2009 11:08|--a------|367168384] L:\NCIS.S06E09-EPZ.[Wawacity.eu].avi
[16/04/2009 14:49|--a------|734398848] L:\Deux.Soeurs.Pour.Un.Roi.TRUEFRENCH.DVDRIP.XVID-SYR.avi
################## | Vaccination |
# C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# L:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# M:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
# S:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).
################## | Upload |
Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_Cyril-PC.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .
################## | ! Fin du rapport # UsbFix V6.099 ! |
Rapport Arovax
Rapport Scan log. Started at 03.12.2010 22:06:17
------------------------------------------
Start Processes scan
Completed Processes scan
Total items scanned: 24
Items found: 0
------------------------------------------
Start Registry scan
Name: UNKNOWN - BATINDICATOR [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\batindicator.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - LaunchHPOSIAPP [ c:\program files (x86)\hewlett-packard\hp mainstream keyboard\launchapp.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - IAStorIcon [ c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - [ ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - avast5 [ "c:\program files\alwil software\avast5\avastui.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - Adobe ARM [ "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}
Name: UNKNOWN - DisplayName [ @%systemroot%\system32\gpprnext.dll,-1 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ %systemroot%\system32\gpprnext.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3014 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}
Name: UNKNOWN - DisplayName [ @gptext.dll,-204 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}
Name: UNKNOWN - DllName [ c:\windows\syswow64\iedkcs32.dll ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @c:\windows\syswow64\iedkcs32.dll,-3051 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
Name: UNKNOWN - DisplayName [ @gptext.dll,-205 ]
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}
Name: UNKNOWN - DAEMON Tools Lite [ "c:\program files (x86)\daemon tools lite\dtlite.exe ]
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Completed Registry scan
Total items scanned: 25383
Items found: 19
------------------------------------------
Start Hosts file scan
Completed Hosts file scan
Total items scanned: 0
Items found: 0
------------------------------------------
Start Cookies scan
Completed Cookies scan
Total items scanned: 441
Items found: 0
------------------------------------------
Start File system scan
Name: Trojan.Deoplive
C:\Windows\system32\regedit.exe
Completed File system scan
Total items scanned: 5008
Items found: 1
------------------------------------------
Scanning Finished. 03.12.2010 22:07:08
Il est toujours là et je n'arrive pas à faire marcher RSIT j'ai un message d'erreur:
Autolt Error
Line -1:
Error: Variable used without being declared.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 mars 2010 à 10:38
13 mars 2010 à 10:38
ok
analyse ce fichier sur virus total et colle nous le rapport
https://www.virustotal.com/gui/
C:\Windows\system32\regedit.exe
_______________________
puis
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
analyse ce fichier sur virus total et colle nous le rapport
https://www.virustotal.com/gui/
C:\Windows\system32\regedit.exe
_______________________
puis
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
monkeyjack
Messages postés
6
Date d'inscription
vendredi 12 mars 2010
Statut
Membre
Dernière intervention
14 mars 2010
13 mars 2010 à 12:07
13 mars 2010 à 12:07
Rapport virus total:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.13 -
AhnLab-V3 5.0.0.2 2010.03.12 -
AntiVir 8.2.1.180 2010.03.12 -
Antiy-AVL 2.0.3.7 2010.03.12 -
Authentium 5.2.0.5 2010.03.13 -
Avast 4.8.1351.0 2010.03.13 -
Avast5 5.0.332.0 2010.03.13 -
AVG 9.0.0.787 2010.03.13 -
BitDefender 7.2 2010.03.13 -
CAT-QuickHeal 10.00 2010.03.13 -
ClamAV 0.96.0.0-git 2010.03.13 -
Comodo 4246 2010.03.13 -
DrWeb 5.0.1.12222 2010.03.13 -
eSafe 7.0.17.0 2010.03.11 -
eTrust-Vet 35.2.7359 2010.03.12 -
F-Prot 4.5.1.85 2010.03.12 -
F-Secure 9.0.15370.0 2010.03.13 -
Fortinet 4.0.14.0 2010.03.09 -
GData 19 2010.03.13 -
Ikarus T3.1.1.80.0 2010.03.13 -
Jiangmin 13.0.900 2010.03.13 -
K7AntiVirus 7.10.996 2010.03.12 -
Kaspersky 7.0.0.125 2010.03.13 -
McAfee 5918 2010.03.12 -
McAfee+Artemis 5918 2010.03.12 -
McAfee-GW-Edition 6.8.5 2010.03.12 -
Microsoft 1.5502 2010.03.12 -
NOD32 4940 2010.03.12 -
Norman 6.04.08 2010.03.12 -
nProtect 2009.1.8.0 2010.03.13 -
Panda 10.0.2.2 2010.03.13 -
PCTools 7.0.3.5 2010.03.13 -
Prevx 3.0 2010.03.13 -
Rising 22.38.04.03 2010.03.12 -
Sophos 4.51.0 2010.03.13 -
Sunbelt 5851 2010.03.13 -
Symantec 20091.2.0.41 2010.03.13 -
TheHacker 6.5.2.0.232 2010.03.13 -
TrendMicro 9.120.0.1004 2010.03.13 -
VBA32 3.12.12.2 2010.03.12 -
ViRobot 2010.3.13.2226 2010.03.13 -
VirusBuster 5.0.27.0 2010.03.12 -
Information additionnelle
File size: 398336 bytes
MD5...: 8a4883f5e7ac37444f23279239553878
SHA1..: 682214961228453c389854e81e6786df92bbfa67
SHA256: f318c94a46dbca88eefc3e28be51d27e5f91029dc062f56faaa995f0b5f8e518
ssdeep: 3072:apjBFy11Aw6Zyhurk2ilx3hLvgiuRMoiFeYOlZvGgiKzZISqQ:AhuhuIpRL
5uO1FeYOlZvGgiKF1
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x19b0
timedatestamp.....: 0x4a5bc072 (Mon Jul 13 23:17:06 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b47c 0x1b600 6.43 eabe943e53e560d889b47c9fbd06af2d
.data 0x1d000 0x412f0 0x40800 0.01 6c9314800e405d40445be8a2676a1c27
.rsrc 0x5f000 0x3488 0x3600 4.28 4d2849c874343ddce5fd395c51a996ad
.reloc 0x63000 0x1a80 0x1c00 6.67 f84fb1a807f4c68dbec71b9e69c89866
( 16 imports )
> ADVAPI32.dll: RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegQueryInfoKeyW, RegDeleteKeyW, RegCreateKeyExW, RegRenameKey, GetSecurityDescriptorControl, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegSetKeySecurity, GetSecurityInfo, RegConnectRegistryW, RegRestoreKeyW, RegSaveKeyW, RegFlushKey, RegSetValueW, RegOpenKeyExW, RegUnLoadKeyW, RegLoadKeyW, MapGenericMask, GetNamedSecurityInfoW, SetSecurityDescriptorGroup, GetSecurityDescriptorGroup, SetSecurityDescriptorOwner, GetSecurityDescriptorOwner, SetSecurityDescriptorSacl, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetNamedSecurityInfoW, SetSecurityInfo, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSidSubAuthority, GetSidSubAuthorityCount, LookupAccountSidW, GetInheritanceSourceW, InitializeAcl, IsValidSecurityDescriptor, RegSetValueExA, RegCloseKey
> KERNEL32.dll: LoadLibraryExA, InterlockedCompareExchange, GetProcAddress, DelayLoadFailureHook, MulDiv, LoadLibraryW, FreeLibrary, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetTimeFormatW, MultiByteToWideChar, GetFileSize, SetFilePointer, GetLastError, OutputDebugStringW, ReadFile, CreateFileW, RegOpenKeyExA, RegQueryValueExA, ExpandEnvironmentStringsA, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, Sleep, InterlockedExchange, lstrcmpW, GetCurrentProcess, CloseHandle, HeapSetInformation, GetThreadLocale, GetModuleHandleW, RegisterApplicationRestart, ExitProcess, WideCharToMultiByte, WriteFile, DeleteFileW, GetCommandLineW, GetLongPathNameW, GetProcessHeap, FormatMessageW, GetWindowsDirectoryW, lstrcmpiW, LocalFree, LocalAlloc, GetComputerNameW, lstrlenW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, SearchPathW, LoadLibraryA
> GDI32.dll: GetTextExtentPoint32W, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, GetTextMetricsW, SelectObject, CreateFontIndirectW, GetDeviceCaps, ExtTextOutW, GetStockObject
> USER32.dll: EnableWindow, DialogBoxParamW, DrawMenuBar, InsertMenuItemW, DeleteMenu, GetKeyState, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, LoadStringW, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CheckDlgButton, DestroyWindow, CreateDialogParamW, DrawAnimatedRects, IntersectRect, GetClientRect, SetWindowTextW, GetMessagePos, CharNextW, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, GetWindow, IsDialogMessageW, PeekMessageW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, SetWindowPos, MapWindowPoints, MoveWindow, GetSystemMetrics, GetWindowRect, GetDlgItem, SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetWindowPlacement, PostQuitMessage, GetDlgItemInt, SetMenuItemInfoW, GetWindowTextLengthW, CallWindowProcW, IsDlgButtonChecked, GetDlgItemTextW, GetClipboardData, EndDialog, GetWindowLongW, GetParent, GetWindowTextW, SendMessageW, CheckRadioButton, RegisterClipboardFormatW, LoadCursorW, ModifyMenuW, RegisterClassW, SetCapture, SetTimer, BeginPaint, EndPaint, SetFocus, LoadMenuW, GetSubMenu, EnableMenuItem, IsClipboardFormatAvailable, TrackPopupMenuEx, DestroyMenu, HideCaret, MessageBeep, CharLowerW, CreateCaret, ShowCaret
> msvcrt.dll: _controlfp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _vsnwprintf, memcpy, atoi, memset, iswctype, wcschr, wcsncmp, wcsrchr, _wcsnicmp, _resetstkoflw, iswprint, _purecall, __getmainargs, _cexit, _except_handler4_common, memmove
> SHLWAPI.dll: StrChrIW, StrChrW, StrRChrW, -, StrToIntW, StrStrIW, -
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, CreateStatusWindowW, ImageList_SetBkColor, ImageList_Create, ImageList_ReplaceIcon, -, -, -, ImageList_Destroy
> COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW, PrintDlgExW
> SHELL32.dll: SHGetStockIconInfo, DragQueryFileW, DragFinish, ShellAboutW
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, ReleaseStgMedium, CoInitializeEx, CoUninitialize
> ulib.dll: _NewBuf@DSTRING@@UAEEK@Z, __1OBJECT@@UAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0OBJECT@@IAE@XZ, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, _Initialize@WSTRING@@QAEEPBGK@Z, __1DSTRING@@UAE@XZ, _SPrintfAppend@DSTRING@@UAAEPBGZZ, _Initialize@ARRAY@@QAEEKK@Z, __0ARRAY@@QAE@XZ, _Resize@DSTRING@@UAEEK@Z, _SPrintf@DSTRING@@UAAEPBGZZ
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlInitUnicodeString, RtlIoDecodeMemIoResource, RtlCmDecodeMemIoResource, RtlFreeUnicodeString, RtlCreateUnicodeString, RtlAllocateHeap, RtlFreeHeap
> UxTheme.dll: SetWindowTheme
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Registry Editor
original name: REGEDIT.EXE
internal name: REGEDIT
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Concernant ComboFix, lorsque je tente de l'utiliser, j'ai droit à un message d'erreur (encore un):
Error - Win32 only
OS incompatible. ComboFix ne fonctionne que pour Windows 2000 et XP
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.50 2010.03.13 -
AhnLab-V3 5.0.0.2 2010.03.12 -
AntiVir 8.2.1.180 2010.03.12 -
Antiy-AVL 2.0.3.7 2010.03.12 -
Authentium 5.2.0.5 2010.03.13 -
Avast 4.8.1351.0 2010.03.13 -
Avast5 5.0.332.0 2010.03.13 -
AVG 9.0.0.787 2010.03.13 -
BitDefender 7.2 2010.03.13 -
CAT-QuickHeal 10.00 2010.03.13 -
ClamAV 0.96.0.0-git 2010.03.13 -
Comodo 4246 2010.03.13 -
DrWeb 5.0.1.12222 2010.03.13 -
eSafe 7.0.17.0 2010.03.11 -
eTrust-Vet 35.2.7359 2010.03.12 -
F-Prot 4.5.1.85 2010.03.12 -
F-Secure 9.0.15370.0 2010.03.13 -
Fortinet 4.0.14.0 2010.03.09 -
GData 19 2010.03.13 -
Ikarus T3.1.1.80.0 2010.03.13 -
Jiangmin 13.0.900 2010.03.13 -
K7AntiVirus 7.10.996 2010.03.12 -
Kaspersky 7.0.0.125 2010.03.13 -
McAfee 5918 2010.03.12 -
McAfee+Artemis 5918 2010.03.12 -
McAfee-GW-Edition 6.8.5 2010.03.12 -
Microsoft 1.5502 2010.03.12 -
NOD32 4940 2010.03.12 -
Norman 6.04.08 2010.03.12 -
nProtect 2009.1.8.0 2010.03.13 -
Panda 10.0.2.2 2010.03.13 -
PCTools 7.0.3.5 2010.03.13 -
Prevx 3.0 2010.03.13 -
Rising 22.38.04.03 2010.03.12 -
Sophos 4.51.0 2010.03.13 -
Sunbelt 5851 2010.03.13 -
Symantec 20091.2.0.41 2010.03.13 -
TheHacker 6.5.2.0.232 2010.03.13 -
TrendMicro 9.120.0.1004 2010.03.13 -
VBA32 3.12.12.2 2010.03.12 -
ViRobot 2010.3.13.2226 2010.03.13 -
VirusBuster 5.0.27.0 2010.03.12 -
Information additionnelle
File size: 398336 bytes
MD5...: 8a4883f5e7ac37444f23279239553878
SHA1..: 682214961228453c389854e81e6786df92bbfa67
SHA256: f318c94a46dbca88eefc3e28be51d27e5f91029dc062f56faaa995f0b5f8e518
ssdeep: 3072:apjBFy11Aw6Zyhurk2ilx3hLvgiuRMoiFeYOlZvGgiKzZISqQ:AhuhuIpRL
5uO1FeYOlZvGgiKF1
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x19b0
timedatestamp.....: 0x4a5bc072 (Mon Jul 13 23:17:06 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b47c 0x1b600 6.43 eabe943e53e560d889b47c9fbd06af2d
.data 0x1d000 0x412f0 0x40800 0.01 6c9314800e405d40445be8a2676a1c27
.rsrc 0x5f000 0x3488 0x3600 4.28 4d2849c874343ddce5fd395c51a996ad
.reloc 0x63000 0x1a80 0x1c00 6.67 f84fb1a807f4c68dbec71b9e69c89866
( 16 imports )
> ADVAPI32.dll: RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegDeleteValueW, RegOpenKeyW, RegEnumKeyW, RegQueryInfoKeyW, RegDeleteKeyW, RegCreateKeyExW, RegRenameKey, GetSecurityDescriptorControl, RegQueryValueExW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegSetKeySecurity, GetSecurityInfo, RegConnectRegistryW, RegRestoreKeyW, RegSaveKeyW, RegFlushKey, RegSetValueW, RegOpenKeyExW, RegUnLoadKeyW, RegLoadKeyW, MapGenericMask, GetNamedSecurityInfoW, SetSecurityDescriptorGroup, GetSecurityDescriptorGroup, SetSecurityDescriptorOwner, GetSecurityDescriptorOwner, SetSecurityDescriptorSacl, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, SetNamedSecurityInfoW, SetSecurityInfo, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSidSubAuthority, GetSidSubAuthorityCount, LookupAccountSidW, GetInheritanceSourceW, InitializeAcl, IsValidSecurityDescriptor, RegSetValueExA, RegCloseKey
> KERNEL32.dll: LoadLibraryExA, InterlockedCompareExchange, GetProcAddress, DelayLoadFailureHook, MulDiv, LoadLibraryW, FreeLibrary, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetTimeFormatW, MultiByteToWideChar, GetFileSize, SetFilePointer, GetLastError, OutputDebugStringW, ReadFile, CreateFileW, RegOpenKeyExA, RegQueryValueExA, ExpandEnvironmentStringsA, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, GetStartupInfoA, Sleep, InterlockedExchange, lstrcmpW, GetCurrentProcess, CloseHandle, HeapSetInformation, GetThreadLocale, GetModuleHandleW, RegisterApplicationRestart, ExitProcess, WideCharToMultiByte, WriteFile, DeleteFileW, GetCommandLineW, GetLongPathNameW, GetProcessHeap, FormatMessageW, GetWindowsDirectoryW, lstrcmpiW, LocalFree, LocalAlloc, GetComputerNameW, lstrlenW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, SearchPathW, LoadLibraryA
> GDI32.dll: GetTextExtentPoint32W, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, GetTextMetricsW, SelectObject, CreateFontIndirectW, GetDeviceCaps, ExtTextOutW, GetStockObject
> USER32.dll: EnableWindow, DialogBoxParamW, DrawMenuBar, InsertMenuItemW, DeleteMenu, GetKeyState, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, LoadStringW, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CheckDlgButton, DestroyWindow, CreateDialogParamW, DrawAnimatedRects, IntersectRect, GetClientRect, SetWindowTextW, GetMessagePos, CharNextW, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, GetWindow, IsDialogMessageW, PeekMessageW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, SetWindowPos, MapWindowPoints, MoveWindow, GetSystemMetrics, GetWindowRect, GetDlgItem, SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetWindowPlacement, PostQuitMessage, GetDlgItemInt, SetMenuItemInfoW, GetWindowTextLengthW, CallWindowProcW, IsDlgButtonChecked, GetDlgItemTextW, GetClipboardData, EndDialog, GetWindowLongW, GetParent, GetWindowTextW, SendMessageW, CheckRadioButton, RegisterClipboardFormatW, LoadCursorW, ModifyMenuW, RegisterClassW, SetCapture, SetTimer, BeginPaint, EndPaint, SetFocus, LoadMenuW, GetSubMenu, EnableMenuItem, IsClipboardFormatAvailable, TrackPopupMenuEx, DestroyMenu, HideCaret, MessageBeep, CharLowerW, CreateCaret, ShowCaret
> msvcrt.dll: _controlfp, _terminate@@YAXXZ, __set_app_type, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _vsnwprintf, memcpy, atoi, memset, iswctype, wcschr, wcsncmp, wcsrchr, _wcsnicmp, _resetstkoflw, iswprint, _purecall, __getmainargs, _cexit, _except_handler4_common, memmove
> SHLWAPI.dll: StrChrIW, StrChrW, StrRChrW, -, StrToIntW, StrStrIW, -
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, CreateStatusWindowW, ImageList_SetBkColor, ImageList_Create, ImageList_ReplaceIcon, -, -, -, ImageList_Destroy
> COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW, PrintDlgExW
> SHELL32.dll: SHGetStockIconInfo, DragQueryFileW, DragFinish, ShellAboutW
> AUTHZ.dll: AuthzInitializeResourceManager, AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, ReleaseStgMedium, CoInitializeEx, CoUninitialize
> ulib.dll: _NewBuf@DSTRING@@UAEEK@Z, __1OBJECT@@UAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0OBJECT@@IAE@XZ, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, _Initialize@WSTRING@@QAEEPBGK@Z, __1DSTRING@@UAE@XZ, _SPrintfAppend@DSTRING@@UAAEPBGZZ, _Initialize@ARRAY@@QAEEKK@Z, __0ARRAY@@QAE@XZ, _Resize@DSTRING@@UAEEK@Z, _SPrintf@DSTRING@@UAAEPBGZZ
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlInitUnicodeString, RtlIoDecodeMemIoResource, RtlCmDecodeMemIoResource, RtlFreeUnicodeString, RtlCreateUnicodeString, RtlAllocateHeap, RtlFreeHeap
> UxTheme.dll: SetWindowTheme
( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Registry Editor
original name: REGEDIT.EXE
internal name: REGEDIT
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Concernant ComboFix, lorsque je tente de l'utiliser, j'ai droit à un message d'erreur (encore un):
Error - Win32 only
OS incompatible. ComboFix ne fonctionne que pour Windows 2000 et XP
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 mars 2010 à 13:46
13 mars 2010 à 13:46
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
monkeyjack
Messages postés
6
Date d'inscription
vendredi 12 mars 2010
Statut
Membre
Dernière intervention
14 mars 2010
13 mars 2010 à 14:28
13 mars 2010 à 14:28
Alors comme je l'ai expliqué précédemment, quand j'exécute RSIT j'obtiens le message d'erreur suivant:
Autolt Error
Line -1:
Error: Variable used without being declared.
J'arrive bien sur le disclaimer mais lorsque je clique sur Continue c'est ce message d'erreur qui apparaît.
Je sais, je suis pas arrangeant (enfin là c'est surtout mon PC qui ne l'est pas).
Par contre dans le dossier C:\rsit il y a bien un fichier log.txt.
Je ne sais pas si ça peut aider mais voici ce qu'il contient:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Cyril at 2010-03-13 14:15:05
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 403 GB (85%) free of 472 GB
Total RAM: 6071 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:06, on 13/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Arovax AntiSpyware\ArovaxAntiSpyware.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Cyril\Desktop\RSIT.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\trend micro\Cyril.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Cyril\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: Wallpaper.lnk = C:\Program Files (x86)\Wallpaper\Wallpaper.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Autolt Error
Line -1:
Error: Variable used without being declared.
J'arrive bien sur le disclaimer mais lorsque je clique sur Continue c'est ce message d'erreur qui apparaît.
Je sais, je suis pas arrangeant (enfin là c'est surtout mon PC qui ne l'est pas).
Par contre dans le dossier C:\rsit il y a bien un fichier log.txt.
Je ne sais pas si ça peut aider mais voici ce qu'il contient:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Cyril at 2010-03-13 14:15:05
Microsoft Windows 7 Édition Familiale Premium
System drive C: has 403 GB (85%) free of 472 GB
Total RAM: 6071 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:06, on 13/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Arovax AntiSpyware\ArovaxAntiSpyware.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Cyril\Desktop\RSIT.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\trend micro\Cyril.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Cyril\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: Wallpaper.lnk = C:\Program Files (x86)\Wallpaper\Wallpaper.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 mars 2010 à 20:22
13 mars 2010 à 20:22
Arovax est à jour? quelle est la date de mise à jour? (je ne trouve pas de version depuis 2007?)
_________________
colle un rapport avec super antispyware
_________________
colle un rapport avec super antispyware
monkeyjack
Messages postés
6
Date d'inscription
vendredi 12 mars 2010
Statut
Membre
Dernière intervention
14 mars 2010
14 mars 2010 à 12:30
14 mars 2010 à 12:30
Il me semble effectivement que la dernière version d' Arovax date de 2007. En tous cas c'est cette version là que j'ai.
Sinon voici le rapport de SuperAntispyware:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 03/14/2010 at 12:16 PM
Application Version : 4.34.1000
Core Rules Database Version : 4671
Trace Rules Database Version: 2483
Scan type : Complete Scan
Total Scan Time : 00:18:32
Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 7197
Registry threats detected : 0
File items scanned : 30719
File threats detected : 9
Adware.Tracking Cookie
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@smartadserver[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@tradedoubler[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@atdmt[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@boursoramabanque.solution.weborama[2].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@weborama[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@msnportal.112.2o7[1].txt
C:\Users\Cyril\AppData\Local\Temp\Cookies\cyril@atdmt[2].txt
Adware.Vundo/Variant-MSFake
C:\USERS\CYRIL\APPDATA\ROAMING\MICROSOFT\LIVE SEARCH\MISE-A-JOUR-LIVESEARCH.EXE
S:\DOK 1\DRIVERS\INSTALLATION_WLMOVIEMAKER.EXE
Sinon voici le rapport de SuperAntispyware:
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 03/14/2010 at 12:16 PM
Application Version : 4.34.1000
Core Rules Database Version : 4671
Trace Rules Database Version: 2483
Scan type : Complete Scan
Total Scan Time : 00:18:32
Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 7197
Registry threats detected : 0
File items scanned : 30719
File threats detected : 9
Adware.Tracking Cookie
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@smartadserver[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@tradedoubler[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@atdmt[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@boursoramabanque.solution.weborama[2].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@weborama[1].txt
C:\Users\Cyril\AppData\Roaming\Microsoft\Windows\Cookies\cyril@msnportal.112.2o7[1].txt
C:\Users\Cyril\AppData\Local\Temp\Cookies\cyril@atdmt[2].txt
Adware.Vundo/Variant-MSFake
C:\USERS\CYRIL\APPDATA\ROAMING\MICROSOFT\LIVE SEARCH\MISE-A-JOUR-LIVESEARCH.EXE
S:\DOK 1\DRIVERS\INSTALLATION_WLMOVIEMAKER.EXE
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
14 mars 2010 à 19:33
14 mars 2010 à 19:33
ok
c'est bon pour ton pc
vire arovax car non mis à jour depuis 2007 ... et donc ce qu'il trouve je pense est un faux positif!
puis pour virer ce qui a été utilisé lance tools cleaner
bonne continuation
c'est bon pour ton pc
vire arovax car non mis à jour depuis 2007 ... et donc ce qu'il trouve je pense est un faux positif!
puis pour virer ce qui a été utilisé lance tools cleaner
bonne continuation