TROJAN.DOWNLOADER-20924 HELP ME ! ! ! ..I\...
FABZ
-
trans123 -
trans123 -
Bonjour,
Comme beaucoup de gens, il semblerait que nous soyons des stars sur internet et qu'il y aurait notre photo.
Un click; et le showbiz vous tourne le dos, votre vie bascule et pour couronner le tout, votre pc vous fait la gueule.
J'aurais besoin d'aide pour me retirer un virus du type trojan.downloader sur mon pc, qui est d'ailleurs mon pc du boulot, c'est assez contraignant.
J'ai utilisé le logiciel Trojan Remover, mais c'est sans espoir. Alors que faire ? ? ? Il m'a tout de même fait un rapport que je joins à ce message.
Merci d'avance pour votre aide. Je suis à votre disposition pour toutes solutions.
Fabz.
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
19/04/2008 15:22:11: Trojan Remover has been restarted
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe - process is either not running or could not be terminated
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe has been deleted
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - process is either not running or could not be terminated
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe has been renamed to C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Flash Media] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[JavaCore] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[SfKg6wIP] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[WinTouch] - deleted
=======================================================
19/04/2008 15:22:11: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2527. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:19:13 19 avr. 2008
Using Database v6975
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\utilisateur\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\utilisateur\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
eTrust Anti-Virus
**************************************************
**************************************************
15:19:13: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
15:19:13: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
15:19:13: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
15:19:13: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe
64156 bytes
Created: 15/04/2008
Modified: 19/04/2008
Company:
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe appears to be in-use/locked
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe - this entry will be removed (no action requested on file)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
98304 bytes
Created: 11/10/2007
Modified: 25/09/2006
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
114688 bytes
Created: 11/10/2007
Modified: 25/09/2006
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
94208 bytes
Created: 11/10/2007
Modified: 25/09/2006
Company: Intel Corporation
--------------------
Value Name: PDF Complete
Value Data: "C:\Program Files\PDF Complete\pdfsty.exe"
C:\Program Files\PDF Complete\pdfsty.exe
331288 bytes
Created: 11/10/2007
Modified: 07/08/2007
Company: PDF Complete Inc
--------------------
Value Name: SetRefresh
Value Data: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
525824 bytes
Created: 11/10/2007
Modified: 20/11/2003
Company: Hewlett-Packard Company
--------------------
Value Name: Recguard
Value Data: C:\WINDOWS\Sminst\Recguard.exe
C:\WINDOWS\Sminst\Recguard.exe
1138688 bytes
Created: 11/10/2007
Modified: 12/05/2006
Company:
--------------------
Value Name: Reminder
Value Data: C:\WINDOWS\Creator\Remind_XP.exe
C:\WINDOWS\Creator\Remind_XP.exe
761856 bytes
Created: 11/10/2007
Modified: 31/03/2006
Company:
--------------------
Value Name: Scheduler
Value Data: C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\SMINST\Scheduler.exe
888832 bytes
Created: 11/10/2007
Modified: 24/04/2006
Company:
--------------------
Value Name: RoxioDragToDisc
Value Data: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
1116920 bytes
Created: 30/10/2006
Modified: 30/10/2006
Company: Roxio
--------------------
Value Name: Realtime Monitor
Value Data: "C:\Program Files\CA\eTrustITM\realmon.exe" -s
C:\Program Files\CA\eTrustITM\realmon.exe
407632 bytes
Created: 16/01/2007
Modified: 16/01/2007
Company: CA
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
385024 bytes
Created: 01/02/2008
Modified: 01/02/2008
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
267048 bytes
Created: 19/02/2008
Modified: 19/02/2008
Company: Apple Inc.
--------------------
Value Name: runner1
Value Data: C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
C:\WINDOWS\mrofinu1423.exe [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
873552 bytes
Created: 19/04/2008
Modified: 17/04/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: LightScribe Control Panel
Value Data: C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
451872 bytes
Created: 20/06/2007
Modified: 20/06/2007
Company: Hewlett-Packard Company
--------------------
Value Name: Twain
Value Data: C:\Program Files\Twain\Twain.exe
C:\Program Files\Twain\Twain.exe [file not found to scan]
--------------------
Value Name: SpeedRunner
Value Data: C:\Documents and Settings\utilisateur\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\utilisateur\Application Data\SpeedRunner\SpeedRunner.exe
181248 bytes
Created: 18/04/2008
Modified: 18/04/2008
Company:
--------------------
Value Name: WinTouch
Value Data: C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe
181760 bytes
Created: 18/04/2008
Modified: 18/04/2008
Company:
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe appears to contain: DOWNLOADER
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - this registry value has been removed
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - running process located and terminated
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - file ownership assigned to: CCI-POSTE3\utilisateur
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - running process located and terminated
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - file backed up to C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe.vir
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - file has been neutralised
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - marked for renaming when the PC is restarted
--------------------
Value Name: SfKg6w
Value Data: C:\Documents and Settings\utilisateur\Application Data\Microsoft\Windows\rayiou.exe
C:\Documents and Settings\utilisateur\Application Data\Microsoft\Windows\rayiou.exe
35840 bytes
Created: 18/04/2008
Modified: 18/04/2008
Company:
C:\Documents and Settings\utilisateur\Application Data\Microsoft\Windows\rayiou.exe appears to be in-use/locked
--------------------
Windows Registry scan stopped at user request.
The ShellExecuteHooks were not scanned.
Hidden Registry Entries were not scanned for.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The ServiceDLLs registry keys were not scanned.
The Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The HOSTS file was not checked.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.
**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 19/04/2008 15:20:11
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
19/04/2008 15:20:16: restart commenced
************************************************************
Comme beaucoup de gens, il semblerait que nous soyons des stars sur internet et qu'il y aurait notre photo.
Un click; et le showbiz vous tourne le dos, votre vie bascule et pour couronner le tout, votre pc vous fait la gueule.
J'aurais besoin d'aide pour me retirer un virus du type trojan.downloader sur mon pc, qui est d'ailleurs mon pc du boulot, c'est assez contraignant.
J'ai utilisé le logiciel Trojan Remover, mais c'est sans espoir. Alors que faire ? ? ? Il m'a tout de même fait un rapport que je joins à ce message.
Merci d'avance pour votre aide. Je suis à votre disposition pour toutes solutions.
Fabz.
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
19/04/2008 15:22:11: Trojan Remover has been restarted
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe - process is either not running or could not be terminated
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe has been deleted
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - process is either not running or could not be terminated
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe has been renamed to C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Flash Media] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[JavaCore] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[SfKg6wIP] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[WinTouch] - deleted
=======================================================
19/04/2008 15:22:11: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.9.2527. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:19:13 19 avr. 2008
Using Database v6975
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\utilisateur\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\utilisateur\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
eTrust Anti-Virus
**************************************************
**************************************************
15:19:13: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
15:19:13: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
15:19:13: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
15:19:13: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
File: C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe
64156 bytes
Created: 15/04/2008
Modified: 19/04/2008
Company:
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe appears to be in-use/locked
C:\WINDOWS\system32\%%^ ^^^^%^ %%% ^ ^^%^%^ ^%^% .exe - this entry will be removed (no action requested on file)
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
98304 bytes
Created: 11/10/2007
Modified: 25/09/2006
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
114688 bytes
Created: 11/10/2007
Modified: 25/09/2006
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
94208 bytes
Created: 11/10/2007
Modified: 25/09/2006
Company: Intel Corporation
--------------------
Value Name: PDF Complete
Value Data: "C:\Program Files\PDF Complete\pdfsty.exe"
C:\Program Files\PDF Complete\pdfsty.exe
331288 bytes
Created: 11/10/2007
Modified: 07/08/2007
Company: PDF Complete Inc
--------------------
Value Name: SetRefresh
Value Data: C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
525824 bytes
Created: 11/10/2007
Modified: 20/11/2003
Company: Hewlett-Packard Company
--------------------
Value Name: Recguard
Value Data: C:\WINDOWS\Sminst\Recguard.exe
C:\WINDOWS\Sminst\Recguard.exe
1138688 bytes
Created: 11/10/2007
Modified: 12/05/2006
Company:
--------------------
Value Name: Reminder
Value Data: C:\WINDOWS\Creator\Remind_XP.exe
C:\WINDOWS\Creator\Remind_XP.exe
761856 bytes
Created: 11/10/2007
Modified: 31/03/2006
Company:
--------------------
Value Name: Scheduler
Value Data: C:\WINDOWS\SMINST\Scheduler.exe
C:\WINDOWS\SMINST\Scheduler.exe
888832 bytes
Created: 11/10/2007
Modified: 24/04/2006
Company:
--------------------
Value Name: RoxioDragToDisc
Value Data: "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
1116920 bytes
Created: 30/10/2006
Modified: 30/10/2006
Company: Roxio
--------------------
Value Name: Realtime Monitor
Value Data: "C:\Program Files\CA\eTrustITM\realmon.exe" -s
C:\Program Files\CA\eTrustITM\realmon.exe
407632 bytes
Created: 16/01/2007
Modified: 16/01/2007
Company: CA
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
385024 bytes
Created: 01/02/2008
Modified: 01/02/2008
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
267048 bytes
Created: 19/02/2008
Modified: 19/02/2008
Company: Apple Inc.
--------------------
Value Name: runner1
Value Data: C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
C:\WINDOWS\mrofinu1423.exe [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
873552 bytes
Created: 19/04/2008
Modified: 17/04/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: LightScribe Control Panel
Value Data: C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
451872 bytes
Created: 20/06/2007
Modified: 20/06/2007
Company: Hewlett-Packard Company
--------------------
Value Name: Twain
Value Data: C:\Program Files\Twain\Twain.exe
C:\Program Files\Twain\Twain.exe [file not found to scan]
--------------------
Value Name: SpeedRunner
Value Data: C:\Documents and Settings\utilisateur\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\utilisateur\Application Data\SpeedRunner\SpeedRunner.exe
181248 bytes
Created: 18/04/2008
Modified: 18/04/2008
Company:
--------------------
Value Name: WinTouch
Value Data: C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe
181760 bytes
Created: 18/04/2008
Modified: 18/04/2008
Company:
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe appears to contain: DOWNLOADER
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - this registry value has been removed
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - running process located and terminated
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - file ownership assigned to: CCI-POSTE3\utilisateur
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - running process located and terminated
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - file backed up to C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe.vir
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - file has been neutralised
C:\Documents and Settings\utilisateur\Application Data\WinTouch\WinTouch.exe - marked for renaming when the PC is restarted
--------------------
Value Name: SfKg6w
Value Data: C:\Documents and Settings\utilisateur\Application Data\Microsoft\Windows\rayiou.exe
C:\Documents and Settings\utilisateur\Application Data\Microsoft\Windows\rayiou.exe
35840 bytes
Created: 18/04/2008
Modified: 18/04/2008
Company:
C:\Documents and Settings\utilisateur\Application Data\Microsoft\Windows\rayiou.exe appears to be in-use/locked
--------------------
Windows Registry scan stopped at user request.
The ShellExecuteHooks were not scanned.
Hidden Registry Entries were not scanned for.
The ScreenSaver was not checked.
The Windows Registry Active Setup keys were not scanned.
The ServiceDLLs registry keys were not scanned.
The Services registry keys were not scanned.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The HOSTS file was not checked.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.
**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 19/04/2008 15:20:11
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
19/04/2008 15:20:16: restart commenced
************************************************************
A voir également:
- TROJAN.DOWNLOADER-20924 HELP ME ! ! ! ..I\...
- I showkeyplus - Télécharger - Utilitaires
- I tun - Télécharger - Lecture & Playlists
- I sans point ✓ - Forum Windows
- O ou i pour allumer - Forum Word
- Comment écrire le symbole On/Off - Forum Facebook
3 réponses
bien on continue
Télécharge MSNFix.zip (de !aur3n7) sur ton bureau : http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).
Double-cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note :
-Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
poste le rapport.
Télécharge MSNFix.zip (de !aur3n7) sur ton bureau : http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).
Double-cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage.
Note :
-Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
poste le rapport.
Ah yes! Merci beaucoup ludsfa.
Je vais essayé et je reviens vers toi pour te dire si ça a marché.
Merci d'avoir usé de ton temps pour moi.
Je vais essayé et je reviens vers toi pour te dire si ça a marché.
Merci d'avoir usé de ton temps pour moi.
Bon je viens de tomber sur le meme pb que toi c'est speedrunner le coupable !
Il est situe sous C:\Users\trans123\AppData\Roaming\SpeedRunner
Je ne tenterais pas d'executer le uninstall a ta place.
Je vais faire quelques essais et je te donne quelques infos pour t'aider.
Sinon est-ce que tu as fait une install du SP1 ?
Il est situe sous C:\Users\trans123\AppData\Roaming\SpeedRunner
Je ne tenterais pas d'executer le uninstall a ta place.
Je vais faire quelques essais et je te donne quelques infos pour t'aider.
Sinon est-ce que tu as fait une install du SP1 ?
ok, voilà ce qu'on va faire télécharge tools cleaner sur ton bureau ci-dessous: http://www.commentcamarche.net/telecharger/toolscleaner 34055291 avis opinions.php3
Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.
* Clique sur Recherche et laisse le scan agir ...
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
/!\ Si tu as Spybot désactive le tea-timer le à chaque manip' que je vais te faire faire /!\
Télécharge MsnFix (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip
le tuto:https://www.malekal.com/supprimer-virus-desinfecter-pc/
Dézippe-le sur ton bureau.
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)
Si tu dois redémarrer l’ordinateur fais le manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci :
http://www.infos-du-net.com/forum/272805-11-upload-fichiers-supects-msnfix
ensuite,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2 :
http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis
Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.
* Clique sur Recherche et laisse le scan agir ...
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
/!\ Si tu as Spybot désactive le tea-timer le à chaque manip' que je vais te faire faire /!\
Télécharge MsnFix (de !aur3n7) sur ton Bureau:
http://sosvirus.changelog.fr/MSNFix.zip
le tuto:https://www.malekal.com/supprimer-virus-desinfecter-pc/
Dézippe-le sur ton bureau.
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat. (L’extension bat peut ne pas apparaître)
- Exécute l'option R.
- Si l'infection est détectée, presse une touche pour lancer le nettoyage. (N)
Si tu dois redémarrer l’ordinateur fais le manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Note : Si tu obtiens un fichier zip d’upload sur ton bureau, fais ceci :
http://www.infos-du-net.com/forum/272805-11-upload-fichiers-supects-msnfix
ensuite,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2 :
http://www.infos-du-net.com/forum/271838-11-tuto-utiliser-hijackthis
Je ne trouve pas de fichier MSNFix.bat. et encore moins l'option R.
Est-ce qu'il y a une manipe que je ne comprends pas ou que je n'ai pas sû faire???
As-tu d'autres solutions please?