A voir également:
- Impossible d'installer des fichiers exe.
- .Exe - Télécharger - Divers Utilitaires
- Installer chromecast - Guide
- Installer windows 10 sans compte microsoft - Guide
- Installer ccleaner - Télécharger - Nettoyage
- Installer microsoft store - Guide
29 réponses
hisem
Messages postés
8
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
30 septembre 2008
4
29 sept. 2008 à 08:44
29 sept. 2008 à 08:44
t'est infecter par un virus.
telecharge trojan remover d'içi :https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/12884.html au demarage du programme clik sur update pour le metre a jour attend klk second ! puis close ,relance le programem et cette foi tu clik sur continuer pui sur scan a la fin du scan redemare pc
telecharge trojan remover d'içi :https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/12884.html au demarage du programme clik sur update pour le metre a jour attend klk second ! puis close ,relance le programem et cette foi tu clik sur continuer pui sur scan a la fin du scan redemare pc
hisem
Messages postés
8
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
30 septembre 2008
4
29 sept. 2008 à 08:45
29 sept. 2008 à 08:45
mais si ton compte d'utilisateur n'est pas celui d'un admin c'est normale qe tu ne peux pas modofier les programme de ton pc ; )
Satie1
Messages postés
176
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
26 février 2009
11
29 sept. 2008 à 09:21
29 sept. 2008 à 09:21
Je connais un programme qui lance une dizaine d'utilitaires mais limité dans la durée (nombre de jours). Laisse moi un peu de temps et je te donne le lien.... si avec ça tu n'arrive à rien, ça m'étonnerait. J'utilise ce type de programme dans mon métier en qualité de IT Assistant Manager et ça a plus d'une fois porté ses fruits.
Je reviens un peu de patience... le format est la solution de facilité (trop souvent employée) plutôt que de cerner un problème même si pour cela il faut consacrer pas mal de temps !! Sans compter les oublis de sauvegarde et les pertes de données qui peuvent en découler....il ne reste alors que les grincements de dents et les pleurs face à une telle déconvenue....
Si ça t'intéresse fais le moi savoir........
Je reviens un peu de patience... le format est la solution de facilité (trop souvent employée) plutôt que de cerner un problème même si pour cela il faut consacrer pas mal de temps !! Sans compter les oublis de sauvegarde et les pertes de données qui peuvent en découler....il ne reste alors que les grincements de dents et les pleurs face à une telle déconvenue....
Si ça t'intéresse fais le moi savoir........
hisem, ouais, je suis bien l'administrateur de l'ordi. Et puis Trojan Remover ne m'a pas vraiment aidé, il m'a juste sortit des résultats :
***** THE SYSTEM HAS BEEN RESTARTED *****
29/09/2008 03:36:48: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - already removed
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - already removed
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E} - already removed
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} - already removed
=======================================================
29/09/2008 03:36:48: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2545. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 03:33:41 29 sept. 2008
Using Database v7152
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir
************************************************************
************************************************************
03:33:41: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
03:33:41: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
03:33:41: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
03:33:42: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: FLMOFFICE4DMOUSE
Value Data: C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
360448 bytes
Created: 25/09/2008
Modified: 25/09/2008
Company:
--------------------
Value Name: D-Link AirPlus G
Value Data: C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
1228800 bytes
Created: 18/03/2005
Modified: 18/03/2005
Company: D-Link
--------------------
Value Name: ANIWZCS2Service
Value Data: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
49152 bytes
Created: 25/09/2008
Modified: 16/12/2004
Company: Alpha Networks Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 27/09/2008
Modified: 09/07/2001
Company: Ahead Software Gmbh
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 29/09/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
922192 bytes
Created: 29/09/2008
Modified: 20/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1667584 bytes
Created: 25/09/2008
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\Anti Virus\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\Anti Virus\Spybot - Search & Destroy\TeaTimer.exe
1832272 bytes
Created: 27/09/2008
Modified: 18/08/2008
Company: Safer Networking Limited
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
C:\Program Files\MSN Messenger\msnmsgr.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
03:33:45: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
----------
************************************************************
03:33:45: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
03:33:46: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
221696 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
************************************************************
03:33:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
03:33:46: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
03:33:49: Scanning ----- SERVICES REGISTRY KEYS -----
Key: A3AB
ImagePath: System32\DRIVERS\A3AB.sys
C:\WINDOWS\System32\DRIVERS\A3AB.sys
450400 bytes
Created: 22/03/2005
Modified: 22/03/2005
Company: D-Link Corporation
----------
Key: ANIO
ImagePath: \??\C:\WINDOWS\System32\ANIO.SYS
C:\WINDOWS\System32\ANIO.SYS
28205 bytes
Created: 25/09/2008
Modified: 27/07/2004
Company: Alpha Networks Inc.
----------
Key: ANIWZCSdService
ImagePath: C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
49152 bytes
Created: 25/09/2008
Modified: 22/10/2004
Company: Alpha Networks Inc.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 29/09/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
149761 bytes
Created: 29/09/2008
Modified: 07/08/2008
Company: Avira GmbH
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 28/09/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
16056 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
147640 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
250040 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
348344 bytes
Created: 03/05/2007
Modified: 23/07/2008
Company: ALWIL Software
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.sys
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe [file not found to scan]
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [file not found to scan]
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
3968 bytes
Created: 26/09/2008
Modified: 05/09/2006
Company: GRISOFT, s.r.o.
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 29/09/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys [file not found to scan]
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys [file not found to scan]
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 29/09/2008
Modified: 20/05/2008
Company: Avira GmbH
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys [file not found to scan]
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 29/09/2008
Modified: 27/06/2008
Company: Avira GmbH
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
40840 bytes
Created: 29/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 29/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 29/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 15/08/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1079176 bytes
Created: 15/08/2008
Modified: 22/09/2008
Company: PC Tools
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 28/08/2001
Modified: 28/08/2001
Company:
----------
Key: sfman
ImagePath: system32\drivers\sfmanm.sys
C:\WINDOWS\system32\drivers\sfmanm.sys
36480 bytes
Created: 24/09/2008
Modified: 17/08/2001
Company: Creative Technology Ltd.
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 09/04/2007
Modified: 27/09/2008
Company: Crawler.com
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 29/09/2008
Modified: 01/03/2007
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{5F8B4033-3439-462C-9BD1-79CE9DABD2F4}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
************************************************************
03:33:58: Scanning -----VXD ENTRIES-----
************************************************************
03:33:58: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
03:33:58: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
73912 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: AVG Anti-Spyware
CLSID: {8934FCEF-F5B8-468f-951F-78A921CD3920}
Path: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\context.dll
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\context.dll
144944 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 29/09/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 09/04/2007
Modified: 27/09/2008
Company: Crawler.com
----------
************************************************************
03:33:59: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
03:33:59: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
54248 bytes
Created: 03/11/2003
Modified: 03/11/2003
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - this key has been removed [file not found to scan]
C:\Program Files\AVG\AVG8\avgssie.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - this key has been removed
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\DOCUME~1\SIMON~1.SI-\Bureau\ANTIVI~1\SPYBOT~1\SDHelper.dll
C:\DOCUME~1\SIMON~1.SI-\Bureau\ANTIVI~1\SPYBOT~1\SDHelper.dll
1562448 bytes
Created: 27/09/2008
Modified: 14/08/2008
Company: Safer Networking Limited
----------
Key: {A057A204-BACC-4D26-9990-79A187E2698E}
BHO: C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E} - this key has been removed [file not found to scan]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} - this key has been removed
----------
************************************************************
03:34:29: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
281600 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
************************************************************
03:34:30: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
03:34:30: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
03:34:30: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
03:34:30: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
03:34:30: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 24/09/2008
Modified: 25/09/2008
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
03:34:30: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
03:34:30: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
03:34:30: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
1440054 bytes
Created: 25/09/2008
Modified: 25/09/2008
Company:
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Colline verdoyante.bmp
C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
1440054 bytes
Created: 25/09/2008
Modified: 25/09/2008
Company:
----------
Additional checks completed
************************************************************
03:34:31: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.exe - file already scanned
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe - file already scanned
--------------------
C:\Program Files\Browser MOUSE\mouse32a.exe - file already scanned
--------------------
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe - file already scanned
--------------------
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe - file already scanned
--------------------
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\Anti Virus\Spybot - Search & Destroy\TeaTimer.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\WINDOWS\system32\devldr32.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Application Data\Simply Super Software\Trojan Remover\jauE4.exe
FileSize: 2552384
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
03:34:37: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
03:34:37: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
03:34:37: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?wl=true
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 03:34:37 29 sept. 2008
Total Scan time: 00:00:55
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
29/09/2008 03:34:41: restart commenced
************************************************************
***** THE SYSTEM HAS BEEN RESTARTED *****
29/09/2008 03:36:48: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - already removed
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - already removed
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E} - already removed
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} - already removed
=======================================================
29/09/2008 03:36:48: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2545. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 03:33:41 29 sept. 2008
Using Database v7152
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir
************************************************************
************************************************************
03:33:41: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
03:33:41: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
03:33:41: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
03:33:42: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: FLMOFFICE4DMOUSE
Value Data: C:\Program Files\Browser MOUSE\mouse32a.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
360448 bytes
Created: 25/09/2008
Modified: 25/09/2008
Company:
--------------------
Value Name: D-Link AirPlus G
Value Data: C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
1228800 bytes
Created: 18/03/2005
Modified: 18/03/2005
Company: D-Link
--------------------
Value Name: ANIWZCS2Service
Value Data: C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
49152 bytes
Created: 25/09/2008
Modified: 16/12/2004
Company: Alpha Networks Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 27/09/2008
Modified: 09/07/2001
Company: Ahead Software Gmbh
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 29/09/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
922192 bytes
Created: 29/09/2008
Modified: 20/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe
1667584 bytes
Created: 25/09/2008
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\Anti Virus\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\Anti Virus\Spybot - Search & Destroy\TeaTimer.exe
1832272 bytes
Created: 27/09/2008
Modified: 18/08/2008
Company: Safer Networking Limited
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
C:\Program Files\MSN Messenger\msnmsgr.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
03:33:45: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
----------
************************************************************
03:33:45: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
03:33:46: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
221696 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
--------------------
************************************************************
03:33:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
03:33:46: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
03:33:49: Scanning ----- SERVICES REGISTRY KEYS -----
Key: A3AB
ImagePath: System32\DRIVERS\A3AB.sys
C:\WINDOWS\System32\DRIVERS\A3AB.sys
450400 bytes
Created: 22/03/2005
Modified: 22/03/2005
Company: D-Link Corporation
----------
Key: ANIO
ImagePath: \??\C:\WINDOWS\System32\ANIO.SYS
C:\WINDOWS\System32\ANIO.SYS
28205 bytes
Created: 25/09/2008
Modified: 27/07/2004
Company: Alpha Networks Inc.
----------
Key: ANIWZCSdService
ImagePath: C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
49152 bytes
Created: 25/09/2008
Modified: 22/10/2004
Company: Alpha Networks Inc.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 29/09/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
149761 bytes
Created: 29/09/2008
Modified: 07/08/2008
Company: Avira GmbH
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 28/09/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
16056 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
147640 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
250040 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
348344 bytes
Created: 03/05/2007
Modified: 23/07/2008
Company: ALWIL Software
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.sys
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe [file not found to scan]
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [file not found to scan]
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
3968 bytes
Created: 26/09/2008
Modified: 05/09/2006
Company: GRISOFT, s.r.o.
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 29/09/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys [file not found to scan]
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys [file not found to scan]
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 29/09/2008
Modified: 20/05/2008
Company: Avira GmbH
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys [file not found to scan]
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 29/09/2008
Modified: 27/06/2008
Company: Avira GmbH
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
40840 bytes
Created: 29/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 29/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 29/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 15/08/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1079176 bytes
Created: 15/08/2008
Modified: 22/09/2008
Company: PC Tools
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 28/08/2001
Modified: 28/08/2001
Company:
----------
Key: sfman
ImagePath: system32\drivers\sfmanm.sys
C:\WINDOWS\system32\drivers\sfmanm.sys
36480 bytes
Created: 24/09/2008
Modified: 17/08/2001
Company: Creative Technology Ltd.
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 09/04/2007
Modified: 27/09/2008
Company: Crawler.com
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 29/09/2008
Modified: 01/03/2007
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{5F8B4033-3439-462C-9BD1-79CE9DABD2F4}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
************************************************************
03:33:58: Scanning -----VXD ENTRIES-----
************************************************************
03:33:58: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
03:33:58: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
73912 bytes
Created: 03/05/2007
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: AVG Anti-Spyware
CLSID: {8934FCEF-F5B8-468f-951F-78A921CD3920}
Path: C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\context.dll
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\context.dll
144944 bytes
Created: 26/09/2008
Modified: 26/09/2008
Company: GRISOFT s.r.o.
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 29/09/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 09/04/2007
Modified: 27/09/2008
Company: Crawler.com
----------
************************************************************
03:33:59: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
03:33:59: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
54248 bytes
Created: 03/11/2003
Modified: 03/11/2003
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - this key has been removed [file not found to scan]
C:\Program Files\AVG\AVG8\avgssie.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - this key has been removed
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\DOCUME~1\SIMON~1.SI-\Bureau\ANTIVI~1\SPYBOT~1\SDHelper.dll
C:\DOCUME~1\SIMON~1.SI-\Bureau\ANTIVI~1\SPYBOT~1\SDHelper.dll
1562448 bytes
Created: 27/09/2008
Modified: 14/08/2008
Company: Safer Networking Limited
----------
Key: {A057A204-BACC-4D26-9990-79A187E2698E}
BHO: C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E} - this key has been removed [file not found to scan]
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} - this key has been removed
----------
************************************************************
03:34:29: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: %SystemRoot%\System32\webcheck.dll
C:\WINDOWS\System32\webcheck.dll
281600 bytes
Created: 28/08/2001
Modified: 19/08/2004
Company: Microsoft Corporation
----------
************************************************************
03:34:30: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
03:34:30: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
03:34:30: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
03:34:30: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
03:34:30: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 24/09/2008
Modified: 25/09/2008
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
03:34:30: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
03:34:30: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
03:34:30: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
1440054 bytes
Created: 25/09/2008
Modified: 25/09/2008
Company:
----------
Web Desktop Wallpaper: %SystemRoot%\web\wallpaper\Colline verdoyante.bmp
C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
1440054 bytes
Created: 25/09/2008
Modified: 25/09/2008
Company:
----------
Additional checks completed
************************************************************
03:34:31: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\AVG Anti-Spyware 7.5\guard.exe - file already scanned
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe - file already scanned
--------------------
C:\Program Files\Browser MOUSE\mouse32a.exe - file already scanned
--------------------
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe - file already scanned
--------------------
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe - file already scanned
--------------------
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Bureau\Anti Virus\Spybot - Search & Destroy\TeaTimer.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\WINDOWS\system32\devldr32.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
--------------------
C:\Documents and Settings\simon.SI-IIM4BFDWEKCG\Application Data\Simply Super Software\Trojan Remover\jauE4.exe
FileSize: 2552384
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
03:34:37: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
03:34:37: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
03:34:37: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?wl=true
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 03:34:37 29 sept. 2008
Total Scan time: 00:00:55
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
29/09/2008 03:34:41: restart commenced
************************************************************
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
hisem
Messages postés
8
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
30 septembre 2008
4
29 sept. 2008 à 09:55
29 sept. 2008 à 09:55
est ce qe tu peux me dire c'est ce que tu peux me dire le type d'icone des extention .exe?
Je ne sais pas si ça répond à ta question mais je crois que c'est un petit carré avec une barre bleu au dessus avec 6 petits carrés à l'intérieur de 6 couleurs différentes
boxlee
Messages postés
621
Date d'inscription
vendredi 23 novembre 2007
Statut
Membre
Dernière intervention
7 décembre 2008
87
29 sept. 2008 à 10:21
29 sept. 2008 à 10:21
Bonjour simprotege.
as-tu essayé d'aller dans les variables d'environnement et de regarder si
les .exe et les .com sont bien notifiés.
as-tu essayé d'aller dans les variables d'environnement et de regarder si
les .exe et les .com sont bien notifiés.
boxlee, désolé je ne sais pas c'est quoi, peux tu m'aider stp ? Je me débrouille avec les ordis mais je suis loin d'être un pro. merci
hisem
Messages postés
8
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
30 septembre 2008
4
29 sept. 2008 à 10:37
29 sept. 2008 à 10:37
bon essaye ceci chè peut etre que c'est la remedehttp://www.microsoft.com/downloads/details.aspx?familyid=5FBC5470-B259-4733-A914-A956122E08E8&displaylang=fr : )
boxlee
Messages postés
621
Date d'inscription
vendredi 23 novembre 2007
Statut
Membre
Dernière intervention
7 décembre 2008
87
29 sept. 2008 à 10:43
29 sept. 2008 à 10:43
moi je suis sous vista et je ne connais pas vraiement XP.
mais il doit y avoir quand même beaucoup de ressemblances :
essaies de trouver dans panneau de configuration quelque chose qui
s'appelle paramètres système avancés (ou analogue).
mais il doit y avoir quand même beaucoup de ressemblances :
essaies de trouver dans panneau de configuration quelque chose qui
s'appelle paramètres système avancés (ou analogue).
hisem, merci ça semblait bien. Mais lorssque je le télécharge encore la même chose. Je peux le télécharger tout va bien mais lorsque j'arrive pour l'installer ça ne fonctionne pas... comme tous les autres fichiers. Voici le message lorsque j'essais de l'installer : Le programme d'installation du plug-in n'a pas pus détecter le répertoire d'installation du navigateur approprié. erreur : 0x80070002
Satie1
Messages postés
176
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
26 février 2009
11
29 sept. 2008 à 11:11
29 sept. 2008 à 11:11
Voici le lien du prog dont je te parlais : il s'agit de Hitman Pro. Evidemment si tu ne sais lancer aucun exécutable..??
Bon essaye au point ou tu en es. Voici le lien :
http://www.infos-du-net.com/telecharger/Hitman-Pro,0301-2886.html
Bon essaye au point ou tu en es. Voici le lien :
http://www.infos-du-net.com/telecharger/Hitman-Pro,0301-2886.html
boxlee
Messages postés
621
Date d'inscription
vendredi 23 novembre 2007
Statut
Membre
Dernière intervention
7 décembre 2008
87
29 sept. 2008 à 11:08
29 sept. 2008 à 11:08
tu es bien sûr d'ètre en mode administrateur, parceque lesNo. d'erreurs commençant
par 08 concernent l'èlévation de la hiérachie.
par 08 concernent l'èlévation de la hiérachie.
Ouais pas le choix d'être l'administrateur car j'ai seulement une session d'ouverte et en plus quand je vais dans panneau de configuration utilisateurs c'est écrit que je suis l'administrateur de l'ordi. Pourtant un autre message d'erreur qui s'affiche ... celui-ci est lorsque j'essais d'installer msn messenger, ça dit que je ne peux pas l'installer car je ne suis pas l'administrateur. Étrange car pourtant je suis bel et bien le seul et unique administrateur de l'ordi
Bon je ne l'ai pas essayer encore mais j'ai réussis à télécharger hitman pro. Pourtant c'est un fichier avec une extension exe. Je ne sais pas pourquoi mais je peux tout de même en installer certains.
boxlee
Messages postés
621
Date d'inscription
vendredi 23 novembre 2007
Statut
Membre
Dernière intervention
7 décembre 2008
87
29 sept. 2008 à 11:47
29 sept. 2008 à 11:47
moi je suis sous vista et je ne connais pas vraiement XP.
mais il doit y avoir quand même beaucoup de ressemblances :
essaies de trouver dans panneau de configuration quelque chose qui
s'appelle paramètres système avancés (ou analogue).
mais il doit y avoir quand même beaucoup de ressemblances :
essaies de trouver dans panneau de configuration quelque chose qui
s'appelle paramètres système avancés (ou analogue).
En fait pour apporter une petite correction à mon dernier message car je veux pas vous mélangez ... Je peux absolument downloader n'importe quel programme, ce n'est que l'installation qui est la plupart du temps impossible.
boxlee
Messages postés
621
Date d'inscription
vendredi 23 novembre 2007
Statut
Membre
Dernière intervention
7 décembre 2008
87
29 sept. 2008 à 11:58
29 sept. 2008 à 11:58
AH ! c'est autre chose.
Mais de toutes façons le No d'erreur commencant par 08007 concerne un
manque de priviléges . Si tu pouvais me décrire exactement ce que tu fais
depuis le démarrage du PC jusqu' apparition de l'erreur, ça pourrait peut
être m'aider pour te venir en aide, mais comme je l'ai dit plus haut , je ne
suis pas un spécialiste de XP. (je dois sortir , je reviens dans 1 heure).
Mais de toutes façons le No d'erreur commencant par 08007 concerne un
manque de priviléges . Si tu pouvais me décrire exactement ce que tu fais
depuis le démarrage du PC jusqu' apparition de l'erreur, ça pourrait peut
être m'aider pour te venir en aide, mais comme je l'ai dit plus haut , je ne
suis pas un spécialiste de XP. (je dois sortir , je reviens dans 1 heure).
Satie1
Messages postés
176
Date d'inscription
lundi 29 septembre 2008
Statut
Membre
Dernière intervention
26 février 2009
11
29 sept. 2008 à 13:12
29 sept. 2008 à 13:12
As tu essayé de restaurer ton PC à une date antérieure à tes problèmes.
Essaye d'abord ça, tu n'as rien à craindre.
Vérifie les variables : pour se faire clique droit sur ton Icône Poste de travail, ensuite Propriétés, ensuite clique sur l'onglet Avancé. Tout en bas tu as 2 onglets, clique sur environnement variable (ici en Anglais) et recherche la ligne avec les exe et edite la. Tu devrais avoir ceci :
variable name : PATHEXT
Variable value : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
J'ai examiné ton log mais il ne me semble rien à voir de suspect, je pense donc que la piste Virus et Trojans ne me semble pas probante mais on peut toujours se tromper.
En dernier recours tente une réparation de windows mais ce qui serait peut être intéressant ce serait avant ça de créer un autre profil utilisateur avec droits administrateur et de te loguer avec celui là et voir si le problème se répercute aussi sur ce nouveau profil. Je pense que ce serait intéressant car que la réponse est oui ou non il me semble dans tous les cas que tu as des problèmes avec tes permissions NTFS. Qu'en pensent les autres amis conseilleurs ???
Essaye d'abord ça, tu n'as rien à craindre.
Vérifie les variables : pour se faire clique droit sur ton Icône Poste de travail, ensuite Propriétés, ensuite clique sur l'onglet Avancé. Tout en bas tu as 2 onglets, clique sur environnement variable (ici en Anglais) et recherche la ligne avec les exe et edite la. Tu devrais avoir ceci :
variable name : PATHEXT
Variable value : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
J'ai examiné ton log mais il ne me semble rien à voir de suspect, je pense donc que la piste Virus et Trojans ne me semble pas probante mais on peut toujours se tromper.
En dernier recours tente une réparation de windows mais ce qui serait peut être intéressant ce serait avant ça de créer un autre profil utilisateur avec droits administrateur et de te loguer avec celui là et voir si le problème se répercute aussi sur ce nouveau profil. Je pense que ce serait intéressant car que la réponse est oui ou non il me semble dans tous les cas que tu as des problèmes avec tes permissions NTFS. Qu'en pensent les autres amis conseilleurs ???
boxlee
Messages postés
621
Date d'inscription
vendredi 23 novembre 2007
Statut
Membre
Dernière intervention
7 décembre 2008
87
29 sept. 2008 à 15:13
29 sept. 2008 à 15:13
oui, bien sûr les numéros d'erreurs commançant par 08007 sont liés
à des problèmes de hiérarchie, moi je ne connais pas vraiement XP, je préfère laisser
la place à d'autres.
à des problèmes de hiérarchie, moi je ne connais pas vraiement XP, je préfère laisser
la place à d'autres.