Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Virus Net-Worm.Win32.Kido.ix

Dernière réponse le 4 jui 2009 à 15:35:51 Van, le 30 jun 2009 à 19:35:30

Signaler ce message aux modérateurs

Bonjour,voila mon probleme , donc il ya 2-3 jours Kaspersky Anti-virus m'annonce qu'il ya un Virus Net-Worm.Win32.Kido.ix sur ma machine , j'ai installer RSIT et j'aimerais que quelqu'un maide pour supprimer ce virus svp , je peut poster mes pages de logs apres analyse avec RSIT si on me demande.

Merci :)

Configuration: Windows XP Internet Explorer 6.0

Meilleures réponses pour « Virus Net Worm.Win32.Kido.ix » dans :

Net-Worm.win32.Kido.ih Voir

Virus: Net-Worm.Win32.Opasoft.s (Résolu) Voir

Infection par le virus net-worm.win32.0pasoft Voir

Virus Net-Worm.Win32.Kido.ix Voir

HELP: infecté par Net-Worm.Win32.Kido.ix Voir

Comment detruire le ver net-worm.win32.randon (Résolu) Voir

Posez votre question Répondre

Van, le 30 jun 2009 à 19:42:45

Répondre à Van

archet9, le 30 jun 2009 à 20:01:32

Hello Van

Regardes ici:
http://www.clubic.com/telecharger-fiche282762-net-worm-win32-kido-removing-tool.html

Donnes nous le resultat stp....

merci (je comptes sur toi....)

a+

Répondre à archet9

Van, le 30 jun 2009 à 20:11:03

Merci d'avoir repondu archet9 ,c'est en cours de scan :)

Répondre à Van

Van, le 30 jun 2009 à 20:13:40

Ca me met qu'aucune infection n'a etait trouver

Répondre à Van

archet9, le 30 jun 2009 à 20:15:13

Colles ton RSIT stp....

a+

Répondre à archet9

Van, le 30 jun 2009 à 20:19:45

Info.txt logfile of random's system information tool 1.06 2009-06-30 19:24:19

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
ATI Problem Report Wizard-->MsiExec.exe /X{5DA6F06A-B389-407B-BF8C-1548767914D8}
BitComet 1.12-->C:\Program Files\BitComet\uninst.exe
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"E:\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kaspersky Anti-Virus 6.0-->MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Kit d'installation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C650676-CDDB-42C0-8D11-3EEB7F791F99}\setup.exe" -l0x40c -usb
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
USB MODEM Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{042E2C9D-6647-4C5F-9CEF-387D72023128}\setup.exe" -l0x9 UNINSTALL
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Kaspersky Anti-Virus
FW: Kaspersky Anti-Virus (disabled)

======System event log======

Computer Name: PERSO-0F57AD69F
Event Code: 26
Message: Application popup : rundll32.exe - Image incorrecte : L'application ou la DLL C:\DOCUME~1\SAMY\LOCALS~1\Temp\odbc_inc.DLL n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

Record Number: 995
Source Name: Application Popup
Time Written: 20090516162112.000000+120
Event Type: Informations
User:

Computer Name: PERSO-0F57AD69F
Event Code: 26
Message: Application popup : rundll32.exe - Image incorrecte : L'application ou la DLL C:\DOCUME~1\SAMY\LOCALS~1\Temp\odbc_inc.DLL n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

Record Number: 994
Source Name: Application Popup
Time Written: 20090516162111.000000+120
Event Type: Informations
User:

Computer Name: PERSO-0F57AD69F
Event Code: 26
Message: Application popup : rundll32.exe - Image incorrecte : L'application ou la DLL C:\DOCUME~1\SAMY\LOCALS~1\Temp\odbc_inc.DLL n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

Record Number: 993
Source Name: Application Popup
Time Written: 20090516162110.000000+120
Event Type: Informations
User:

Computer Name: PERSO-0F57AD69F
Event Code: 26
Message: Application popup : rundll32.exe - Image incorrecte : L'application ou la DLL C:\DOCUME~1\SAMY\LOCALS~1\Temp\odbc_inc.DLL n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

Record Number: 992
Source Name: Application Popup
Time Written: 20090516162109.000000+120
Event Type: Informations
User:

Computer Name: PERSO-0F57AD69F
Event Code: 26
Message: Application popup : rundll32.exe - Image incorrecte : L'application ou la DLL C:\DOCUME~1\SAMY\LOCALS~1\Temp\odbc_inc.DLL n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

Record Number: 991
Source Name: Application Popup
Time Written: 20090516162107.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Fichiers communs\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Répondre à Van

Van, le 30 jun 2009 à 20:20:39

Ogfile of random's system information tool 1.06 (written by random/random)
Run by SAMY at 2009-06-30 19:22:18
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 219 GB (92%) free of 238 GB
Total RAM: 3326 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:17, on 30/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\SAMY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\SAMY\Bureau\RSIT.exe
C:\Program Files\trend micro\SAMY.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SAMY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
End of file - 6839 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-1532298954-839522115-1005.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-24 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-24 1194496]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2009-04-26 36972]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-08 518488]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [2007-03-09 200768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-06-11 1217784]
"Google Update"=C:\Documents and Settings\SAMY\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 133104]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-05-18 2592056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdminHpr]
C:\DOCUME~1\SAMY\LOCALS~1\Temp\odbc_inc.DLL,i []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-01-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"E:\Jeux\Wow\Launcher.exe"="E:\Jeux\Wow\Launcher.exe:*:Enabled:Blizzard Launcher"
"E:\Jeux\Wow\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe"="E:\Jeux\Wow\WoW-3.0.9.9551-to-3.1.0.9767-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\steamapps\gemini93200@hotmail.com\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\gemini93200@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\gemini93200@hotmail.com\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\gemini93200@hotmail.com\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\gemini93200@hotmail.com\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\gemini93200@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"E:\Jeux\3.0.1.8874 EU PTR Installer\World of Warcraft Public Test\WoW-0.1.2-frFR-downloader.exe"="E:\Jeux\3.0.1.8874 EU PTR Installer\World of Warcraft Public Test\WoW-0.1.2-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\Jeux\3.0.1.8874 EU PTR Installer\World of Warcraft Public Test\Launcher.exe"="E:\Jeux\3.0.1.8874 EU PTR Installer\World of Warcraft Public Test\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Steam\steamapps\shinzo_recon@hotmail.com707\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\shinzo_recon@hotmail.com707\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\antoineleboss\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\antoineleboss\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"E:\Jeux\3.0.1.8874 EU PTR Installer\World of Warcraft Public Test\WoW-0.2.0-frFR-downloader.exe"="E:\Jeux\3.0.1.8874 EU PTR Installer\World of Warcraft Public Test\WoW-0.2.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 1 months======

2009-06-30 19:22:18 ----D---- C:\rsit
2009-06-30 19:22:18 ----D---- C:\Program Files\trend micro
2009-06-30 17:08:32 ----SHD---- C:\RECYCLER
2009-06-29 18:26:45 ----D---- C:\WINDOWS\temp
2009-06-29 18:26:44 ----A---- C:\ComboFix.txt
2009-06-29 03:03:28 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-06-29 03:03:27 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-06-29 02:21:43 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-06-28 02:55:30 ----D---- C:\Fraps
2009-06-26 18:23:47 ----D---- C:\Documents and Settings\SAMY\Application Data\Sun
2009-06-20 01:57:46 ----D---- C:\Documents and Settings\SAMY\Application Data\DivX
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-06-20 01:57:01 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-06-20 01:57:00 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-06-20 01:57:00 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-20 01:57:00 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-20 01:57:00 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-20 01:57:00 ----N---- C:\WINDOWS\system32\px.dll
2009-06-20 01:56:46 ----D---- C:\Program Files\Fichiers communs\DivX Shared
2009-06-20 01:56:45 ----D---- C:\Program Files\DivX
2009-06-17 01:11:36 ----D---- C:\Downloads
2009-06-17 01:11:26 ----D---- C:\Program Files\BitComet
2009-06-13 13:59:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-13 13:25:10 ----D---- C:\Program Files\Windows Live Safety Center

======List of files/folders modified in the last 1 months======

2009-06-30 19:22:25 ----D---- C:\WINDOWS\Prefetch
2009-06-30 19:22:18 ----RD---- C:\Program Files
2009-06-30 17:03:51 ----D---- C:\Program Files\Mozilla Firefox
2009-06-30 15:49:12 ----D---- C:\WINDOWS\system32
2009-06-30 15:49:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-30 15:45:16 ----D---- C:\Program Files\Steam
2009-06-30 15:45:14 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 15:45:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-06-30 15:05:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-29 18:26:46 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 18:26:46 ----D---- C:\Qoobox
2009-06-29 18:26:45 ----D---- C:\WINDOWS
2009-06-29 18:25:50 ----A---- C:\WINDOWS\system.ini
2009-06-29 02:58:00 ----D---- C:\Documents and Settings\SAMY\Application Data\Spyware Terminator
2009-06-29 02:21:43 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-29 02:10:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-23 19:14:04 ----D---- C:\Program Files\Spyware Terminator
2009-06-22 01:28:38 ----D---- C:\WINDOWS\system32\config
2009-06-20 01:56:49 ----SHD---- C:\WINDOWS\Installer
2009-06-20 01:56:46 ----D---- C:\Program Files\Fichiers communs
2009-06-18 19:08:34 ----HD---- C:\WINDOWS\inf
2009-06-17 18:11:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-06-08 14:32:40 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-08 08:10:10 ----A---- C:\WINDOWS\PEV.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 klif;Klif; \??\C:\WINDOWS\system32\drivers\klif.sys []
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-01-14 3455488]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-10-27 138240]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
R3 PALLADIA;Palladia 300/400 Usb Adsl Modem; C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-08-26 3684352]
R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
S3 catchme;catchme; \??\C:\DOCUME~1\SAMY\LOCALS~1\Temp\catchme.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-01-14 598016]
R2 AVP;Kaspersky Anti-Virus 6.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [2007-03-09 200768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-08 1005904]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-06-29 75064]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-27 487424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

-----------------EOF-----------------

Répondre à Van

archet9, le 30 jun 2009 à 20:36:51

Télécharges FindyKill de Chiquitine29 :
http://sd-1.archive-host.com/membres/up/127028005715545653/ChangelogFindyKill.txt

->Enregistres le sur ton bureau et pas ailleurs !

!! Déconnectes toi et fermes toute applications en cours !!

( Si ton anti-virus s'affolle au moment de l'enregistrement ou de l'utilisation de l'outil , ignore l'alerte ...)

-> Cliques sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

--> Double cliques sur le raccourci " FindyKill " qui est sur ton bureau .

-->choisis l'option 1 ( recherche ) .
Puis laisses travailler l'outil sans rien toucher ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )

a+

Répondre à archet9

Van, le 30 jun 2009 à 20:39:21

Le lien marche pas :(

Répondre à Van

Van, le 30 jun 2009 à 20:54:32

Répondre à Van

archet9, le 30 jun 2009 à 21:10:34

http://sd-1.archive-host.com/membres/up/116615172019703188

Répondre à archet9

Van, le 30 jun 2009 à 21:17:32

Ok merci je te tiens au courant vite :)

Répondre à Van

Van, le 1 jui 2009 à 01:24:45

Désolée archet9 mais le lien ne marche toujours pas ca me met qu'une page est manquante.

Répondre à Van

Van, le 1 jui 2009 à 16:59:18

Répondre à Van

Van, le 1 jui 2009 à 19:23:55

Up , toujours besoin d'aide :(

Répondre à Van

archet9, le 1 jui 2009 à 21:32:43

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

a+

Répondre à archet9

Van, le 2 jui 2009 à 00:52:59

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ )
BIOS : Award Modular BIOS v6.00PG
USER : SAMY ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 6.0.2.621 (Activated)
Firewall : Kaspersky Anti-Virus 6.0.2.621 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:232 Go (Free:213 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:149 Go (Free:112 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 02/07/2009| 0:45 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Toolbar
C:\Program Files\Crawler\Toolbar\adrkeys.dat
C:\Program Files\Crawler\Toolbar\Cache
C:\Program Files\Crawler\Toolbar\COMMON_FF.dat
C:\Program Files\Crawler\Toolbar\confirm.dat
C:\Program Files\Crawler\Toolbar\ctbcomm.dll
C:\Program Files\Crawler\Toolbar\ctbr.dll
C:\Program Files\Crawler\Toolbar\CTConf.dat
C:\Program Files\Crawler\Toolbar\CTipsDef.dll
C:\Program Files\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Crawler\Toolbar\CUpdate.exe
C:\Program Files\Crawler\Toolbar\firefox
C:\Program Files\Crawler\Toolbar\Languages
C:\Program Files\Crawler\Toolbar\lookfor.dat
C:\Program Files\Crawler\Toolbar\majorse.dat
C:\Program Files\Crawler\Toolbar\rootmenu.dat
C:\Program Files\Crawler\Toolbar\services.dat
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct
C:\Program Files\Crawler\Toolbar\STWSG_FF.dat
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct
C:\Program Files\Crawler\Toolbar\Update
C:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
C:\Program Files\Crawler\Toolbar\WSGData
C:\Program Files\Crawler\Toolbar\Cache\COMMON
C:\Program Files\Crawler\Toolbar\Cache\STWSG
C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_BMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\SHOP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\TRAVEL_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\WAYBACK_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\WP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\YP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_BMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_BMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_MENU.dat
C:\Program Files\Crawler\Toolbar\firefox\chrome
C:\Program Files\Crawler\Toolbar\firefox\chrome.manifest
C:\Program Files\Crawler\Toolbar\firefox\components
C:\Program Files\Crawler\Toolbar\firefox\install.ini
C:\Program Files\Crawler\Toolbar\firefox\install.rdf
C:\Program Files\Crawler\Toolbar\firefox\stwsg_ff.ini
C:\Program Files\Crawler\Toolbar\firefox\chrome\common.jar
C:\Program Files\Crawler\Toolbar\firefox\chrome\stwsg.jar
C:\Program Files\Crawler\Toolbar\firefox\components\xcomm.dll
C:\Program Files\Crawler\Toolbar\firefox\components\xplugin.xpt
C:\Program Files\Crawler\Toolbar\firefox\components\xshared.dll
C:\Program Files\Crawler\Toolbar\firefox\components\xshared.xpt
C:\Program Files\Crawler\Toolbar\firefox\components\xsupport.dll
C:\Program Files\Crawler\Toolbar\firefox\components\xsupport.xpt
C:\Program Files\Crawler\Toolbar\firefox\components\xwsg.dll
C:\Program Files\Crawler\Toolbar\Languages\STWSG_CS.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_DE.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_EN.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_ES.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_FF.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_FR.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_IT.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_NL.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_CS.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_DE.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_EN.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_ES.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_FR.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_IT.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_NL.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_PL.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_RU.cab
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\info.ini
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\language.ini
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\info.ini
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\language.ini
C:\Program Files\Crawler\Toolbar\Update\domains.cab
C:\Program Files\Crawler\Toolbar\WSGData\domains
C:\Program Files\Crawler\Toolbar\WSGData\g_S-1-5-21-1078081533-1532298954-839522115-1005.dat
C:\Program Files\Crawler\Toolbar\WSGData\p_S-1-5-21-1078081533-1532298954-839522115-1005.dat
C:\Program Files\Crawler\Toolbar\WSGData\ud_S-1-5-21-1078081533-1532298954-839522115-1005.dat
C:\Program Files\Crawler\Toolbar\WSGData\wfilter.dat
C:\Program Files\Crawler\Toolbar\WSGData\w_S-1-5-21-1078081533-1532298954-839522115-1005.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_030.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_031.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_032.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_033.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_033_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\index.dat
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google.atcomet.com/b/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 02/07/2009| 0:46 - Option : [1]

-----------\\ Fin du rapport a 0:46:27,18

Parcontre apres ca , ca me met que mon pare feu na pas l'autorisation pour AVP ou un truc du genre c'est rien de grave? :)

Répondre à Van

Van, le 2 jui 2009 à 18:13:58

Up :(

Répondre à Van

Van, le 2 jui 2009 à 19:24:06

Up need toujours de l'help

Répondre à Van

26 réponses 12 Suivant

Posez votre question Répondre