Sujet Précédent Sujet Suivant

Antivirus desactivé par virus??

Fermé
terrienne3 Messages postés 2 Date d'inscription jeudi 13 octobre 2011 Statut Membre Dernière intervention 16 octobre 2011 - 13 oct. 2011 à 23:04
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 16 oct. 2011 à 22:41
Bonjour,


Depuis quelques jours je suis dans l'impossibilité de mettre à jour Antivir, et Antivir guard est désactivé (impossible de le réactiver), de plus sur internet dès que je clique sur un lien pour aller vers une analyse antivirus en ligne un message d'erreur d'impossibilité de se connecter s'affiche...
Je n'arrive pas non plus à allumer mon ordinateur en mode sans echec...
Je commence à douter sérieusement d'une infection par un virus meme si je ne suis pas une experte dans ce domaine et que l'analyse d'Antivir ne m'en indique aucun (mais le virus ne peut-il pas se cacher d'antivir???)

Auriez-vous des indications à me donner sur ce que je peux faire seule pour résoudre ce pb ou dois-je aller voir un spécialiste?? (qui me demandera certainement plus cher que ce que ne vaut mon ordi vu son age......)
Merci de vos réponses,
Julie

A voir également:

4 réponses

Réponse 1 / 4
terrienne3
13 oct. 2011 à 23:31
j'ai téléchargé TorjanRemover, effectué l'analyse et re-démarré mon ordinateur mais les problemes persistent toujours...
0
Réponse 2 / 4
terrienne3 Messages postés 2 Date d'inscription jeudi 13 octobre 2011 Statut Membre Dernière intervention 16 octobre 2011
16 oct. 2011 à 22:33
voici le rapport de trojan remover, si quelqu'un peut m'aider pour la procédure ç suivre...merci par avance.

***** THE SYSTEM HAS BEEN RESTARTED *****
16/10/2011 22:24:57: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[KfgIihqk] - deleted
=======================================================
16/10/2011 22:24:57: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2600. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 22:19:37 16 oct. 2011
Using Database v7776
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Propriétaire\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
22:19:37: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
22:19:39: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
File: [blank entry found]
File: C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe
-S- 113875 bytes
Modified: 16/10/2011 22:08
Company: [no info]
File appears to be hidden using rootkit techniques
C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe - process is either not running or could not be terminated
C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe - file renamed to: C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe.vir
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: High Definition Audio Property Page Shortcut
Value Data: HDAShCut.exe
C:\WINDOWS\system32\HDAShCut.exe
61952 bytes
Created: 27/10/2004 15:21
Modified: 27/10/2004 15:21
Company: Windows (R) Server 2003 DDK provider
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
90112 bytes
Created: 27/05/2008 10:48
Modified: 21/06/2005 15:09
Company: Realtek Semiconductor Corp.
--------------------
Value Name: AlcWzrd
Value Data: ALCWZRD.EXE
C:\WINDOWS\ALCWZRD.EXE
2806272 bytes
Created: 27/05/2008 10:48
Modified: 13/07/2005 15:47
Company: RealTek Semicoductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 27/05/2008 10:48
Modified: 03/05/2005 18:43
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
708697 bytes
Created: 27/05/2008 10:53
Modified: 15/04/2005 08:48
Company: Synaptics, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 27/05/2008 11:53
Modified: 09/07/2001 10:50
Company: Ahead Software Gmbh
--------------------
Value Name: VX1000
Value Data: C:\WINDOWS\vVX1000.exe
C:\WINDOWS\vVX1000.exe
707376 bytes
Created: 30/06/2006 01:42
Modified: 13/10/2006 18:04
Company: Microsoft Corporation
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
281768 bytes
Created: 10/04/2010 11:02
Modified: 17/08/2010 14:38
Company: Avira GmbH
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
37296 bytes
Created: 08/06/2011 06:02
Modified: 08/06/2011 06:02
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
937920 bytes
Created: 30/03/2011 06:59
Modified: 30/03/2011 06:59
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233856 bytes
Created: 13/10/2011 23:10
Modified: 18/05/2011 18:32
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
Value Name: RocketDock
Value Data: "C:\Program Files\RocketDock\RocketDock.exe"
C:\Program Files\RocketDock\RocketDock.exe
495616 bytes
Created: 30/05/2008 19:47
Modified: 02/09/2007 13:58
Company: [no info]
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - [file not found to scan]
--------------------
Value Name: swg
Value Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 30/05/2008 17:57
Modified: 30/05/2008 17:57
Company: Google Inc.
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 27/05/2008 10:16
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
Value Name: KfgIihqk
Value Data: C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cyovxehw\kfgiihqk.exe - this registry entry has been removed [file already renamed]
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
22:20:31: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
22:20:31: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
22:20:31: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
22:20:31: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
22:20:32: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
22:20:34: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 05/08/2004 14:00
Modified: 13/04/2008 20:40
Company: Microsoft Corporation
----------
Key: gupdate1ca16c5dd002ca8
ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
----------
Key: gupdatem
ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 27/10/2004 15:21
Modified: 27/10/2004 15:21
Company: Windows (R) Server 2003 DDK provider
----------
Key: Micorsoft Windows Service
ImagePath: \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\rteplemw.sys
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\rteplemw.sys - [file not found to scan]
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
207664 bytes
Created: 13/10/2006 18:01
Modified: 13/10/2006 18:01
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
441712 bytes
Created: 04/11/2008 02:06
Modified: 04/11/2008 02:06
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006 15:03
Modified: 26/10/2006 15:03
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS - [file not found to scan]
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtlnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
74496 bytes
Created: 27/05/2008 10:52
Modified: 04/03/2005 11:10
Company: Realtek Semiconductor Corporation
----------
Key: sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\WINDOWS\System32\drivers\sfdrv01.sys
48640 bytes
Created: 03/03/2005 19:53
Modified: 03/03/2005 19:53
Company: Protection Technology
----------
Key: sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\WINDOWS\System32\drivers\sfhlp02.sys
6656 bytes
Created: 23/02/2005 17:59
Modified: 23/02/2005 17:59
Company: Protection Technology
----------
Key: sfsync02
ImagePath: System32\drivers\sfsync02.sys
C:\WINDOWS\System32\drivers\sfsync02.sys
20544 bytes
Created: 03/12/2004 12:20
Modified: 03/12/2004 12:20
Company: Protection Technology
----------
Key: smserial
ImagePath: system32\DRIVERS\smserial.sys
C:\WINDOWS\system32\DRIVERS\smserial.sys - [file not found to scan]
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{32B14EFE-6B16-4D5E-96B8-C0FDA575DB1C}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
189664 bytes
Created: 27/05/2008 10:53
Modified: 15/04/2005 08:36
Company: Synaptics, Inc.
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\WINDOWS\system32\DRIVERS\VX1000.sys
1966000 bytes
Created: 30/06/2006 01:42
Modified: 13/10/2006 18:04
Company: Microsoft Corporation
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
3298432 bytes
Created: 30/05/2008 16:12
Modified: 30/05/2008 16:12
Company: Intel® Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20:00
Modified: 18/10/2006 20:00
Company: Microsoft Corporation
----------

************************************************************
22:20:48: Scanning -----VXD ENTRIES-----

************************************************************
22:20:48: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
22:20:48: Scanning ----- CONTEXTMENUHANDLERS -----

************************************************************
22:20:48: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - [file not found to scan]
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
378264 bytes
Created: 22/09/2010 19:12
Modified: 22/09/2010 19:12
Company: Adobe Systems, Inc.
----------

************************************************************
22:20:49: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {2E03C0FD-4C48-43A7-9A54-00240C70FF16}
BHO: C:\WINDOWS\system32\BhoECart.dll
C:\WINDOWS\system32\BhoECart.dll
139264 bytes
Created: 31/10/2003 15:15
Modified: 31/10/2003 15:15
Company: Orbiscom Ltd. All rights reserved.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
842296 bytes
Created: 06/10/2010 19:27
Modified: 06/10/2010 19:27
Company: Google Inc.
----------

************************************************************
22:20:49: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
22:20:50: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
22:20:50: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
22:20:50: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
22:20:50: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
22:20:51: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 27/05/2008 12:04
Modified: 27/05/2008 10:21
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
22:20:51: Scanning ----- SCHEDULED TASKS -----
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
194104 bytes
Created: 30/05/2008 17:57
Modified: 07/09/2011 19:32
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 16/10/2011 22:33:00
Status: Ready
Creator: SYSTEM
Comments: Le programme de mise à jour Google permet de maintenir votre logiciel Google à jour. Si ce programme de mise à jour est désactivé ou arrêté, votre logiciel Google ne sera pas mis à jour et présentera des failles de sécurité qui ne pourront pas être résolues. Certaines fonctionnalités peuvent être endommagées.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 17/10/2011 19:40:00
Status: Ready
Creator: SYSTEM
Comments: Permet de maintenir votre logiciel Google à jour. Si cette tâche est désactivée ou interrompue, votre logiciel Google ne sera plus mis à jour. Toute faille de sécurité susceptible d'apparaître ne pourrait alors pas être réparée et certaines fonctionnalités pourraient être endommagées. Cette tâche se désinstalle automatiquement lorsque aucun logiciel Google ne l'utilise.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Chaque 1 heure(s) à partir de 19:40 pendant 24 heure(s) tous les jours, début : 26/09/2011
Next Run Time: 16/10/2011 22:40:00
Status: Ready
Creator: SYSTEM
Comments: Permet de maintenir votre logiciel Google à jour. Si cette tâche est désactivée ou interrompue, votre logiciel Google ne sera plus mis à jour. Toute faille de sécurité susceptible d'apparaître ne pourrait alors pas être réparée et certaines fonctionnalités pourraient être endommagées. Cette tâche se désinstalle automatiquement lorsque aucun logiciel Google ne l'utilise.
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-1123561945-2077806209-725345543-1003
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: Propriétaire
Comments:
C:\Program Files\Real\RealUpgrade\realupgrade.exe - [file not found to scan]
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-1123561945-2077806209-725345543-1003
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
Parameters: /scheduledcheck
Schedule: à 19:06 tous les 7 jours, début : 10/10/2011
Next Run Time: 17/10/2011 19:06:00
Status: Has not run
Creator: Propriétaire
Comments:
C:\Program Files\Real\RealUpgrade\realupgrade.exe - [file not found to scan]
----------

************************************************************
22:20:51: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
22:20:52: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.VP60
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll
-R- 445504 bytes
Created: 27/08/2008 18:56
Modified: 13/03/2008 03:10
Company: On2.com
----------
Value: vidc.VP61
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll - file already scanned
----------

************************************************************
22:20:53: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
9437238 bytes
Created: 23/08/2010 20:43
Modified: 23/06/2011 23:39
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
9437238 bytes
Created: 23/08/2010 20:43
Modified: 23/06/2011 23:39
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
22:20:56: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
[11 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[66 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 05/08/2004 14:00
Modified: 09/02/2009 13:23
Company: Microsoft Corporation
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
364544 bytes
Created: 28/04/2005 22:31
Modified: 28/04/2005 22:31
Company: ATI Technologies Inc.
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[52 loaded modules in total]
--------------------
[37 loaded modules in total]
--------------------
[156 loaded modules in total]
--------------------
[29 loaded modules in total]
--------------------
[31 loaded modules in total]
--------------------
[36 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 05/08/2004 14:00
Modified: 17/08/2010 15:17
Company: Microsoft Corporation
[55 loaded modules in total]
--------------------
C:\Program Files\Avira\AntiVir Desktop\sched.exe
136360 bytes
Created: 10/04/2010 11:02
Modified: 27/04/2011 18:01
Company: Avira GmbH
[44 loaded modules in total]
--------------------
[23 loaded modules in total]
[100 loaded modules in total]
[28 loaded modules in total]
[33 loaded modules in total]
[32 loaded modules in total]
[19 loaded modules in total]
[37 loaded modules in total]
[24 loaded modules in total]
[25 loaded modules in total]
[22 loaded modules in total]
[40 loaded modules in total]
[24 loaded modules in total]
[29 loaded modules in total]
[53 loaded modules in total]
[40 loaded modules in total]
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[19 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
[32 loaded modules in total]
--------------------
C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software\Trojan Remover\ixk14.exe
FileSize: 4740016
[This is a Trojan Remover component]
[27 loaded modules in total]
--------------------

************************************************************
22:22:10: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
22:22:10: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\fla25.tmp - scanning skipped, too large
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\flaE7.tmp - scanning skipped, too large
************************************************************
22:22:33: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
22:22:44: Scanning ------ ROOT DIRECTORY ------

************************************************************
22:22:45: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.quebles.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 22:22:45 16 oct. 2011
Total Scan time: 00:03:07
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
16/10/2011 22:22:54: restart commenced
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
16/10/2011 20:29:08: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[KfgIihqk] - deleted
=======================================================
16/10/2011 20:29:08: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2600. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 23:33:51 13 oct. 2011
Using Database v7776
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\Propriétaire\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
23:33:51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
23:33:52: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,,,,C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
File: [blank entry found]
File: [blank entry found]
File: [blank entry found]
File: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe
113875 bytes
Modified: 13/10/2011 23:16
Company: [no info]
File appears to be hidden using rootkit techniques
Previously renamed file C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe.vir has been deleted
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe - process is either not running or could not be terminated
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe - file renamed to: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe.vir
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: High Definition Audio Property Page Shortcut
Value Data: HDAShCut.exe
C:\WINDOWS\system32\HDAShCut.exe
61952 bytes
Created: 27/10/2004 15:21
Modified: 27/10/2004 15:21
Company: Windows (R) Server 2003 DDK provider
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
90112 bytes
Created: 27/05/2008 10:48
Modified: 21/06/2005 15:09
Company: Realtek Semiconductor Corp.
--------------------
Value Name: AlcWzrd
Value Data: ALCWZRD.EXE
C:\WINDOWS\ALCWZRD.EXE
2806272 bytes
Created: 27/05/2008 10:48
Modified: 13/07/2005 15:47
Company: RealTek Semicoductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 27/05/2008 10:48
Modified: 03/05/2005 18:43
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
708697 bytes
Created: 27/05/2008 10:53
Modified: 15/04/2005 08:48
Company: Synaptics, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 27/05/2008 11:53
Modified: 09/07/2001 10:50
Company: Ahead Software Gmbh
--------------------
Value Name: VX1000
Value Data: C:\WINDOWS\vVX1000.exe
C:\WINDOWS\vVX1000.exe
707376 bytes
Created: 30/06/2006 01:42
Modified: 13/10/2006 18:04
Company: Microsoft Corporation
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
281768 bytes
Created: 10/04/2010 11:02
Modified: 17/08/2010 14:38
Company: Avira GmbH
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
37296 bytes
Created: 08/06/2011 06:02
Modified: 08/06/2011 06:02
Company: Adobe Systems Incorporated
--------------------
Value Name: Adobe ARM
Value Data: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
937920 bytes
Created: 30/03/2011 06:59
Modified: 30/03/2011 06:59
Company: Adobe Systems Incorporated
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1233856 bytes
Created: 13/10/2011 23:10
Modified: 18/05/2011 18:32
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
--------------------
Value Name: RocketDock
Value Data: "C:\Program Files\RocketDock\RocketDock.exe"
C:\Program Files\RocketDock\RocketDock.exe
495616 bytes
Created: 30/05/2008 19:47
Modified: 02/09/2007 13:58
Company: [no info]
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - [file not found to scan]
--------------------
Value Name: swg
Value Data: "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 30/05/2008 17:57
Modified: 30/05/2008 17:57
Company: Google Inc.
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1695232 bytes
Created: 27/05/2008 10:16
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
--------------------
Value Name: KfgIihqk
Value Data: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\cyovxehw\kfgiihqk.exe - this registry entry has been removed [file already renamed]
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
23:37:20: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
23:37:21: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
23:37:21: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
23:37:21: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
23:37:21: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
23:37:23: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 05/08/2004 14:00
Modified: 13/04/2008 20:40
Company: Microsoft Corporation
----------
Key: gupdate1ca16c5dd002ca8
ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
----------
Key: gupdatem
ImagePath: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 27/10/2004 15:21
Modified: 27/10/2004 15:21
Company: Windows (R) Server 2003 DDK provider
----------
Key: Micorsoft Windows Service
ImagePath: \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\rteplemw.sys
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\rteplemw.sys - [file not found to scan]
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
207664 bytes
Created: 13/10/2006 18:01
Modified: 13/10/2006 18:01
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
441712 bytes
Created: 04/11/2008 02:06
Modified: 04/11/2008 02:06
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006 15:03
Modified: 26/10/2006 15:03
Company: Microsoft Corporation
----------
Key: PCAMPR5
ImagePath: \??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS - [file not found to scan]
----------
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtlnicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
74496 bytes
Created: 27/05/2008 10:52
Modified: 04/03/2005 11:10
Company: Realtek Semiconductor Corporation
----------
Key: sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\WINDOWS\System32\drivers\sfdrv01.sys
48640 bytes
Created: 03/03/2005 19:53
Modified: 03/03/2005 19:53
Company: Protection Technology
----------
Key: sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\WINDOWS\System32\drivers\sfhlp02.sys
6656 bytes
Created: 23/02/2005 17:59
Modified: 23/02/2005 17:59
Company: Protection Technology
----------
Key: sfsync02
ImagePath: System32\drivers\sfsync02.sys
C:\WINDOWS\System32\drivers\sfsync02.sys
20544 bytes
Created: 03/12/2004 12:20
Modified: 03/12/2004 12:20
Company: Protection Technology
----------
Key: smserial
ImagePath: system32\DRIVERS\smserial.sys
C:\WINDOWS\system32\DRIVERS\smserial.sys - [file not found to scan]
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{32B14EFE-6B16-4D5E-96B8-C0FDA575DB1C}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\WINDOWS\system32\DRIVERS\SynTP.sys
189664 bytes
Created: 27/05/2008 10:53
Modified: 15/04/2005 08:36
Company: Synaptics, Inc.
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\WINDOWS\system32\DRIVERS\VX1000.sys
1966000 bytes
Created: 30/06/2006 01:42
Modified: 13/10/2006 18:04
Company: Microsoft Corporation
----------
Key: w29n51
ImagePath: system32\DRIVERS\w29n51.sys
C:\WINDOWS\system32\DRIVERS\w29n51.sys
3298432 bytes
Created: 30/05/2008 16:12
Modified: 30/05/2008 16:12
Company: Intel® Corporation
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 18/10/2006 20:00
Modified: 18/10/2006 20:00
Company: Microsoft Corporation
----------

************************************************************
23:37:34: Scanning -----VXD ENTRIES-----

************************************************************
23:37:34: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
23:37:35: Scanning ----- CONTEXTMENUHANDLERS -----

************************************************************
23:37:35: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - [file not found to scan]
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
378264 bytes
Created: 22/09/2010 19:12
Modified: 22/09/2010 19:12
Company: Adobe Systems, Inc.
----------

************************************************************
23:37:35: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {2E03C0FD-4C48-43A7-9A54-00240C70FF16}
BHO: C:\WINDOWS\system32\BhoECart.dll
C:\WINDOWS\system32\BhoECart.dll
139264 bytes
Created: 31/10/2003 15:15
Modified: 31/10/2003 15:15
Company: Orbiscom Ltd. All rights reserved.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
842296 bytes
Created: 06/10/2010 19:27
Modified: 06/10/2010 19:27
Company: Google Inc.
----------

************************************************************
23:37:37: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
23:37:37: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
23:37:37: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
23:37:37: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
23:37:38: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
23:37:38: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 27/05/2008 12:04
Modified: 27/05/2008 10:21
Company: [no info]
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
23:37:39: Scanning ----- SCHEDULED TASKS -----
Taskname: Google Software Updater
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
194104 bytes
Created: 30/05/2008 17:57
Modified: 07/09/2011 19:32
Company: Google
Parameters: scheduled_start
Schedule: Multiple schedule times
Next Run Time: 13/10/2011 23:53:00
Status: Ready
Creator: SYSTEM
Comments: Le programme de mise à jour Google permet de maintenir votre logiciel Google à jour. Si ce programme de mise à jour est désactivé ou arrêté, votre logiciel Google ne sera pas mis à jour et présentera des failles de sécurité qui ne pourront pas être résolues. Certaines fonctionnalités peuvent être endommagées.
----------
Taskname: GoogleUpdateTaskMachineCore
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
Parameters: /c
Schedule: Multiple schedule times
Next Run Time: 14/10/2011 19:40:00
Status: Ready
Creator: SYSTEM
Comments: Permet de maintenir votre logiciel Google à jour. Si cette tâche est désactivée ou interrompue, votre logiciel Google ne sera plus mis à jour. Toute faille de sécurité susceptible d'apparaître ne pourrait alors pas être réparée et certaines fonctionnalités pourraient être endommagées. Cette tâche se désinstalle automatiquement lorsque aucun logiciel Google ne l'utilise.
----------
Taskname: GoogleUpdateTaskMachineUA
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 06/08/2009 20:43
Modified: 06/08/2009 20:43
Company: Google Inc.
Parameters: /ua /installsource scheduler
Schedule: Chaque 1 heure(s) à partir de 19:40 pendant 24 heure(s) tous les jours, début : 26/09/2011
Next Run Time: 13/10/2011 23:40:00
Status: Ready
Creator: SYSTEM
Comments: Permet de maintenir votre logiciel Google à jour. Si cette tâche est désactivée ou interrompue, votre logiciel Google ne sera plus mis à jour. Toute faille de sécurité susceptible d'apparaître ne pourrait alors pas être réparée et certaines fonctionnalités pourraient être endommagées. Cette tâche se désinstalle automatiquement lorsque aucun logiciel Google ne l'utilise.
----------
Taskname: RealUpgradeLogonTaskS-1-5-21-1123561945-2077806209-725345543-1003
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
Parameters: /logoncheck
Schedule: Démarrer à l'ouverture de session
Next Run Time:
Status: Ready
Creator: Propriétaire
Comments:
C:\Program Files\Real\RealUpgrade\realupgrade.exe - [file not found to scan]
----------
Taskname: RealUpgradeScheduledTaskS-1-5-21-1123561945-2077806209-725345543-1003
File: C:\Program Files\Real\RealUpgrade\realupgrade.exe
Parameters: /scheduledcheck
Schedule: à 19:06 tous les 7 jours, début : 10/10/2011
Next Run Time: 17/10/2011 19:06:00
Status: Has not run
Creator: Propriétaire
Comments:
C:\Program Files\Real\RealUpgrade\realupgrade.exe - [file not found to scan]
----------

************************************************************
23:37:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
23:37:39: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.VP60
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll
-R- 445504 bytes
Created: 27/08/2008 18:56
Modified: 13/03/2008 03:10
Company: On2.com
----------
Value: vidc.VP61
File: C:\WINDOWS\system32\vp6vfw.dll
C:\WINDOWS\system32\vp6vfw.dll - file already scanned
----------

************************************************************
23:37:42: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
9437238 bytes
Created: 23/08/2010 20:43
Modified: 23/06/2011 23:39
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
9437238 bytes
Created: 23/08/2010 20:43
Modified: 23/06/2011 23:39
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
23:37:47: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[66 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
111104 bytes
Created: 05/08/2004 14:00
Modified: 09/02/2009 13:23
Company: Microsoft Corporation
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
364544 bytes
Created: 28/04/2005 22:31
Modified: 28/04/2005 22:31
Company: ATI Technologies Inc.
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[52 loaded modules in total]
--------------------
[37 loaded modules in total]
--------------------
[158 loaded modules in total]
--------------------
[29 loaded modules in total]
--------------------
[31 loaded modules in total]
--------------------
[36 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
58880 bytes
Created: 05/08/2004 14:00
Modified: 17/08/2010 15:17
Company: Microsoft Corporation
[55 loaded modules in total]
--------------------
C:\Program Files\Avira\AntiVir Desktop\sched.exe
136360 bytes
Created: 10/04/2010 11:02
Modified: 27/04/2011 18:01
Company: Avira GmbH
[44 loaded modules in total]
--------------------
[23 loaded modules in total]
[28 loaded modules in total]
[103 loaded modules in total]
[33 loaded modules in total]
[32 loaded modules in total]
[19 loaded modules in total]
[38 loaded modules in total]
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:34
Company: Microsoft Corporation
[19 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 05/08/2004 14:00
Modified: 14/04/2008 04:33
Company: Microsoft Corporation
[32 loaded modules in total]
--------------------
[24 loaded modules in total]
[25 loaded modules in total]
[22 loaded modules in total]
[40 loaded modules in total]
[24 loaded modules in total]
[29 loaded modules in total]
[52 loaded modules in total]
[40 loaded modules in total]
C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software\Trojan Remover\cklB.exe
FileSize: 4740016
[This is a Trojan Remover component]
[27 loaded modules in total]
--------------------

************************************************************
23:39:16: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
23:39:17: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\fla25.tmp - scanning skipped, too large
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\flaE7.tmp - scanning skipped, too large
************************************************************
23:39:35: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
23:39:48: Scanning ------ ROOT DIRECTORY ------

************************************************************
23:39:48: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.quebles.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 23:39:48 13 oct. 2011
Total Scan time: 00:05:57
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
The restart has been cancelled, but Trojan Remover has been set to carry out the
operations the next time the system is restarted
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
13/10/2011 23:24:24: Trojan Remover has been restarted
13/10/2011 23:24:24: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.2.2600. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 23
0
Réponse 3 / 4
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
16 oct. 2011 à 22:41
slt je suis un peu occupé mais pour aider:

télécharge malwarebyte antimalware, mets le à jour et colle un rapport d'analyse rapide avec

-

puis


Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


(outil de diagnostic)

Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )

Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.

Rend toi sur Cjoint : http://www.cijoint.fr/

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

ou sinon pour transmettre ton rapport:
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
0
Réponse 4 / 4
:.devil.: Messages postés 138 Date d'inscription jeudi 1 février 2007 Statut Membre Dernière intervention 2 novembre 2011 19
13 oct. 2011 à 23:08
Salut,

Le seule moyen d'écarter tout soupesons d'infection et d'utiliser le logiciel TorjanRemover, il est très efficace. Tenez nous au courant.

Voici le lien de téléchargement du logiciel: https://www.commentcamarche.net/telecharger/securite/22321-trojan-remover/
-1

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Acces à snapchat temporairement désactivé
Anto_1234 -
M2 -

87 réponses