Comment détruire Gen:trojan.Heur.544453

schewpinett -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,j'utilise bitdefender comme antivirus seulement il m'envoit des message d'alerte pour me dire que mon ordinatuer est infecté par le virus Gen:trojan.Heur.544453 ainsi que Gen:trojen.heur.23, Behaveslike:win32.ExplorerHijack, Trojan.Generic.1268856,Trojan.Generic.1300959...bitdefender ne veut pas désinfectés ces virus et je ne m'y connait pas vraiemnt en informatique, je ne sais vraiment plus quoi faire,s'il vous plait aidez moi.
aurevoir
Configuration: Windows XP
Firefox 3.0.5

33 réponses

  • 1
  • 2
Résumé de la discussion

Alertes BitDefender signalent plusieurs trojans et comportements suspects sur Windows XP, générant des messages d'infection et des difficultés de désinfection pour l'utilisateur peu expérimenté à domicile. Des solutions pratiques sont proposées: démarrer en mode sans échec, puis utiliser des outils tels qu'Ad-Remover, SmitfraudFix et HijackThis pour générer des rapports et orienter l'analyse. Des rapports complémentaires, notamment Malwarebytes, listent des clés et dossiers infectés ainsi que des éléments du registre, nécessitant des suppressions et un redémarrage en mode sans échec pour stabiliser le système. En cas de doute, certains éléments signalés comme process.exe ou des composants de type Trojan.BHO peuvent être des utilitaires risqués plutôt que des virus, ce qui nécessite une vérification croisée et des mesures conservatrices.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharge le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Double-clique sur HJTInstall.exe pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux (ne fixe rien pour le moment !!)
    0
    1. schewpinett
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:46:08, on 07/02/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\notepad.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
      O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
      O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
      O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
      O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
      O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
      O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
      O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\RunOnce: [SpybotDeletingB7217] command /c del "C:\Program Files\VnrBlock\xtarga.gz"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
      O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
      O4 - Global Startup: BlueSoleil.lnk = ?
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
      O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
      O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
      O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
      O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
      O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      0
      1. schewpinett > schewpinett
         
        je renouvelle mon problème c'est important j'aimerais ien que l'on me dise quoi faire!
        0
  2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Téléchargez SmitfraudFix et enregistrez-le sur le bureau
    * Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
    * Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
    * A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

    Regarde bien le tuto qui est avec

    /!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

    En mode sans echec la suppression des fichiers présents.

    process.exe
    est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm
    0
    1. schewpinett
       
      je n'ai pas réussis a téléchargé smitfraudfix je rééssaye mais un nouveau virus est sur mon ordinatuer trojanzlob.50795
      0
    2. schewpinett
       
      il me dit que tous les fichier smitfraudfix que je télécharge sont infecté par le virus directement...je ne sais plus quoi faire j'ai essayé de téléchargé la version normal et toutes les version miroir de smitfraudfix et il met met toujours le même virus qui inffecte le logiciel.
      0
  3. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    il te dit quoi quand tu le télécharge?
    0
    1. schewpinett
       
      enfaite j'ai réussi a le télécharger une première fois mais pendant que je le téléchargeait bitdefender m'a avertit que le logiciel a peine télécharger était infecté par un virus trojan.zlob.50795 et donc le téléchargement a échoué .j'ai tout de même essayé de le faire marché mais il ne marchait pas alors, je l'ai re-télécharger avec les version miroir ça na pas marché non plus et maintenant je ne peux plus suprimer non plus.
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    il faut que tu désactive l'antivirus le temps de télécharger smithfraud.
    0
    1. schewpinett
       
      j'ai réussit voila le rapport
      SmitFraudFix v2.392

      Rapport fait à 17:10:50,64, 07/02/2009
      Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\notepad.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts

      Fichier hosts corrompu !

      127.0.0.1 www.legal-at-spybot.info
      127.0.0.1 legal-at-spybot.info

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{D5BF49A2-94F1-42BD-F434-3604812C807D}"="KJhaiufhw3nrih7wefywjfsdfd"

      [HKEY_CLASSES_ROOT\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
      @="C:\WINDOWS\system32\jsdf768wude.dll"

      [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
      @="C:\WINDOWS\system32\jsdf768wude.dll"


      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"



      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: SAGEM Wi-Fi 11g USB adapter - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
      1. schewpinett > schewpinett
         
        mais je n'ai pas compris ce qu'il fallait faire après
        0
      2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503 > schewpinett
         
        Pour smithfraud :

        Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

        Puis choisi l'option 2 suppression.


        ensuite faire pour les fichiers hosts
        0
      3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280 > pimprenelle27 Messages postés 22182 Statut Contributeur sécurité
         
        Salut

        HostsXpert et non RHosts.exe faut le faire AVANT smitfraud option 2

        ++

        0
      4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503 > ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention  
         
        Télécharge HostsXpert sur ton Bureau :
        http://www.funkytoad.com/download/HostsXpert.zip

        ---> Décompresse-le (Clic droit >> Extraire ici)

        ---> Double-clique sur HostsXpert pour le lancer

        ---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

        PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
        0
  6. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    Puis choisi l'option 2 suppression.

    Puis pour Fichier hosts corrompu !

    Télécharge cet outil de SiRi sur ton bureau :

    RHost

    Double-clique dessus pour le lancer .

    -> clique sur " Restore original Hosts " et attendre un court instant ...

    ( ps : c'est normal que rien ne se passe ... )
    0
  7. schewpinett
     
    ca y est j'ai réussit à tout faire^^ merci beaucoups est-ce que ça veut dire que tous les virus trojan ont disparu?
    0
  8. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    non non poste moi un nouvel hijackthis et le rapport après suppression de smithfraud.
    0
    1. schewpinett
       
      désolée hier je devais partir voici le rapport Hijackthis après suppression de smithfraud
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:22:04, on 08/02/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
      C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
      C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
      C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
      O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
      O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
      O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
      O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
      O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
      O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
      O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
      O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
      O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
      O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
      O4 - Global Startup: BlueSoleil.lnk = ?
      O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
      O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
      O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
      O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
      O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
      O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
      O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
      O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
      O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
      O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
      O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
      O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
      0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Telecharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux

    0
    1. schewpinett
       
      ok je fais tout ça
      0
    2. schewpinett
       
      voici le rapport de malwarebytes
      Malwarebytes' Anti-Malware 1.33
      Version de la base de données: 1654
      Windows 5.1.2600 Service Pack 2

      08/02/2009 17:08:55
      mbam-log-2009-02-08 (17-08-36)2

      Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
      Eléments examinés: 97352
      Temps écoulé: 1 hour(s), 17 minute(s), 24 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 24
      Valeur(s) du Registre infectée(s): 3
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 8
      Fichier(s) infecté(s): 33

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{125e9d24-2428-38d2-8e23-804e3275209c} (Adware.BHO) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{3f2579e9-ec37-3112-9bde-d2db14e95c32} (Adware.BHO) -> No action taken.
      HKEY_CLASSES_ROOT\Interface\{e12688ce-9384-28e3-a041-4e1a9ce14506} (Adware.BHO) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{98d555cc-a569-43fb-2f43-3a98ccda4b50} (Adware.BHO) -> No action taken.
      HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5abbd91b-0215-2fe1-7a7e-753f05b40cb8} (Adware.BHO) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> No action taken.
      HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vaienctsjusg (Trojan.Agent) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
      C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
      C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\ppcbooster (Trojan.Agent) -> No action taken.
      C:\Program Files\p2pmax (Trojan.Agent) -> No action taken.
      C:\Documents and Settings\user\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
      C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> No action taken.

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\ahwurn.dll (Trojan.Vundo.H) -> No action taken.
      C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108959.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108942.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108943.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108944.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108945.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108947.dll (Trojan.Vundo) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108948.dll (Trojan.Vundo) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108949.dll (Trojan.Clicker) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108951.dll (Trojan.Vundo) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108952.dll (Trojan.TDSS) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108953.dll (Trojan.TDSS) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108954.dll (Trojan.TDSS) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108955.dll (Trojan.Vundo) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108958.exe (Trojan.Downloader) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108964.exe (Adware.BHO) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108965.exe (Adware.BHO) -> No action taken.
      C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108971.sys (Trojan.TDSS) -> No action taken.
      C:\WINDOWS\system32\service.exe (Adware.Mirar) -> No action taken.
      C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
      C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> No action taken.
      C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> No action taken.
      C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
      C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
      C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> No action taken.
      C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> No action taken.
      C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
      0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    et ba avec tout ça maintenant afficher rapport et supprimer tout cela. ensuite vider la quarantaine, puis un nouvel hijackthis + ceci :

    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0
  11. schewpinett
     
    voici la rapport

    ------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

    Updated by C_XX on 07/02/2009 at 14:30

    Start at: 17:46:53 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
    Boot mode: Normal
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
    Drive(s):
    - C:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 48

    +--------------------| Boonty/Boonty Games Elements Found:

    .
    .

    +--------------------| Eorezo Elements Found:

    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    HKLM\SOFTWARE\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKLM\SOFTWARE\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    .
    C:\Program Files\EoRezo
    C:\Program Files\EoRezo\EoAdv
    C:\Documents and Settings\user\Application Data\EoRezo
    C:\Documents and Settings\user\Application Data\EoRezo\db
    C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
    C:\Documents and Settings\user\Application Data\EoRezo\eoStats
    C:\Documents and Settings\user\Application Data\EoRezo\EoWeather
    C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images
    C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_classic
    C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_station_meteo

    +--------------------| Infected Poker Softwares Elements Found:

    .

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

    .
    .

    +--------------------| It's TV Elements Found:

    HKCU\SOFTWARE\ItsLabel
    HKU\S-1-5-21-436374069-152049171-839522115-1003\Software\ItsLabel
    .
    C:\Documents and Settings\user\Application Data\ItsLabel
    C:\Documents and Settings\user\Application Data\ItsLabel\ItsTV

    +--------------------| Sweetim Elements Found:

    .

    +--------------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.6 ----

    ProfilePath: j2oqgv6o.default
    .
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 6.0.2900.2180 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Search_URL: hxxp:/www.microsoft.com
    Search Page: hxxp:/www.microsoft.com
    Start page: hxxp:/www.microsoft.com

    +-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]

    Default_Search_URL: hxxp:/www.microsoft.com
    Search Page: hxxp:/www.microsoft.com
    Start page: hxxp:/www.microsoft.com

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp:/www.microsoft.com
    Default_Search_URL: hxxp:/www.microsoft.com
    Search Page: hxxp:/www.microsoft.com
    Start page: hxxp:/www.microsoft.com

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    +---------------------------------------------------------------------------+

    [~3054 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
    -

    End at: 17:48:42 | 08/02/2009
    .
    +--------------------| E.O.F - 72 Lines
    .
    0
    1. schewpinett
       
      qu'est-ce que je fais après?
      0
  12. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ! Déconnectes toi et fermes toutes applications en cours !

    Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    * Relances "Ad-remover" : au menu principal choisi l'option "B" .

    --> le programme va travailler ...

    * Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\

    + un nouvel hijackthis.
    0
  13. schewpinett
     
    voici le rapport de AD-remover

    ------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

    Updated by C_XX on 07/02/2009 at 14:30

    *** LIMITED TO ***

    Boonty/BoontyGames
    Eorezo
    Infected Poker Softwares
    FunWebProduct/MyWay/MyWebSearch
    It's TV
    Sweetim

    ******************

    Start at: 18:44:21 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
    Boot mode: MSE
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
    Drive(s):
    - C:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 15

    (!) ---- IE start pages/Tabs reset

    +--------------------| Boonty/Boonty Games Elements Deleted :

    .
    .

    +--------------------| Eorezo Elements Deleted :

    HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
    HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
    HKCU\SOFTWARE\EoRezo
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\SOFTWARE\EoRezo
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\user\Application Data\EoRezo

    +--------------------| Infected Poker Softwares Elements Deleted :

    .

    +--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

    .
    .

    +--------------------| It's TV Elements Deleted :

    HKCU\SOFTWARE\ItsLabel
    .
    C:\Documents and Settings\user\Application Data\ItsLabel

    +--------------------| Sweetim Elements Deleted :

    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +--------------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.6 ----

    ProfilePath: j2oqgv6o.default
    .
    .
    .
    .
    .
    .

    ---- Internet Explorer Version 6.0.2900.2180 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp:/www.microsoft.com
    Default_Search_URL: hxxp:/www.microsoft.com
    Search bar: hxxp:/go.microsoft.com
    Search Page: hxxp:/www.microsoft.com
    Start page: hxxp:/www.microsoft.com

    +-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]

    Default_Page_URL: hxxp:/www.microsoft.com
    Default_Search_URL: hxxp:/www.microsoft.com
    Search bar: hxxp:/go.microsoft.com
    Search Page: hxxp:/www.microsoft.com
    Start page: hxxp:/www.microsoft.com

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp:/www.microsoft.com
    Default_Search_URL: hxxp:/www.microsoft.com
    Search bar: hxxp:/search.msn.com
    Search Page: hxxp:/www.microsoft.com
    Start page: hxxp:/fr.msn.com

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp:/ieframe.dll

    +---------------------------------------------------------------------------+

    [~2749 Bytes] - "C:\Ad-Report-Clean-08.02.2009.log"
    [~3189 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
    -
    C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - Prefs.js
    C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - User.js

    End at: 18:47:44 | 08/02/2009
    .
    +--------------------| E.O.F - 77 Lines
    .
    0
  14. schewpinett
     
    Et voici le rapport de Hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:54:15, on 08/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
    O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
    O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
    O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
    O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
    O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  15. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    * Téléchargez et enregistrez Navilog1 sur le bureau.
    * Sous XP : double-cliquez dessus pour l'installer et le lancer.
    * Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
    * Quand il sera installé, appuyez sur F pour Français.
    * Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
    * Tapez 1 pour exécuter une recherche.
    * Laissez le programme travailler, il pourrait durer une dizaine de minutes.
    * Un rapport va être généré dans le bloc note à la fin de l'analyse
    * Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
    * Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :

    http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm
    0
  16. schewpinett
     
    voila le rapport de navifix
    Search Navipromo version 3.7.2 commencé le 08/02/2009 à 19:10:51,51

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 07.02.2009 à 10h00 par IL-MAFIOSO

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
    BIOS : 686O2 v2.20
    USER : user ( Administrator )
    BOOT : Normal boot

    Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
    Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)

    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\user\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\user\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\user\menudm~1\progra~1" ***

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\user\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***
    !! Les clés trouvées ne sont pas forcément infectées !!

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\user\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche autres dossiers et fichiers connus :

    *** Analyse terminée le 08/02/2009 à 19:12:44,37 ***
    0
  17. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    ( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.

    * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
    * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    * Choisis l'option 1 ( "recherche") et tapes "entrée" .
    * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...
    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
    0
    1. schewpinett
       
      voici le rapport de toolbar

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
      BIOS : 686O2 v2.20
      USER : user ( Administrator )
      BOOT : Normal boot
      Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
      Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
      A:\ (USB)
      C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
      D:\ (CD or DVD)
      E:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 08/02/2009|19:59 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\DOCUME~1\user\APPLIC~1\Dealio
      C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_over.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\chevron-small.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\DealioSearch.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deal_report.jpg
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_toolbar.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\global_scripts.js
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\highlight-bg.png
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo_over.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.css
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.js
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scripts.js
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scroller.js
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\separator.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings_over.gif
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\yahoo-search.png
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\index.76.35
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14217.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14219.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14220.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14226.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14227.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14233.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14241.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14243.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14244.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14245.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14254.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14261.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14277.log
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1040_2472_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1060_2080_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1180_2684_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1208_3012_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1300_2904_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1312_1480_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1380_2512_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1412_4004_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_20864_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_21612_16.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1668_4192_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_2.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1964_2888_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2072_5.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_15.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_17.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_3924_8.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2056_3912_4.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2164_2608_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2428_6120_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2436_1748_4.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2556_856_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2648_964_7.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2836_1136_4.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_284_1192_4.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2920_3624_5.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_2476_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_1372_6.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_2556_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3204_2536_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3220_1004_12.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3288_1892_5.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3448_3184_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3616_3236_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3660_2660_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3700_3412_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3768_3348_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1276_54.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1352_72.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1708_99.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_2452_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_3492_126.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_2676_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_40196_39128_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_10916_251.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_11424_266.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_3228_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_4252_39.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6584_97.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6664_188.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4268_4488_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4544_4328_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_22052_14.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_51044_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5228_3092_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5392_3860_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_608_2724_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6136_5884_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_63148_61464_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7632_7668_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_784_3556_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_1.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_868_2436_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_8704_8708_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_916_3896_3.html
      C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_9816_9168_3.html
      C:\Program Files\Dealio
      C:\Program Files\Dealio\DealioAU.exe
      C:\Program Files\Dealio\kb127
      C:\Program Files\Dealio\SearchSettingsKit.exe
      C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
      C:\Program Files\Dealio\kb127\Dealio.dll
      C:\Program Files\Dealio\kb127\DealioRes409.dll
      C:\Program Files\Dealio\kb127\res
      C:\Program Files\Dealio\kb127\resDN
      C:\Program Files\Dealio\kb127\rules
      C:\Program Files\Dealio\kb127\temp
      C:\Program Files\Dealio\kb127\res\alerts.gif
      C:\Program Files\Dealio\kb127\res\alerts_over.gif
      C:\Program Files\Dealio\kb127\res\alerts_rec.gif
      C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
      C:\Program Files\Dealio\kb127\res\chevron-small.gif
      C:\Program Files\Dealio\kb127\res\DealioSearch.html
      C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
      C:\Program Files\Dealio\kb127\res\deal_report.jpg
      C:\Program Files\Dealio\kb127\res\ebay_login.jpg
      C:\Program Files\Dealio\kb127\res\err_mainwindow.html
      C:\Program Files\Dealio\kb127\res\err_toolbar.html
      C:\Program Files\Dealio\kb127\res\global_scripts.js
      C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
      C:\Program Files\Dealio\kb127\res\highlight-bg.png
      C:\Program Files\Dealio\kb127\res\logo.gif
      C:\Program Files\Dealio\kb127\res\logo_over.gif
      C:\Program Files\Dealio\kb127\res\man_toolbar.css
      C:\Program Files\Dealio\kb127\res\man_toolbar.html
      C:\Program Files\Dealio\kb127\res\man_toolbar.js
      C:\Program Files\Dealio\kb127\res\man_toolbarl.js
      C:\Program Files\Dealio\kb127\res\post-this-deal.gif
      C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
      C:\Program Files\Dealio\kb127\res\scripts.js
      C:\Program Files\Dealio\kb127\res\scroller.js
      C:\Program Files\Dealio\kb127\res\search-chevron.gif
      C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
      C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
      C:\Program Files\Dealio\kb127\res\separator.gif
      C:\Program Files\Dealio\kb127\res\settings.gif
      C:\Program Files\Dealio\kb127\res\settings_over.gif
      C:\Program Files\Dealio\kb127\res\yahoo-search.png
      C:\Program Files\Dealio\kb127\resDN\bottom.gif
      C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
      C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
      C:\Program Files\Dealio\kb127\resDN\close.gif
      C:\Program Files\Dealio\kb127\resDN\deskbar.css
      C:\Program Files\Dealio\kb127\resDN\deskbar.js
      C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
      C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
      C:\Program Files\Dealio\kb127\resDN\logo.gif
      C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
      C:\Program Files\Dealio\kb127\resDN\losing.gif
      C:\Program Files\Dealio\kb127\resDN\lost.gif
      C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
      C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
      C:\Program Files\Dealio\kb127\resDN\menu_check.gif
      C:\Program Files\Dealio\kb127\resDN\no_image.gif
      C:\Program Files\Dealio\kb127\resDN\prod_img.gif
      C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
      C:\Program Files\Dealio\kb127\resDN\spacer.gif
      C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
      C:\Program Files\Dealio\kb127\resDN\top.gif
      C:\Program Files\Dealio\kb127\resDN\unknown.gif
      C:\Program Files\Dealio\kb127\resDN\winning.gif
      C:\Program Files\Dealio\kb127\resDN\won.gif
      C:\Program Files\Dealio\kb127\rules\index.76.35
      C:\Program Files\Dealio\kb127\rules\rules.1.10.76
      C:\Program Files\Dealio\kb127\rules\rules.1.109.43
      C:\Program Files\Dealio\kb127\rules\rules.1.110.43
      C:\Program Files\Dealio\kb127\rules\rules.1.12.52
      C:\Program Files\Dealio\kb127\rules\rules.1.13.58
      C:\Program Files\Dealio\kb127\rules\rules.1.130.58
      C:\Program Files\Dealio\kb127\rules\rules.1.135.50
      C:\Program Files\Dealio\kb127\rules\rules.1.153.44
      C:\Program Files\Dealio\kb127\rules\rules.1.155.43
      C:\Program Files\Dealio\kb127\rules\rules.1.156.49
      C:\Program Files\Dealio\kb127\rules\rules.1.16.60
      C:\Program Files\Dealio\kb127\rules\rules.1.161.52
      C:\Program Files\Dealio\kb127\rules\rules.1.178.66
      C:\Program Files\Dealio\kb127\rules\rules.1.184.55
      C:\Program Files\Dealio\kb127\rules\rules.1.188.52
      C:\Program Files\Dealio\kb127\rules\rules.1.189.45
      C:\Program Files\Dealio\kb127\rules\rules.1.196.43
      C:\Program Files\Dealio\kb127\rules\rules.1.198.56
      C:\Program Files\Dealio\kb127\rules\rules.1.199.43
      C:\Program Files\Dealio\kb127\rules\rules.1.200.53
      C:\Program Files\Dealio\kb127\rules\rules.1.201.43
      C:\Program Files\Dealio\kb127\rules\rules.1.202.43
      C:\Program Files\Dealio\kb127\rules\rules.1.203.71
      C:\Program Files\Dealio\kb127\rules\rules.1.205.62
      C:\Program Files\Dealio\kb127\rules\rules.1.213.71
      C:\Program Files\Dealio\kb127\rules\rules.1.214.49
      C:\Program Files\Dealio\kb127\rules\rules.1.215.43
      C:\Program Files\Dealio\kb127\rules\rules.1.216.67
      C:\Program Files\Dealio\kb127\rules\rules.1.217.67
      C:\Program Files\Dealio\kb127\rules\rules.1.218.52
      C:\Program Files\Dealio\kb127\rules\rules.1.219.43
      C:\Program Files\Dealio\kb127\rules\rules.1.220.43
      C:\Program Files\Dealio\kb127\rules\rules.1.221.57
      C:\Program Files\Dealio\kb127\rules\rules.1.222.43
      C:\Program Files\Dealio\kb127\rules\rules.1.223.68
      C:\Program Files\Dealio\kb127\rules\rules.1.226.68
      C:\Program Files\Dealio\kb127\rules\rules.1.227.43
      C:\Program Files\Dealio\kb127\rules\rules.1.228.62
      C:\Program Files\Dealio\kb127\rules\rules.1.229.76
      C:\Program Files\Dealio\kb127\rules\rules.1.23.63
      C:\Program Files\Dealio\kb127\rules\rules.1.239.43
      C:\Program Files\Dealio\kb127\rules\rules.1.24.43
      C:\Program Files\Dealio\kb127\rules\rules.1.240.43
      C:\Program Files\Dealio\kb127\rules\rules.1.241.43
      C:\Program Files\Dealio\kb127\rules\rules.1.242.43
      C:\Program Files\Dealio\kb127\rules\rules.1.243.43
      C:\Program Files\Dealio\kb127\rules\rules.1.244.63
      C:\Program Files\Dealio\kb127\rules\rules.1.245.43
      C:\Program Files\Dealio\kb127\rules\rules.1.247.43
      C:\Program Files\Dealio\kb127\rules\rules.1.248.43
      C:\Program Files\Dealio\kb127\rules\rules.1.249.43
      C:\Program Files\Dealio\kb127\rules\rules.1.250.43
      C:\Program Files\Dealio\kb127\rules\rules.1.251.43
      C:\Program Files\Dealio\kb127\rules\rules.1.252.43
      C:\Program Files\Dealio\kb127\rules\rules.1.253.43
      C:\Program Files\Dealio\kb127\rules\rules.1.254.43
      C:\Program Files\Dealio\kb127\rules\rules.1.255.43
      C:\Program Files\Dealio\kb127\rules\rules.1.256.43
      C:\Program Files\Dealio\kb127\rules\rules.1.257.43
      C:\Program Files\Dealio\kb127\rules\rules.1.279.43
      C:\Program Files\Dealio\kb127\rules\rules.1.28.58
      C:\Program Files\Dealio\kb127\rules\rules.1.282.75
      C:\Program Files\Dealio\kb127\rules\rules.1.283.43
      C:\Program Files\Dealio\kb127\rules\rules.1.284.43
      C:\Program Files\Dealio\kb127\rules\rules.1.289.67
      C:\Program Files\Dealio\kb127\rules\rules.1.290.62
      C:\Program Files\Dealio\kb127\rules\rules.1.291.61
      C:\Program Files\Dealio\kb127\rules\rules.1.296.43
      C:\Program Files\Dealio\kb127\rules\rules.1.297.43
      C:\Program Files\Dealio\kb127\rules\rules.1.304.43
      C:\Program Files\Dealio\kb127\rules\rules.1.307.43
      C:\Program Files\Dealio\kb127\rules\rules.1.308.75
      C:\Program Files\Dealio\kb127\rules\rules.1.31.47
      C:\Program Files\Dealio\kb127\rules\rules.1.310.46
      C:\Program Files\Dealio\kb127\rules\rules.1.311.43
      C:\Program Files\Dealio\kb127\rules\rules.1.315.43
      C:\Program Files\Dealio\kb127\rules\rules.1.316.43
      C:\Program Files\Dealio\kb127\rules\rules.1.317.43
      C:\Program Files\Dealio\kb127\rules\rules.1.318.43
      C:\Program Files\Dealio\kb127\rules\rules.1.319.49
      C:\Program Files\Dealio\kb127\rules\rules.1.32.48
      C:\Program Files\Dealio\kb127\rules\rules.1.334.44
      C:\Program Files\Dealio\kb127\rules\rules.1.335.60
      C:\Program Files\Dealio\kb127\rules\rules.1.336.44
      C:\Program Files\Dealio\kb127\rules\rules.1.337.44
      C:\Program Files\Dealio\kb127\rules\rules.1.338.75
      C:\Program Files\Dealio\kb127\rules\rules.1.339.47
      C:\Program Files\Dealio\kb127\rules\rules.1.34.43
      C:\Program Files\Dealio\kb127\rules\rules.1.340.47
      C:\Program Files\Dealio\kb127\rules\rules.1.341.47
      C:\Program Files\Dealio\kb127\rules\rules.1.349.50
      C:\Program Files\Dealio\kb127\rules\rules.1.35.48
      C:\Program Files\Dealio\kb127\rules\rules.1.350.50
      C:\Program Files\Dealio\kb127\rules\rules.1.351.51
      C:\Program Files\Dealio\kb127\rules\rules.1.352.54
      C:\Program Files\Dealio\kb127\rules\rules.1.353.51
      C:\Program Files\Dealio\kb127\rules\rules.1.354.51
      C:\Program Files\Dealio\kb127\rules\rules.1.357.62
      C:\Program Files\Dealio\kb127\rules\rules.1.358.52
      C:\Program Files\Dealio\kb127\rules\rules.1.359.52
      C:\Program Files\Dealio\kb127\rules\rules.1.360.53
      C:\Program Files\Dealio\kb127\rules\rules.1.361.54
      C:\Program Files\Dealio\kb127\rules\rules.1.362.68
      C:\Program Files\Dealio\kb127\rules\rules.1.363.58
      C:\Program Files\Dealio\kb127\rules\rules.1.364.54
      C:\Program Files\Dealio\kb127\rules\rules.1.365.53
      C:\Program Files\Dealio\kb127\rules\rules.1.367.56
      C:\Program Files\Dealio\kb127\rules\rules.1.368.58
      C:\Program Files\Dealio\kb127\rules\rules.1.369.55
      C:\Program Files\Dealio\kb127\rules\rules.1.370.56
      C:\Program Files\Dealio\kb127\rules\rules.1.371.56
      C:\Program Files\Dealio\kb127\rules\rules.1.372.57
      C:\Program Files\Dealio\kb127\rules\rules.1.373.55
      C:\Program Files\Dealio\kb127\rules\rules.1.375.56
      C:\Program Files\Dealio\kb127\rules\rules.1.376.57
      C:\Program Files\Dealio\kb127\rules\rules.1.377.55
      C:\Program Files\Dealio\kb127\rules\rules.1.378.65
      C:\Program Files\Dealio\kb127\rules\rules.1.384.58
      C:\Program Files\Dealio\kb127\rules\rules.1.386.71
      C:\Program Files\Dealio\kb127\rules\rules.1.387.59
      C:\Program Files\Dealio\kb127\rules\rules.1.388.59
      C:\Program Files\Dealio\kb127\rules\rules.1.389.59
      C:\Program Files\Dealio\kb127\rules\rules.1.390.60
      C:\Program Files\Dealio\kb127\rules\rules.1.391.60
      C:\Program Files\Dealio\kb127\rules\rules.1.392.60
      C:\Program Files\Dealio\kb127\rules\rules.1.393.60
      C:\Program Files\Dealio\kb127\rules\rules.1.394.60
      C:\Program Files\Dealio\kb127\rules\rules.1.396.61
      C:\Program Files\Dealio\kb127\rules\rules.1.397.61
      C:\Program Files\Dealio\kb127\rules\rules.1.398.60
      C:\Program Files\Dealio\kb127\rules\rules.1.399.60
      C:\Program Files\Dealio\kb127\rules\rules.1.403.61
      C:\Program Files\Dealio\kb127\rules\rules.1.404.63
      C:\Program Files\Dealio\kb127\rules\rules.1.405.61
      C:\Program Files\Dealio\kb127\rules\rules.1.406.61
      C:\Program Files\Dealio\kb127\rules\rules.1.407.76
      C:\Program Files\Dealio\kb127\rules\rules.1.408.63
      C:\Program Files\Dealio\kb127\rules\rules.1.409.61
      C:\Program Files\Dealio\kb127\rules\rules.1.412.62
      C:\Program Files\Dealio\kb127\rules\rules.1.413.62
      C:\Program Files\Dealio\kb127\rules\rules.1.414.62
      C:\Program Files\Dealio\kb127\rules\rules.1.415.62
      C:\Program Files\Dealio\kb127\rules\rules.1.416.62
      C:\Program Files\Dealio\kb127\rules\rules.1.417.62
      C:\Program Files\Dealio\kb127\rules\rules.1.418.62
      C:\Program Files\Dealio\kb127\rules\rules.1.419.62
      C:\Program Files\Dealio\kb127\rules\rules.1.420.62
      C:\Program Files\Dealio\kb127\rules\rules.1.421.62
      C:\Program Files\Dealio\kb127\rules\rules.1.423.63
      C:\Program Files\Dealio\kb127\rules\rules.1.424.63
      C:\Program Files\Dealio\kb127\rules\rules.1.425.63
      C:\Program Files\Dealio\kb127\rules\rules.1.426.63
      C:\Program Files\Dealio\kb127\rules\rules.1.427.63
      C:\Program Files\Dealio\kb127\rules\rules.1.428.65
      C:\Program Files\Dealio\kb127\rules\rules.1.429.63
      C:\Program Files\Dealio\kb127\rules\rules.1.430.63
      C:\Program Files\Dealio\kb127\rules\rules.1.432.65
      C:\Program Files\Dealio\kb127\rules\rules.1.433.64
      C:\Program Files\Dealio\kb127\rules\rules.1.434.65
      C:\Program Files\Dealio\kb127\rules\rules.1.435.64
      C:\Program Files\Dealio\kb127\rules\rules.1.436.76
      C:\Program Files\Dealio\kb127\rules\rules.1.437.64
      C:\Program Files\Dealio\kb127\rules\rules.1.438.71
      C:\Program Files\Dealio\kb127\rules\rules.1.439.71
      C:\Program Files\Dealio\kb127\rules\rules.1.440.75
      C:\Program Files\Dealio\kb127\rules\rules.1.442.73
      C:\Program Files\Dealio\kb127\rules\rules.1.443.73
      C:\Program Files\Dealio\kb127\rules\rules.1.444.73
      C:\Program Files\Dealio\kb127\rules\rules.1.445.68
      C:\Program Files\Dealio\kb127\rules\rules.1.446.69
      C:\Program Files\Dealio\kb127\rules\rules.1.450.67
      C:\Program Files\Dealio\kb127\rules\rules.1.451.67
      C:\Program Files\Dealio\kb127\rules\rules.1.452.68
      C:\Program Files\Dealio\kb127\rules\rules.1.453.68
      C:\Program Files\Dealio\kb127\rules\rules.1.454.69
      C:\Program Files\Dealio\kb127\rules\rules.1.456.69
      C:\Program Files\Dealio\kb127\rules\rules.1.457.75
      C:\Program Files\Dealio\kb127\rules\rules.1.458.70
      C:\Program Files\Dealio\kb127\rules\rules.1.459.70
      C:\Program Files\Dealio\kb127\rules\rules.1.460.69
      C:\Program Files\Dealio\kb127\rules\rules.1.462.74
      C:\Program Files\Dealio\kb127\rules\rules.1.463.69
      C:\Program Files\Dealio\kb127\rules\rules.1.464.70
      C:\Program Files\Dealio\kb127\rules\rules.1.465.68
      C:\Program Files\Dealio\kb127\rules\rules.1.468.70
      C:\Program Files\Dealio\kb127\rules\rules.1.469.70
      C:\Program Files\Dealio\kb127\rules\rules.1.470.70
      C:\Program Files\Dealio\kb127\rules\rules.1.471.73
      C:\Program Files\Dealio\kb127\rules\rules.1.472.70
      C:\Program Files\Dealio\kb127\rules\rules.1.478.74
      C:\Program Files\Dealio\kb127\rules\rules.1.479.73
      C:\Program Files\Dealio\kb127\rules\rules.1.480.68
      C:\Program Files\Dealio\kb127\rules\rules.1.481.71
      C:\Program Files\Dealio\kb127\rules\rules.1.482.74
      C:\Program Files\Dealio\kb127\rules\rules.1.49.67
      C:\Program Files\Dealio\kb127\rules\rules.1.50.43
      C:\Program Files\Dealio\kb127\rules\rules.1.500.71
      C:\Program Files\Dealio\kb127\rules\rules.1.501.74
      C:\Program Files\Dealio\kb127\rules\rules.1.502.71
      C:\Program Files\Dealio\kb127\rules\rules.1.51.69
      C:\Program Files\Dealio\kb127\rules\rules.1.52.72
      C:\Program Files\Dealio\kb127\rules\rules.1.520.76
      C:\Program Files\Dealio\kb127\rules\rules.1.521.76
      C:\Program Files\Dealio\kb127\rules\rules.1.522.76
      C:\Program Files\Dealio\kb127\rules\rules.1.53.51
      C:\Program Files\Dealio\kb127\rules\rules.1.531.76
      C:\Program Files\Dealio\kb127\rules\rules.1.532.75
      C:\Program Files\Dealio\kb127\rules\rules.1.534.75
      C:\Program Files\Dealio\kb127\rules\rules.1.54.47
      C:\Program Files\Dealio\kb127\rules\rules.1.55.45
      C:\Program Files\Dealio\kb127\rules\rules.1.56.69
      C:\Program Files\Dealio\kb127\rules\rules.1.57.43
      C:\Program Files\Dealio\kb127\rules\rules.1.58.47
      C:\Program Files\Dealio\kb127\rules\rules.1.593.76
      C:\Program Files\Dealio\kb127\rules\rules.1.595.76
      C:\Program Files\Dealio\kb127\rules\rules.1.63.57
      C:\Program Files\Dealio\kb127\rules\rules.1.66.47
      C:\Program Files\Dealio\kb127\rules\rules.1.70.75
      C:\Program Files\Dealio\kb127\rules\rules.1.71.43
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
      C:\DOCUME~1\user\APPLIC~1\Search Settings
      C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
      C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\res
      C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp
      C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14281.log
      C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
      C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
      C:\Program Files\Search Settings
      C:\Program Files\Search Settings\kb127
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\Program Files\Search Settings\kb127\res
      C:\Program Files\Search Settings\kb127\SearchSettings.dll
      C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
      C:\Program Files\Search Settings\kb127\temp

      -----------\\ Extensions

      (user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Local Page"="C:\\windows\\system32\\blank.htm"
      "Start Page"="https://www.msn.com/fr-fr"
      "Search bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections

      --------------------\\ ROOTKIT !!

      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
      Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

      --------------------\\ Suspect ..

      C:\WINDOWS\system32\TDSSosvd.dat




      1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]

      -----------\\ Fin du rapport a 20:02:33,03
      0
  18. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    Relances Toolbar-S&D en double-cliquant sur le raccourci.
    -->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

    Note : ne touches à rien lors de la suppression !

    Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
    accompagné d'un nouveau rapport hijackthis pour analyse ...

    0
  19. schewpinett
     
    voici le rapport de toolbar

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
    BIOS : 686O2 v2.20
    USER : user ( Administrator )
    BOOT : Fail-safe boot
    Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
    Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 08/02/2009|23:02 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
    Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\DealioAU.exe
    Supprime! - C:\Program Files\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio
    Supprime! - C:\Program Files\Dealio
    Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search bar"="http://www.bing.com/spresults.aspx"

    --------------------\\ Recherche d'autres infections

    --------------------\\ ROOTKIT !!

    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
    Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

    --------------------\\ Suspect ..

    C:\WINDOWS\system32\TDSSosvd.dat

    1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 08/02/2009|23:04 - Option : [2]

    -----------\\ Fin du rapport a 23:04:15,73

    et le rapport de hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:08:14, on 08/02/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
    C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
    O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
    O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
    O4 - Global Startup: BlueSoleil.lnk = ?
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
    O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
    O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  • 1
  • 2