Comment supprimer trojandownloader.xs

massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention   -  
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
voila depuis quelque temps il y a un virus sur mon ordinateur je pense.car mon pc m'envoie chaque foi un message avec risque dangereu et le nom de ce virus est "trojandownloader.xs"

j'ai fai aller mon antivirus mai il na rien trouver..
que dois je faire?merci pour votre aide.

pour information . j'ai un pc : intel pentium D processor 915
1024 mb de ram
160 giga de disque dure.
carte graphique ati radeon xperess 200
antivirus: AVAST édition familial..


voila pour l'info
A voir également:

8 réponses

Réponse 1 / 8
kepasso Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
faut faire un scan en ligne sur secuser.com
0
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
sa ne marche pas. sur le site.

avez vous unautre moyen?

et j'ai oublier de préciser ke des fois il y a un message disant ke il y a un virus: qui est : c:\windows\wms.exe

je pense ke le nom est celui ci.
0
kepasso Messages postés 104 Date d'inscription   Statut Membre Dernière intervention   > massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
bitdefender regarde sa cé aussi un scan en ligne
0
Réponse 2 / 8
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
y a rien qui marche je n'arrive pas a faire l'analyse.
pas une autre idée??
0
Réponse 3 / 8
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
voici ce ke le virus me dit d'aller prendre "http://antispyware-reviews.biz/?wmid=4663&pwebmid=R3n1c2Bg8A"
amis je en sais tjr pa comen faire pour l'enlever?
0
kepasso Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
met spybot et ccclenear
0
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention   > kepasso Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
rien n'y fai je vien d'installer les 2 programme que vous m'avez dit et les ai fai aller mais le message d'erreur revien toujours

avez vous une solution???

merci pour votre aide.
0
Réponse 4 / 8
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
je vien de faire aller le programme hijackthis et voici ce ke me dis le rapport. cela peu -til m'aider??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:39, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Application Data\upabuxwj\glexydkt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\USB ADSL\CnxDslTb.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe
C:\WINDOWS\system32\izmjefax.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.be%2f%3f
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\USB ADSL\CnxDslTb.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Netlog 24] "C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [mkzdrmld] C:\WINDOWS\system32\izmjefax.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [gzfpqrnq] C:\WINDOWS\system32\hypcfaxu.exe
O4 - HKLM\..\Policies\Explorer\Run: [t3Bq5Y3Pq9] C:\Documents and Settings\All Users\Application Data\upabuxwj\glexydkt.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PhotoFiltre
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?42f6fe3b3d734df390e40ca17a053dea
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?42f6fe3b3d734df390e40ca17a053dea
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22AE07AB-8B7D-42C7-9C8A-B6E09FFAB10C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE0C759-6293-4B15-B2EB-64606C404368}: NameServer = 85.255.113.131 85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC97B0F-9CC3-445E-AD03-7422B83A3CC6}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - (no file)
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
et voici le rapport de combo fix


ComboFix 08-04-20.5 - Claudio 2008-04-21 22:56:13.1 - NTFSx86
Endroit: E:\Massimo\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Claudio\Application Data\inst.exe
C:\Documents and Settings\Claudio\Bureaublackbird.jpg
C:\Documents and Settings\Claudio\BureauEditorFKWP1.5.exe
C:\Documents and Settings\Claudio\BureauEditorFKWP2.0.exe
C:\Documents and Settings\Claudio\Bureaufilemanagerclient.exe
C:\Documents and Settings\Claudio\Bureaufkwp1.5.exe
C:\Documents and Settings\Claudio\Bureaufkwp2.0.exe
C:\Documents and Settings\Claudio\Bureaufwebd.exe
C:\Documents and Settings\Claudio\BureauFWebdEditor.exe
C:\Documents and Settings\Claudio\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\Claudio\Bureauvirii
C:\Program Files\PC-Cleaner
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\youtubex.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))))))))
.

2008-04-21 22:48 . 2008-04-21 22:48 <REP> d-------- C:\Program Files\Trend Micro
2008-04-21 22:40 . 2008-04-21 22:40 114,688 --a------ C:\WINDOWS\system32\hypcfaxu.exe
2008-04-21 20:57 . 2008-04-21 20:57 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-21 20:57 . 2008-04-21 21:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 20:09 . 2008-04-21 20:51 <REP> d-------- C:\Documents and Settings\Claudio\.housecall6.6
2008-04-21 19:57 . 2008-04-21 19:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-04-20 22:16 . 2008-04-20 22:33 <REP> d-------- C:\Program Files\PC Cleaner
2008-04-20 22:06 . 2008-04-20 22:06 <REP> d-------- C:\Program Files\CCleaner
2008-04-19 00:29 . 2008-04-21 18:44 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-19 00:24 . 2008-04-19 00:32 <REP> d-------- C:\Program Files\Trojan Remover
2008-04-19 00:24 . 2008-04-19 00:24 <REP> d-------- C:\Documents and Settings\Claudio\Application Data\Simply Super Software
2008-04-19 00:24 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-19 00:24 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-19 00:06 . 2008-04-19 00:06 <REP> d-------- C:\VundoFix Backups
2008-04-19 00:04 . 2008-04-19 00:38 <REP> d-------- C:\Program Files\Navilog1
2008-04-18 23:56 . 2008-04-18 23:56 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-04-18 23:51 . 2008-04-19 00:08 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-18 15:30 . 2008-04-18 10:18 172,032 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-18 15:30 . 2008-04-18 10:18 81,920 --a------ C:\WINDOWS\rtqmekwg.exe
2008-04-18 15:29 . 2008-04-18 15:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\upabuxwj
2008-04-18 15:29 . 2008-04-18 15:29 106,496 --a------ C:\WINDOWS\system32\izmjefax.exe
2008-04-17 11:12 . 2008-04-17 11:12 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-17 11:11 . 2008-04-17 11:11 <REP> d-------- C:\Program Files\Real
2008-04-14 15:29 . 2008-04-14 15:29 <REP> d-------- C:\Program Files\Netlog 24
2008-04-14 15:29 . 2008-04-14 15:29 159,744 --a------ C:\WINDOWS\system32\Netlog24Uninstaller.exe
2008-04-13 21:44 . 2008-04-13 21:44 <REP> d-------- C:\Program Files\MySpace
2008-04-13 21:44 . 2008-04-13 21:44 <REP> d-------- C:\Documents and Settings\Claudio\Application Data\MySpace
2008-04-09 23:13 . 2008-04-10 16:49 <REP> d-------- C:\tmpDownload
2008-04-09 23:12 . 2008-04-09 23:13 <REP> d-------- C:\Program Files\YoutubeGet
2008-04-09 20:35 . 2008-04-09 20:36 <REP> d-------- C:\Ares Tube
2008-04-09 17:30 . 2008-04-09 18:03 <REP> d-------- C:\Program Files\PhotoFiltre
2008-04-06 21:00 . 2008-04-06 21:00 <REP> d-------- C:\Program Files\AP Tuner
2008-04-06 15:44 . 2008-04-06 15:44 <REP> d-------- C:\Program Files\Windows Live
2008-04-06 15:44 . 2008-04-06 15:44 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-04-06 15:43 . 2008-04-19 00:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-04 21:04 . 2008-04-04 21:04 <REP> d-------- C:\WINDOWS\system32\recover

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 19:29 --------- d-----w C:\Program Files\Steam
2008-04-20 20:33 --------- d-----w C:\Program Files\TablEdit
2008-04-20 20:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-20 20:33 --------- d-----w C:\Program Files\FreeRIP3
2008-04-20 20:33 --------- d-----w C:\Program Files\eMule
2008-04-20 20:33 --------- d-----w C:\Program Files\CEDP Stealer 6.0 for Messenger
2008-04-20 11:33 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-17 09:12 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-17 09:11 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-04-06 10:57 --------- d-----w C:\Program Files\Sports Interactive
2008-04-05 13:35 52,536 ----a-w C:\Documents and Settings\Claudio\Application Data\GDIPFONTCACHEV1.DAT
2008-04-04 19:11 --------- d-----w C:\Program Files\Recovery for Outlook
2008-04-04 19:11 --------- d-----w C:\Program Files\Cyanide
2008-04-04 19:07 --------- d-----w C:\Program Files\Micro Application
2008-04-04 19:05 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-04 19:04 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-04 19:03 --------- d-----w C:\Program Files\MSN Messenger
2008-04-04 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 18:55 --------- d-----w C:\Program Files\TVAnts
2008-03-10 21:15 --------- d-----w C:\Documents and Settings\Claudio\Application Data\Skype
2008-03-09 20:20 --------- d-----w C:\Documents and Settings\Claudio\Application Data\FreeCall
2008-03-04 07:28 --------- d-----w C:\Program Files\Fichiers communs\snp2std
2008-03-02 19:53 --------- d-----w C:\Program Files\MSECache
2008-03-02 18:59 --------- d-----w C:\Program Files\Magentic
2008-03-02 11:11 --------- d-----w C:\Program Files\Shareaza
2008-02-27 20:15 --------- d-----w C:\Documents and Settings\Claudio\Application Data\Move Networks
2008-02-27 11:32 --------- d-----w C:\Program Files\Shareaza Applications
2008-02-25 18:34 --------- d-----w C:\Program Files\Common Files
2008-02-22 07:36 16,947 ----a-w C:\WINDOWS\system32\lsrc.dll
2007-12-05 14:19 22,328 ----a-w C:\Documents and Settings\Claudio\Application Data\PnkBstrK.sys
2007-11-28 15:36 480,848 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-10-15 11:42 10 ----a-w C:\Program Files\.autoreg
2007-09-11 10:09 47,360 ----a-w C:\Documents and Settings\Claudio\Application Data\pcouffin.sys
2006-03-02 12:00 73,728 --sh--w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2007-11-30 18:07 88 --sh--r C:\WINDOWS\system32\80D5A62E58.sys
2007-11-30 18:08 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-05-26 04:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-14 02:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 21:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2006-04-20 20:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\system32\dllcache\tcpip.sys
2006-04-20 20:51 359808 b4e29943b4b04bd5e7381546848e6669 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 15:06 204843]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 13:55 1871872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2006-03-10 17:15 1249280]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" [2008-01-17 20:55 475180]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 22:32 8699904]
"Netlog 24"="C:\Program Files\Netlog 24\Notifier\Netlog24Notifier.exe" [2008-04-14 15:29 1380352]
"mkzdrmld"="C:\WINDOWS\system32\izmjefax.exe" [2008-04-18 15:29 106496]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"gzfpqrnq"="C:\WINDOWS\system32\hypcfaxu.exe" [2008-04-21 22:40 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 04:08 16050688 C:\WINDOWS\RTHDCPL.exe]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 20:08 147456]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 14:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-28 00:50 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 11:52 36975]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344]
"CnxDslTaskBar"="C:\Program Files\USB ADSL\CnxDslTb.exe" [2003-08-07 18:05 458752]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Ulead AutoDetector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 14:03 45056]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 11:54 282624]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 11:32 49152]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 12:15 251376]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-01-30 18:50 20480]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-11-29 17:11 258048]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-09-15 14:21 675840]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-17 11:11 185896]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-19 00:27 873552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 22:32 8699904]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"<NO NAME>"= 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"t3Bq5Y3Pq9"= C:\Documents and Settings\All Users\Application Data\upabuxwj\glexydkt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"MSACM.CEGSM"= mobilev.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Powercinema\\PowerCinema.exe"=
"C:\\APPS\\Powercinema\\PCMService.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA SPORTS\\FIFA 08\\FIFA08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56912:TCP"= 56912:TCP:Pando P2P TCP Listening Port
"56912:UDP"= 56912:UDP:Pando P2P UDP Listening Port

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 CnxEtP;ADSL USB MODEM WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-08-07 16:38]
R3 CnxEtU;ADSL USB MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-08-07 16:38]
R3 CnxTgN;ADSL USB MODEM WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-08-07 17:54]
R3 DynCal;Dynamic Calibration Service;C:\WINDOWS\system32\drivers\Dyncal.sys [2003-11-14 03:46]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-02-15 11:51]
S3 DCamUSBPremier;Digital Camera;C:\WINDOWS\system32\Drivers\mpixvid.sys [2004-07-01 03:03]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-01-26 17:48]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03bbb036-1d0b-11dc-a16d-001921ab74e6}]
\Shell\AutoRun\command - F:\setup.exe
\Shell\start\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{717a296b-1f42-11dc-a174-001921ab74e6}]
\Shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 23:00:19
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-04-21 23:05:35
ComboFix-quarantined-files.txt 2008-04-21 21:04:31

Pre-Run: 119,224,504,320 octets libres
Post-Run: 119,236,415,488 octets libres

237 --- E O F --- 2007-12-12 16:06:17
0
Réponse 6 / 8
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
quelq'un peu t-il m'aider avec toutes les information que je vien de donner?
0
kepasso Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
essaie de telecharger windows live one car avant de l installer enleve ton antivirus et ensuite tu le met tu scan ton pc avec il est gratuit 90 jours
0
Réponse 7 / 8
kepasso Messages postés 104 Date d'inscription   Statut Membre Dernière intervention  
 
alors ca a marché
0
Réponse 8 / 8
massimo006 Messages postés 11 Date d'inscription   Statut Membre Dernière intervention  
 
non toujours pas. rien n'y fait.
avec les rapport que je vous ai mis cela sert-il a quelque chose?
0