Sujet Précédent Sujet Suivant

Virus "travaillez plus"

Résolu/Fermé
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009 - 7 janv. 2009 à 13:50
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009 - 7 janv. 2009 à 18:08
Bonjour,

voici mon probleme : j'ai attrapé un virus "travaillez plus" et ne parviens pas à le supprimer.

voici une série de chose que pourrais vous aider à m'aider

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1623
Windows 5.1.2600 Service Pack 3

06/01/2009 11:58:36
mbam-log-2009-01-06 (11-58-36).txt

Type de recherche: Examen rapide
Eléments examinés: 62215
Temps écoulé: 7 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)




ou aussi avec un scan d'antivir

last file found
C:\Documents and Settings\Dorian Daniel\Local Settings\Temporary Internet Files\Content.IE5\A2429TTE\promote[1].htm

last detection
HEUR/Exploit.HTML

last scanned file
C:\WINDOWS\system32\ZoneLabs\Updates\LocalCatalog.xml



voici un rapport hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:42, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Travaillez plus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoker.com/installstart.htm?LANG_ID=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Au travail !Arrêtez de surfer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Zip] wscript.exe /E:vbs C:\autoexec.bat
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [BroadCamRun] "C:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
O4 - HKLM\..\Run: [EyelineRun] "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Dorian Daniel\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://helpx.adobe.com/shockwave/shockwave-end-of-life-faq.html [...] wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 13800 bytes


voilà, je ne sais que faire de plus


en fait je pense qu'il faut que je coche quelques éléments repris dans le rapport hijackthis pour les supprimer du pc seulement je ne suis pas surque c'est cela que je dois faire.


Merci de bien vouloir m'aider.
A voir également:

35 réponses

  • 1
  • 2
Réponse 1 / 35
Utilisateur anonyme
7 janv. 2009 à 13:54
Salut,

▶ Télécharge UsbFix (de Chiquitine29) sur ton Bureau :

▶ Lance l'installation avec les paramètres par défaut.

▶ Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

▶ Double-clique sur le raccourci UsbFix sur ton Bureau.

Choisit l'option 1

▶ Le PC va redémarrer.

▶ Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 2 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 14:22
voici




-------------- UsbFix V2.413.9 ---------------

* User : Dorian Daniel - DOUDOU
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 14:12:54 le 07/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur amovible


+- Contenu de l'autorun : D:\autorun.inf



+- Contenu de l'autorun : F:\autorun.inf

[autorun]
open=wscript.exe antinul.vbe
shell\open=Open
shell\open\Command=wscript.exe antinul.vbe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[05/08/2004 05:00][-rahs----] C:\NTDETECT.COM
[18/11/2008 23:35][-rahs----] C:\boot.ini
[02/12/2008 23:22][--a------] C:\avi_log.txt
[02/12/2008 23:22][--a------] C:\UsbFix.txt
[07/03/2005 20:25][--a------] C:\CONFIG.SYS
[07/03/2005 20:25][--a------] C:\IO.SYS
[07/03/2005 20:25][--a------] C:\MSDOS.SYS
[07/03/2005 20:25][--a------] C:\pagefile.sys
[07/03/2005 20:25][--a------] C:\hiberfil.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :

[15/06/2008 22:46][drahs----] D:\autorun.inf

--------------- [ Lecteur F ] ----------------

F: - Lecteur amovible


+- Listing des fichiers présents :

[07/01/2009 00:17][-rahs----] F:\autorun.inf
[03/01/2009 15:43][-rahs----] F:\antinul.vbe

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\antinul.vbe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
QUAD Scheduler=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
QUAD Windows service=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LaunchApp=Alaunch
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SoundMan=SOUNDMAN.EXE
AGRSMMSG=AGRSMMSG.exe
SiSPower=Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook=C:\WINDOWS\system32\keyhook.exe
PCMService="C:\Program Files\Arcade\PCMService.exe"
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LManager=C:\Program Files\Launch Manager\QtZgAcer.EXE
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\Monitor.exe
MMTray="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
mmtask="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
au=C:\Program Files\Dealio\DealioAU.exe
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
BroadCamRun="C:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
EyelineRun="C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{042cb058-d995-11dd-a16d-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06c9d084-b5c3-11dd-a0d4-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16922a8a-b8a1-11dd-a0e8-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16922a8b-b8a1-11dd-a0e8-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16ec5658-c072-11dd-a102-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16ec5659-c072-11dd-a102-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea4e4b6-bed7-11dd-a0ff-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25d6814-b60a-11dd-a0d6-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9a17c1a-c29f-11dd-a10b-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9a17c1a-c29f-11dd-a10b-0016362e4230}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9a17c1a-c29f-11dd-a10b-0016362e4230}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

F:\autorun.inf ~> fichier appelé : "F:\wscript.exe antinul.vbe" ( absent ! )
Supprimé ! - [20/08/2008 19:56][--ah-----] C:\gdmae.bmp
Echec de la supression !! - [15/06/2008 22:46] D:\autorun.inf
Supprimé ! - [20/08/2008 19:56][--ah-----] D:\gdmae.bmp
Echec de la supression !! - [15/06/2008 22:46] D:\autorun.inf
Supprimé ! - [15/06/2008 22:46][d-a------] D:\autorun.inf
Supprimé ! - [07/01/2009 00:17][-rahs----] F:\autorun.inf
Supprimé ! - [03/01/2009 15:43][-rahs----] F:\antinul.vbe
Supprimé ! - [21/02/2008 16:27][---hs----] F:\msvcr71.dll

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[05/08/2004 05:00][-rahs----] C:\NTDETECT.COM
[18/11/2008 23:35][-rahs----] C:\boot.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0
Réponse 3 / 35
Utilisateur anonyme
7 janv. 2009 à 14:24
Re,

==>>Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.<<===


!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

▶ Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...

▶ Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .

▶ Choisis l'option 1 ( "recherche") et tapes "entrée" .

▶Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...

( le rapport est en outre sauvegardé ici -> C:\TB.txt )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.


Tutoriel Toolbard-S&D
0
Réponse 4 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 14:24
-------------- UsbFix V2.413.9 ---------------

* User : Dorian Daniel - DOUDOU
* Outils mis a jours le 05/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 14:12:54 le 07/01/2009
* Windows Xp - Internet Explorer 7.0.5730.11


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur amovible


+- Contenu de l'autorun : D:\autorun.inf



+- Contenu de l'autorun : F:\autorun.inf

[autorun]
open=wscript.exe antinul.vbe
shell\open=Open
shell\open\Command=wscript.exe antinul.vbe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[05/08/2004 05:00][-rahs----] C:\NTDETECT.COM
[18/11/2008 23:35][-rahs----] C:\boot.ini
[02/12/2008 23:22][--a------] C:\avi_log.txt
[02/12/2008 23:22][--a------] C:\UsbFix.txt
[07/03/2005 20:25][--a------] C:\CONFIG.SYS
[07/03/2005 20:25][--a------] C:\IO.SYS
[07/03/2005 20:25][--a------] C:\MSDOS.SYS
[07/03/2005 20:25][--a------] C:\pagefile.sys
[07/03/2005 20:25][--a------] C:\hiberfil.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe


+- Listing des fichiers présents :

[15/06/2008 22:46][drahs----] D:\autorun.inf

--------------- [ Lecteur F ] ----------------

F: - Lecteur amovible


+- Listing des fichiers présents :

[07/01/2009 00:17][-rahs----] F:\autorun.inf
[03/01/2009 15:43][-rahs----] F:\antinul.vbe

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\antinul.vbe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
QUAD Scheduler=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
QUAD Windows service=C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
<NO NAME>=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
LaunchApp=Alaunch
SynTPLpr=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SoundMan=SOUNDMAN.EXE
AGRSMMSG=AGRSMMSG.exe
SiSPower=Rundll32.exe SiSPower.dll,ModeAgent
SiS Windows KeyHook=C:\WINDOWS\system32\keyhook.exe
PCMService="C:\Program Files\Arcade\PCMService.exe"
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LManager=C:\Program Files\Launch Manager\QtZgAcer.EXE
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\Monitor.exe
MMTray="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
mmtask="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
au=C:\Program Files\Dealio\DealioAU.exe
SearchSettings=C:\Program Files\Search Settings\SearchSettings.exe
BroadCamRun="C:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
EyelineRun="C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{042cb058-d995-11dd-a16d-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06c9d084-b5c3-11dd-a0d4-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16922a8a-b8a1-11dd-a0e8-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16922a8b-b8a1-11dd-a0e8-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16ec5658-c072-11dd-a102-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16ec5659-c072-11dd-a102-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea4e4b6-bed7-11dd-a0ff-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c25d6814-b60a-11dd-a0d6-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9a17c1a-c29f-11dd-a10b-0016362e4230}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9a17c1a-c29f-11dd-a10b-0016362e4230}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9a17c1a-c29f-11dd-a10b-0016362e4230}\Shell\open\Command

--------------- [ Nettoyage des disques ] ----------------

F:\autorun.inf ~> fichier appelé : "F:\wscript.exe antinul.vbe" ( absent ! )
Supprimé ! - [20/08/2008 19:56][--ah-----] C:\gdmae.bmp
Echec de la supression !! - [15/06/2008 22:46] D:\autorun.inf
Supprimé ! - [20/08/2008 19:56][--ah-----] D:\gdmae.bmp
Echec de la supression !! - [15/06/2008 22:46] D:\autorun.inf
Supprimé ! - [15/06/2008 22:46][d-a------] D:\autorun.inf
Supprimé ! - [07/01/2009 00:17][-rahs----] F:\autorun.inf
Supprimé ! - [03/01/2009 15:43][-rahs----] F:\antinul.vbe
Supprimé ! - [21/02/2008 16:27][---hs----] F:\msvcr71.dll

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[05/08/2004 05:00][-rahs----] C:\NTDETECT.COM
[18/11/2008 23:35][-rahs----] C:\boot.ini

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
D:\autorun.inf -> Dossier autorun.inf crée par UsbFix !
F:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 35
Utilisateur anonyme
7 janv. 2009 à 14:25
Re,

OUi c bon fait ce que je t'ai demander au poste 3.

merci
0
Réponse 6 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 14:32
voici



-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 07/01/2009|14:29 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\temp\dealio-14248.log
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\temp\dealio-14249.log
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127\temp\ws-14248.log
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127\temp\ws-14249.log
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127\temp\ws-14250.log
C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127\temp\ws-14251.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\temp
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Dorian Daniel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 07/01/2009|14:30 - Option : [1]

-----------\\ Fin du rapport a 14:30:45,82
0
Réponse 7 / 35
Utilisateur anonyme
7 janv. 2009 à 14:33
Re,

Fais ceci maintenant :

▶ Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

▶Relances Toolbar-S&D en double-cliquant sur le raccourci.

▶ Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : Ne touches à rien lors de la suppression !!

▶ Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse

▶ Accompagné d'un nouveau rapport hijackthis pour analyse ...

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 8 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 14:39
voila deja ceci

-----------\\ ToolBar S&D 1.2.8 XP/Vista


"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 07/01/2009|14:35 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\WINDOWS\Prefetch\DEALIOAU.EXE-0D71B01B.pf
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
Supprime! - C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\DORIAN~1\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\DORIAN~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Dorian Daniel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 07/01/2009|14:30 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 07/01/2009|14:37 - Option : [2]

-----------\\ Fin du rapport a 14:37:27,70




le reste arrive
0
Réponse 9 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 14:41
et voici le reste


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:47, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoker.com/installstart.htm?LANG_ID=fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BroadCamRun] "C:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
O4 - HKLM\..\Run: [EyelineRun] "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
0
Réponse 10 / 35
Utilisateur anonyme
7 janv. 2009 à 14:45
Re,

▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur ' continue ' à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
0
Réponse 11 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 14:50
voila

Logfile of random's system information tool 1.05 (written by random/random)
Run by Dorian Daniel at 2009-01-07 14:49:17
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 10 GB (28%) free of 36 GB
Total RAM: 958 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:49:20, on 07/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NCH Software\BroadCam\broadCam.exe
C:\Program Files\NCH Software\Eyeline\eyeline.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Dorian Daniel\Bureau\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Dorian Daniel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.partypoker.com/installstart.htm?LANG_ID=fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\antinul.vbe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BroadCamRun] "C:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
O4 - HKLM\..\Run: [EyelineRun] "C:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QUAD Scheduler] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Scheduler.exe
O4 - HKCU\..\Run: [QUAD Windows service] C:\Program Files\QUAD Utilities\QUAD Registry Cleaner\QUAD Registry Cleaner.exe -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - C:\Program Files\NCH Software\BroadCam\broadCam.exe
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.811.4345 (GoogleDesktopManager-110408-113106) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
0
Réponse 12 / 35
Utilisateur anonyme
7 janv. 2009 à 14:54
Re,

▶ Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
CCLEANER

▶ Lance-le. Va dans "Options" puis "Avancé",

▶ Tu décoches la case "Effacer uniquement les fichiers etc...".

▶ Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage.

▶ Tu vas dans "Registre", tu fais "Chercher des erreurs".

Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

▶ Un tuto ( aide )
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Redémarre ton pc suite a ccleaner et refait un scan complet avec malwarebyte.

N'oublie pas de vérifier si une mise à jour de malwarebyte et pas disponible.

A++
0
Réponse 13 / 35
LordDoudou
7 janv. 2009 à 14:59
j'ao deja ce programme sur mon pc la version V1.34.407

cette version est bonne ?
0
Réponse 14 / 35
Utilisateur anonyme
7 janv. 2009 à 15:01
Re,

Oui c bon tu lance le nettoyage et refait comme indiquer le scan avec malwarebyte.

Ensuite tu poste le rapport et me dit si tu as une amélioration .....
0
Réponse 15 / 35
LordDoudou
7 janv. 2009 à 15:02
NETTOYAGE COMPLET - (0,692 secs)
------------------------------------------------------------------------------------------
0,84MB supprimés.
------------------------------------------------------------------------------------------

Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 148) 0,81MB
Cookie:dorian daniel@metriweb.be/(&H100001) 97 bytes
Cookie:dorian daniel@commentcamarche.net/(&H100001) 595 bytes
Cookie:dorian daniel@smartadserver.com/(&H100001) 399 bytes
Cookie:dorian daniel@ccleaner.com/(&H100001) 407 bytes
Cookie:dorian daniel@xiti.com/(&H100001) 106 bytes
Poubelle vidée (1 fichiers) 34,00KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 455 bytes
C:\Documents and Settings\Dorian Daniel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
-----------------------------------------------------


résultat de CCleaner
0
Réponse 16 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 15:11
voici malwarebyte


Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1623
Windows 5.1.2600 Service Pack 3

07/01/2009 15:09:44
mbam-log-2009-01-07 (15-09-44).txt

Type de recherche: Examen rapide
Eléments examinés: 53558
Temps écoulé: 6 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 17 / 35
Utilisateur anonyme
7 janv. 2009 à 15:11
Re,

Je t'ai demander un scan complet pas rapide.

Type de recherche: Examen rapide
0
Réponse 18 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 15:16
tous les symptôme sont partis

le pc se porte beaucoup mieux

mille merci
0
Réponse 19 / 35
LordDoudou Messages postés 41 Date d'inscription mercredi 7 janvier 2009 Statut Membre Dernière intervention 11 février 2009
7 janv. 2009 à 15:16
oups, je recommence l'exam


par habitude j'ai exécuté le rapide
0
Réponse 20 / 35
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
7 janv. 2009 à 15:31
bonjour

il faut fixer la ligne à l'aide de Hijack

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system3­2\wscript.exe C:\WINDOWS\system32\antinul.vbe,
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses