A voir également:
- Infection par Trojan.Ransom.a
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Virus non détecté par mon anti-virus ? ✓ - Forum Antivirus
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Virus
- Mon ordinateur a été infecté par un virus ou - Forum Virus
- L'ordinateur de simon a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? - Forum Jeux vidéo
15 réponses
Je vois que 75% du message initial ont sauté donc voila la suite :
ADSL : 1Mb
Firewall : Kerio 4 (licence complète)
Antivirus : AntiVir Premium (licence complète)
Spyware : Spyware Doctor + nombreux anti-spyware pour scan complémentaires
Rapport ewido :
ADSL : 1Mb
Firewall : Kerio 4 (licence complète)
Antivirus : AntiVir Premium (licence complète)
Spyware : Spyware Doctor + nombreux anti-spyware pour scan complémentaires
Rapport ewido :
Messages postés
Date d'inscription
vendredi 28 octobre 2005
Dernière intervention
17 août 2008
25 juil. 2006 à 22:14
25 juil. 2006 à 22:14
Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
ensuite, regarde dans le dossier windows si tu as un fichier 002.exe
SURTOUT ne paye pas !
Bon courage.
Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
ensuite, regarde dans le dossier windows si tu as un fichier 002.exe
SURTOUT ne paye pas !
Bon courage.
Messages postés
Date d'inscription
mardi 27 juin 2006
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
25 juil. 2006 à 22:18
25 juil. 2006 à 22:18
Salut vous 2.
Je suis le message pour essayer de te depanner au plus vite si incognito serait absent :-)
Pas très courant ce trojan !
Je suis le message pour essayer de te depanner au plus vite si incognito serait absent :-)
Pas très courant ce trojan !
Merci pour ta contribution,
Pour afficher les dossiers cachés et système, c'est déja fait.
Nulle trace de 002.exe ni dans WINDOWS ni dans tout le poste de travail.
Nouveauté : ma page de démarrage explorer à changée, ce n'est plus google mais autre chose (que j'ai rechangé).
A part cela je ne vois pas trace des logs que j'ai copié/collé et joints (logs ewido, SmitFraudeFix et HijackThis) ?
Donc, apparemment, impossible de copier/coller.
A noter également que HijackThis reste bloqué avant la fin de son rapport.
Je sens un reformatage complet du disque dur arriver...
Je tente une copie du log HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 17:50:35, on 25/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\RunServicesOnce: [Antivir] "C:\Program Files\Antivir PersonalEdition Premium\avgnt.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O17 - HKLM\System\CS3\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Merci de votre aide car je ne sais plus quoi faire !
Pour afficher les dossiers cachés et système, c'est déja fait.
Nulle trace de 002.exe ni dans WINDOWS ni dans tout le poste de travail.
Nouveauté : ma page de démarrage explorer à changée, ce n'est plus google mais autre chose (que j'ai rechangé).
A part cela je ne vois pas trace des logs que j'ai copié/collé et joints (logs ewido, SmitFraudeFix et HijackThis) ?
Donc, apparemment, impossible de copier/coller.
A noter également que HijackThis reste bloqué avant la fin de son rapport.
Je sens un reformatage complet du disque dur arriver...
Je tente une copie du log HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 17:50:35, on 25/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\RunServicesOnce: [Antivir] "C:\Program Files\Antivir PersonalEdition Premium\avgnt.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O17 - HKLM\System\CS1\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O17 - HKLM\System\CS2\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O17 - HKLM\System\CS3\Services\Tcpip\..\{54B9C86D-1BA7-4415-AAAA-E8E759C28DF5}: NameServer =,
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Merci de votre aide car je ne sais plus quoi faire !
Messages postés
Date d'inscription
dimanche 13 novembre 2005
Dernière intervention
17 février 2023
1 430
25 juil. 2006 à 23:35
25 juil. 2006 à 23:35
Peux tu nous scanner ce fichier (en gras) :
avec ceci :
cliques sur "parcourir" va recherche le fichier en question et ensuite cliques sur "submit" et colle nous le rapport qu'il te génére.STP
Peux tu nous scanner ce fichier (en gras) :
avec ceci :
cliques sur "parcourir" va recherche le fichier en question et ensuite cliques sur "submit" et colle nous le rapport qu'il te génére.STP
Messages postés
Date d'inscription
dimanche 13 novembre 2005
Dernière intervention
17 février 2023
25 juil. 2006 à 23:57
25 juil. 2006 à 23:57
Bien volontier, mais avec quel produit ?
Sur le site virusscan.jotti.org il y a : AntiVir, ArCABIT, avast, AVG Anti-Virus, bit defender, Clam AV, Dr Web, F-Prot, FORTIMET, Kaspersky, NoD32, NORMAN, UNA, VirusBuster, et VBA32.
J'ai déja passé sans résultat AntiVir et Kaspersky que j'ai.
Heureusement, pendant ce temps, je regarde un vieux DVD Ben Hur et le passage sur la galère arrive, je me sens moins seul...
Bonne soirée
Sur le site virusscan.jotti.org il y a : AntiVir, ArCABIT, avast, AVG Anti-Virus, bit defender, Clam AV, Dr Web, F-Prot, FORTIMET, Kaspersky, NoD32, NORMAN, UNA, VirusBuster, et VBA32.
J'ai déja passé sans résultat AntiVir et Kaspersky que j'ai.
Heureusement, pendant ce temps, je regarde un vieux DVD Ben Hur et le passage sur la galère arrive, je me sens moins seul...
Bonne soirée
Messages postés
Date d'inscription
dimanche 13 novembre 2005
Dernière intervention
17 février 2023
1 430
26 juil. 2006 à 00:04
26 juil. 2006 à 00:04
C'est un multi scan d'antivirus tu auras plusieurs réponses de tous les antivirus de la liste lance et tu verra ca marquera "scanning please wait".Après tu dois avoir un rapport de ce genre :
Service load: 0% 100%
File: wmiprvse.exe
Status: OK
MD5 a6ab150ec1a0ae65dfa2291a47a0ff85
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Found nothing si légitime...
Colle le rapport de ton fichier.
Service load: 0% 100%
File: wmiprvse.exe
Status: OK
MD5 a6ab150ec1a0ae65dfa2291a47a0ff85
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Found nothing si légitime...
Colle le rapport de ton fichier.
Messages postés
Date d'inscription
mardi 27 juin 2006
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
25 juil. 2006 à 23:36
25 juil. 2006 à 23:36
Telecharge ceci
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
Telecharge ceci
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
Aussi incroyable que cela paraisse, il m'a fallu 30 mn pour ouvrir WINDOWS/system32 et constater l'existence de wmiprvse.exe !!!
Quand au script que j'ai téléchargé à partir du Mac (je n'ai pas accès à internet sur le PC) et passé par USBCard : pas terrible !
Ligne 4340
Caract 3
Erreur Argument ou appel de procédure incorrect
Code 800A0005
Source Erreur d'execution Microsoft VBScript
Quand au script que j'ai téléchargé à partir du Mac (je n'ai pas accès à internet sur le PC) et passé par USBCard : pas terrible !
Ligne 4340
Caract 3
Erreur Argument ou appel de procédure incorrect
Code 800A0005
Source Erreur d'execution Microsoft VBScript
Bon, la suite
J'ai finalement pu lancer ce scan en mode sans échec avec réseau (donc sans firewall ni antivirus) car impossible de démarrer IE, au bout d'une heure d'attente toujours rien. Impossible de lancer le gestionnaire d'application, tout est bloqué.
Voila le résultat :
File: wmiprvse.exe
Status: OK
MD5 db493dd6bc2fa5b38811f2bcdcf03d2b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Rien n'est détecté, et pourtant en relançant un scan avec ewido (mode sans échec normal) il retrouve bien le trojen toujours à la même place.
Merci de votre aide
Je reprendrai ses investigations demain
J'ai finalement pu lancer ce scan en mode sans échec avec réseau (donc sans firewall ni antivirus) car impossible de démarrer IE, au bout d'une heure d'attente toujours rien. Impossible de lancer le gestionnaire d'application, tout est bloqué.
Voila le résultat :
File: wmiprvse.exe
Status: OK
MD5 db493dd6bc2fa5b38811f2bcdcf03d2b
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Rien n'est détecté, et pourtant en relançant un scan avec ewido (mode sans échec normal) il retrouve bien le trojen toujours à la même place.
Merci de votre aide
Je reprendrai ses investigations demain
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Dernier multi-scan avant quelques heures de sommeil :
Last file scanned at least one scanner reported something about: rk.exe, detected by:
Scanner Malware name
AntiVir Heuristic/Trojan.Keylogger
ArcaVir X
Avast Win32:Trojan-gen. {Other}
AVG Antivirus Generic.GQH
BitDefender X
ClamAV X
Dr.Web Program.ProxyOSS
F-Prot Antivirus X
Fortinet OSS
Kaspersky Anti-Virus not-a-virus:AdWare.Win32.RK.a
NOD32 Win32/Adware.RK application
Norman Virus Control W32/RK.C
UNA Adware.RK
VirusBuster Adware.RK.A
VBA32 AdWare.RK.a
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Bonne nuit
Last file scanned at least one scanner reported something about: rk.exe, detected by:
Scanner Malware name
AntiVir Heuristic/Trojan.Keylogger
ArcaVir X
Avast Win32:Trojan-gen. {Other}
AVG Antivirus Generic.GQH
BitDefender X
ClamAV X
Dr.Web Program.ProxyOSS
F-Prot Antivirus X
Fortinet OSS
Kaspersky Anti-Virus not-a-virus:AdWare.Win32.RK.a
NOD32 Win32/Adware.RK application
Norman Virus Control W32/RK.C
UNA Adware.RK
VirusBuster Adware.RK.A
VBA32 AdWare.RK.a
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Bonne nuit
Messages postés
Date d'inscription
mardi 27 juin 2006
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
26 juil. 2006 à 10:17
26 juil. 2006 à 10:17
Tu peux faire ceci stp?
< 7 > - Infection par Trojan.Ransom.a
Ajouté par Regis59 (25/07/2006 à 23:36 GMT+2)
Telecharge ceci
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
Tu peux faire ceci stp?
< 7 > - Infection par Trojan.Ransom.a
Ajouté par Regis59 (25/07/2006 à 23:36 GMT+2)
Telecharge ceci
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera
Voila, c'est fait :
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
-> {HKLM...CLSID} = "URLDetector Class"
\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icÙne HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a≤ Context Menu Shell Extension"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Voila, c'est fait :
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
-> {HKLM...CLSID} = "URLDetector Class"
\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icÙne HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a≤ Context Menu Shell Extension"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Messages postés
Date d'inscription
mardi 27 juin 2006
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
26 juil. 2006 à 12:32
26 juil. 2006 à 12:32
Y'a un probleme.
C'est quoi ton antivirus? Antivir?
Verifie que le rapport que tu m as mis et le meme que celui que tu as généré.
On dirait que le rapport a été effacé a certains endroits...
C'est quoi ton antivirus? Antivir?
Verifie que le rapport que tu m as mis et le meme que celui que tu as généré.
On dirait que le rapport a été effacé a certains endroits...
Oui, mon antivirus est AntiVir. Pour le rapport, le revoila tel quel (peut-être le problème vient du transfert PC -> Mac du fichier texte (CR+LF) ou des accents)
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
-> {HKLM...CLSID} = "URLDetector Class"
\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icÙne HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a≤ Context Menu Shell Extension"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Oui, mon antivirus est AntiVir. Pour le rapport, le revoila tel quel (peut-être le problème vient du transfert PC -> Mac du fichier texte (CR+LF) ou des accents)
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
-> {HKLM...CLSID} = "URLDetector Class"
\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icÙne HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a≤ Context Menu Shell Extension"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
Messages postés
Date d'inscription
mardi 27 juin 2006
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
26 juil. 2006 à 17:19
26 juil. 2006 à 17:19
copie colle le sur word !
Et dis moi si tu as plus de choses a ce niveau:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
copie colle le sur word !
Et dis moi si tu as plus de choses a ce niveau:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
J'ai fait un copier/coller sous Word puis un copier/coller de Word à ici
Non rien de plus sur Spyware Doctor.
J'ai remarqué qu'en démarrant en mode sans échec avec prise en compte réseau :
- tout semble se dérouler normalement
- je peux installer Kerio
- je ne peux pas démarrer AntiVir (status unknow)
Voila le rapport :
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
-> {HKLM...CLSID} = "URLDetector Class"\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icÙne HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a≤ Context Menu Shell Extension"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
J'ai aussi re-téléchargé Silent Runner et refait l'exec (sur le PC mode sans échec + réseau) il génère bien le rapport, mais il y atoujours cette erreur de script :
Script : C:\Documents and Settings\François\Bureau\Silent Runners.vbs
Ligne : 4340
Caract. : 3
Erreur : Argument ou appel de procédure incorrect
Code : 800A0005
Source : Erreur d'exécution Microsoft VBScript
Si ça peut t'être utile.
Merci de ton aide.
J'ai fait un copier/coller sous Word puis un copier/coller de Word à ici
Non rien de plus sur Spyware Doctor.
J'ai remarqué qu'en démarrant en mode sans échec avec prise en compte réseau :
- tout semble se dérouler normalement
- je peux installer Kerio
- je ne peux pas démarrer AntiVir (status unknow)
Voila le rapport :
"Silent Runners.vbs", revision 46, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Spyware Doctor" = "C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q" ["PC Tools Research Pty Ltd"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{55EA1964-F5E4-4D6A-B9B2-125B37655FCB}\(Default) = "Malicious Scripts Scanner"
-> {HKLM...CLSID} = "URLDetector Class"\InProcServer32\(Default) = "C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll" ["Prevx Ltd."]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Site Guard"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll" ["PC Tools"]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
{B56A7D7D-6927-48C8-A975-17DF180C71AC}\(Default) = (no title provided)
-> {HKLM...CLSID} = "PCTools Browser Monitor"
\InProcServer32\(Default) = "C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll" ["PC Tools"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icÙne HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {HKLM...CLSID} = "DriveLetterAccess"
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" ["Sonic Solutions"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Web Anti-Virus"
-> {HKLM...CLSID} = "Web Anti-Virus"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]
"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}" = "a≤ Context Menu Shell Extension"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! WgaLogon\DLLName = "WgaLogon.dll" [MS]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
a2ContMenu\(Default) = "{AB77609F-2178-4E6F-9C4B-44AC179D937A}"
-> {HKLM...CLSID} = "a≤ Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL" [null data]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Anti-Virus 6.0\shellex.dll" ["Kaspersky Lab"]
Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"
-> {HKLM...CLSID} = "Shell Extension for Malware scanning"
\InProcServer32\(Default) = "C:\Program Files\AntiVir PersonalEdition Premium\shlext.dll" ["H+BEDV Datentechnik GmbH"]
UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"
-> {HKLM...CLSID} = "UnlockerShellExtension"
\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
Active Desktop is disabled at this entry:
Enabled Screen Saver:
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]
J'ai aussi re-téléchargé Silent Runner et refait l'exec (sur le PC mode sans échec + réseau) il génère bien le rapport, mais il y atoujours cette erreur de script :
Script : C:\Documents and Settings\François\Bureau\Silent Runners.vbs
Ligne : 4340
Caract. : 3
Erreur : Argument ou appel de procédure incorrect
Code : 800A0005
Source : Erreur d'exécution Microsoft VBScript
Si ça peut t'être utile.
Merci de ton aide.
Messages postés
Date d'inscription
mardi 27 juin 2006
Contributeur sécurité
Dernière intervention
22 juin 2016
1 321
26 juil. 2006 à 21:13
26 juil. 2006 à 21:13
Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
et sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse
Voila qui est fait, fsbl-20060726195113.log :
07/26/06 21:51:13 [Info]: BlackLight Engine 1.0.42 initialized
07/26/06 21:51:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/26/06 21:51:14 [Note]: 7019 4
07/26/06 21:51:14 [Note]: 7005 0
07/26/06 21:51:45 [Note]: 7006 0
07/26/06 21:51:45 [Note]: 7011 2912
07/26/06 21:51:45 [Note]: 7026 0
07/26/06 21:51:45 [Note]: 7026 0
07/26/06 21:51:49 [Note]: FSRAW library version 1.7.1019
PS j'ai résolu le pb du transfert avec BBEdit (option fichier DOS)
07/26/06 21:51:13 [Info]: BlackLight Engine 1.0.42 initialized
07/26/06 21:51:13 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/26/06 21:51:14 [Note]: 7019 4
07/26/06 21:51:14 [Note]: 7005 0
07/26/06 21:51:45 [Note]: 7006 0
07/26/06 21:51:45 [Note]: 7011 2912
07/26/06 21:51:45 [Note]: 7026 0
07/26/06 21:51:45 [Note]: 7026 0
07/26/06 21:51:49 [Note]: FSRAW library version 1.7.1019
PS j'ai résolu le pb du transfert avec BBEdit (option fichier DOS)
Messages postés
Date d'inscription
vendredi 28 octobre 2005
Dernière intervention
17 août 2008
27 juil. 2006 à 09:28
27 juil. 2006 à 09:28
Télécharge ceci: (by incognito)
Lance ransom.bat
Le bloc note s'ouvre, copie/colle le rapport.
Télécharge ceci: (by incognito)
Lance ransom.bat
Le bloc note s'ouvre, copie/colle le rapport.
J'ai également été infecté par un trojan ransom. Sache qu'il existe plusieurs solutions:
1-)Kaspersky a mis en téléchargement un utilitaire spécial pour contrer ce trojan.
2-)Marche si le ransom n'est pas terrible. Démarre windows en mode sans échec fait des scans avec les logiciels suivants:
-Malwarebites Anti-malware : http://www.commentcamarche.net/download/telecharger-34055379-malwarebytes-anti-malware-free .
-Norton Power Eraser avec détections des rootkits.
3-)Si c'est un bon ransom, booter votre ordinateur sur des cd d'antivirus. Attention il faut paramétrer le BIOS pour qu'il boote sur le cd. Pour utiliser ces cd, il suffit de graver l'image ISO sur un CD à l'aide d'un logiciel de gravure, quelques exemples de live cd:
Mon préféré, celui d'avira
http://www.commentcamarche.net/download/telecharger-34066707-avira-antivir-rescue-system .
Bit defender (dsl je ne l'ai pas trouvé sur ccm)
Celui de kaspersky
Celui de Dr.Web
Voila, ca devrait suffir.
Bonne journée.
Ceux qui ne savent pas apprennent, ceux qui savent enseignent.
J'ai également été infecté par un trojan ransom. Sache qu'il existe plusieurs solutions:
1-)Kaspersky a mis en téléchargement un utilitaire spécial pour contrer ce trojan.
2-)Marche si le ransom n'est pas terrible. Démarre windows en mode sans échec fait des scans avec les logiciels suivants:
-Malwarebites Anti-malware : http://www.commentcamarche.net/download/telecharger-34055379-malwarebytes-anti-malware-free .
-Norton Power Eraser avec détections des rootkits.
3-)Si c'est un bon ransom, booter votre ordinateur sur des cd d'antivirus. Attention il faut paramétrer le BIOS pour qu'il boote sur le cd. Pour utiliser ces cd, il suffit de graver l'image ISO sur un CD à l'aide d'un logiciel de gravure, quelques exemples de live cd:
Mon préféré, celui d'avira
http://www.commentcamarche.net/download/telecharger-34066707-avira-antivir-rescue-system .
Bit defender (dsl je ne l'ai pas trouvé sur ccm)
Celui de kaspersky
Celui de Dr.Web
Voila, ca devrait suffir.
Bonne journée.
Ceux qui ne savent pas apprennent, ceux qui savent enseignent.