Comment détruire Gen:trojan.Heur.544453
Fermé
schewpinett
-
7 févr. 2009 à 13:52
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 - 12 févr. 2009 à 15:56
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 - 12 févr. 2009 à 15:56
A voir également:
- Comment détruire Gen:trojan.Heur.544453
- Tamagotchi gen 1 vs gen 2 ✓ - Forum Jeux vidéo
- Tamagotchi gen 2 soucoupe volante - Forum Jeux vidéo
- Évolution tamagotchi gen 1 - Forum Jeux vidéo
- Evo-gen virus huawei - Forum Huawei
- Xiaomi tv box s 2nd gen test - Guide
33 réponses
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
7 févr. 2009 à 14:28
7 févr. 2009 à 14:28
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Enregistre HJTInstall.exe sur ton bureau.
Double-clique sur HJTInstall.exe pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
7 févr. 2009 à 16:39
7 févr. 2009 à 16:39
Téléchargez SmitfraudFix et enregistrez-le sur le bureau
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.
Regarde bien le tuto qui est avec
/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.
En mode sans echec la suppression des fichiers présents.
process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.
Regarde bien le tuto qui est avec
/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.
En mode sans echec la suppression des fichiers présents.
process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
7 févr. 2009 à 16:53
7 févr. 2009 à 16:53
il te dit quoi quand tu le télécharge?
enfaite j'ai réussi a le télécharger une première fois mais pendant que je le téléchargeait bitdefender m'a avertit que le logiciel a peine télécharger était infecté par un virus trojan.zlob.50795 et donc le téléchargement a échoué .j'ai tout de même essayé de le faire marché mais il ne marchait pas alors, je l'ai re-télécharger avec les version miroir ça na pas marché non plus et maintenant je ne peux plus suprimer non plus.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
7 févr. 2009 à 17:08
7 févr. 2009 à 17:08
il faut que tu désactive l'antivirus le temps de télécharger smithfraud.
j'ai réussit voila le rapport
SmitFraudFix v2.392
Rapport fait à 17:10:50,64, 07/02/2009
Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D5BF49A2-94F1-42BD-F434-3604812C807D}"="KJhaiufhw3nrih7wefywjfsdfd"
[HKEY_CLASSES_ROOT\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@="C:\WINDOWS\system32\jsdf768wude.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@="C:\WINDOWS\system32\jsdf768wude.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SAGEM Wi-Fi 11g USB adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.392
Rapport fait à 17:10:50,64, 07/02/2009
Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D5BF49A2-94F1-42BD-F434-3604812C807D}"="KJhaiufhw3nrih7wefywjfsdfd"
[HKEY_CLASSES_ROOT\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@="C:\WINDOWS\system32\jsdf768wude.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@="C:\WINDOWS\system32\jsdf768wude.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SAGEM Wi-Fi 11g USB adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
>
schewpinett
7 févr. 2009 à 17:24
7 févr. 2009 à 17:24
Pour smithfraud :
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
Puis choisi l'option 2 suppression.
ensuite faire pour les fichiers hosts
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
Puis choisi l'option 2 suppression.
ensuite faire pour les fichiers hosts
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 274
>
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
7 févr. 2009 à 17:38
7 févr. 2009 à 17:38
Salut
HostsXpert et non RHosts.exe faut le faire AVANT smitfraud option 2
++
HostsXpert et non RHosts.exe faut le faire AVANT smitfraud option 2
++
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
>
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
7 févr. 2009 à 17:47
7 févr. 2009 à 17:47
Télécharge HostsXpert sur ton Bureau :
http://www.funkytoad.com/download/HostsXpert.zip
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
http://www.funkytoad.com/download/HostsXpert.zip
---> Décompresse-le (Clic droit >> Extraire ici)
---> Double-clique sur HostsXpert pour le lancer
---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme
PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
7 févr. 2009 à 17:18
7 févr. 2009 à 17:18
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
Puis choisi l'option 2 suppression.
Puis pour Fichier hosts corrompu !
Télécharge cet outil de SiRi sur ton bureau :
RHost
Double-clique dessus pour le lancer .
-> clique sur " Restore original Hosts " et attendre un court instant ...
( ps : c'est normal que rien ne se passe ... )
Puis choisi l'option 2 suppression.
Puis pour Fichier hosts corrompu !
Télécharge cet outil de SiRi sur ton bureau :
RHost
Double-clique dessus pour le lancer .
-> clique sur " Restore original Hosts " et attendre un court instant ...
( ps : c'est normal que rien ne se passe ... )
ca y est j'ai réussit à tout faire^^ merci beaucoups est-ce que ça veut dire que tous les virus trojan ont disparu?
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
7 févr. 2009 à 18:12
7 févr. 2009 à 18:12
non non poste moi un nouvel hijackthis et le rapport après suppression de smithfraud.
désolée hier je devais partir voici le rapport Hijackthis après suppression de smithfraud
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:04, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:04, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
8 févr. 2009 à 15:12
8 févr. 2009 à 15:12
Telecharge malwarebytes
NB : S'il te manque COMCTL32.OCX alors télécharge le ici
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Tutoriaux
NB : S'il te manque COMCTL32.OCX alors télécharge le ici
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
Tutoriaux
voici le rapport de malwarebytes
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
08/02/2009 17:08:55
mbam-log-2009-02-08 (17-08-36)2
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 97352
Temps écoulé: 1 hour(s), 17 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{125e9d24-2428-38d2-8e23-804e3275209c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f2579e9-ec37-3112-9bde-d2db14e95c32} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e12688ce-9384-28e3-a041-4e1a9ce14506} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98d555cc-a569-43fb-2f43-3a98ccda4b50} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5abbd91b-0215-2fe1-7a7e-753f05b40cb8} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vaienctsjusg (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\ppcbooster (Trojan.Agent) -> No action taken.
C:\Program Files\p2pmax (Trojan.Agent) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ahwurn.dll (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108959.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108942.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108943.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108944.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108945.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108947.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108948.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108949.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108951.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108952.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108953.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108954.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108955.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108958.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108964.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108965.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108971.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\service.exe (Adware.Mirar) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> No action taken.
C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> No action taken.
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2
08/02/2009 17:08:55
mbam-log-2009-02-08 (17-08-36)2
Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 97352
Temps écoulé: 1 hour(s), 17 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{125e9d24-2428-38d2-8e23-804e3275209c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f2579e9-ec37-3112-9bde-d2db14e95c32} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e12688ce-9384-28e3-a041-4e1a9ce14506} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98d555cc-a569-43fb-2f43-3a98ccda4b50} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5abbd91b-0215-2fe1-7a7e-753f05b40cb8} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vaienctsjusg (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\ppcbooster (Trojan.Agent) -> No action taken.
C:\Program Files\p2pmax (Trojan.Agent) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ahwurn.dll (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108959.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108942.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108943.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108944.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108945.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108947.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108948.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108949.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108951.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108952.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108953.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108954.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108955.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108958.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108964.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108965.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108971.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\service.exe (Adware.Mirar) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> No action taken.
C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> No action taken.
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
8 févr. 2009 à 17:36
8 févr. 2009 à 17:36
et ba avec tout ça maintenant afficher rapport et supprimer tout cela. ensuite vider la quarantaine, puis un nouvel hijackthis + ceci :
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
voici la rapport
------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------
Updated by C_XX on 07/02/2009 at 14:30
Start at: 17:46:53 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 48
+--------------------| Boonty/Boonty Games Elements Found:
.
.
+--------------------| Eorezo Elements Found:
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\SOFTWARE\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Documents and Settings\user\Application Data\EoRezo
C:\Documents and Settings\user\Application Data\EoRezo\db
C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\user\Application Data\EoRezo\eoStats
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_classic
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_station_meteo
+--------------------| Infected Poker Softwares Elements Found:
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:
.
.
+--------------------| It's TV Elements Found:
HKCU\SOFTWARE\ItsLabel
HKU\S-1-5-21-436374069-152049171-839522115-1003\Software\ItsLabel
.
C:\Documents and Settings\user\Application Data\ItsLabel
C:\Documents and Settings\user\Application Data\ItsLabel\ItsTV
+--------------------| Sweetim Elements Found:
.
+--------------------| Added Scan:
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: j2oqgv6o.default
.
.
.
.
.
.
---- Internet Explorer Version 6.0.2900.2180 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
+---------------------------------------------------------------------------+
[~3054 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
-
End at: 17:48:42 | 08/02/2009
.
+--------------------| E.O.F - 72 Lines
.
------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------
Updated by C_XX on 07/02/2009 at 14:30
Start at: 17:46:53 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 48
+--------------------| Boonty/Boonty Games Elements Found:
.
.
+--------------------| Eorezo Elements Found:
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\SOFTWARE\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Documents and Settings\user\Application Data\EoRezo
C:\Documents and Settings\user\Application Data\EoRezo\db
C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\user\Application Data\EoRezo\eoStats
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_classic
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_station_meteo
+--------------------| Infected Poker Softwares Elements Found:
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:
.
.
+--------------------| It's TV Elements Found:
HKCU\SOFTWARE\ItsLabel
HKU\S-1-5-21-436374069-152049171-839522115-1003\Software\ItsLabel
.
C:\Documents and Settings\user\Application Data\ItsLabel
C:\Documents and Settings\user\Application Data\ItsLabel\ItsTV
+--------------------| Sweetim Elements Found:
.
+--------------------| Added Scan:
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: j2oqgv6o.default
.
.
.
.
.
.
---- Internet Explorer Version 6.0.2900.2180 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
+---------------------------------------------------------------------------+
[~3054 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
-
End at: 17:48:42 | 08/02/2009
.
+--------------------| E.O.F - 72 Lines
.
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
8 févr. 2009 à 18:36
8 févr. 2009 à 18:36
! Déconnectes toi et fermes toutes applications en cours !
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
+ un nouvel hijackthis.
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
+ un nouvel hijackthis.
voici le rapport de AD-remover
------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------
Updated by C_XX on 07/02/2009 at 14:30
*** LIMITED TO ***
Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim
******************
Start at: 18:44:21 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: MSE
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 15
(!) ---- IE start pages/Tabs reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
.
C:\Program Files\EoRezo
C:\Documents and Settings\user\Application Data\EoRezo
+--------------------| Infected Poker Softwares Elements Deleted :
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\user\Application Data\ItsLabel
+--------------------| Sweetim Elements Deleted :
.
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| Added Scan :
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: j2oqgv6o.default
.
.
.
.
.
.
---- Internet Explorer Version 6.0.2900.2180 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/go.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/go.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/search.msn.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/fr.msn.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp:/ieframe.dll
+---------------------------------------------------------------------------+
[~2749 Bytes] - "C:\Ad-Report-Clean-08.02.2009.log"
[~3189 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - Prefs.js
C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - User.js
End at: 18:47:44 | 08/02/2009
.
+--------------------| E.O.F - 77 Lines
.
------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------
Updated by C_XX on 07/02/2009 at 14:30
*** LIMITED TO ***
Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim
******************
Start at: 18:44:21 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: MSE
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 15
(!) ---- IE start pages/Tabs reset
+--------------------| Boonty/Boonty Games Elements Deleted :
.
.
+--------------------| Eorezo Elements Deleted :
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
.
C:\Program Files\EoRezo
C:\Documents and Settings\user\Application Data\EoRezo
+--------------------| Infected Poker Softwares Elements Deleted :
.
+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :
.
.
+--------------------| It's TV Elements Deleted :
HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\user\Application Data\ItsLabel
+--------------------| Sweetim Elements Deleted :
.
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
+--------------------| Added Scan :
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: j2oqgv6o.default
.
.
.
.
.
.
---- Internet Explorer Version 6.0.2900.2180 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/go.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/go.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/search.msn.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/fr.msn.com
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp:/ieframe.dll
+---------------------------------------------------------------------------+
[~2749 Bytes] - "C:\Ad-Report-Clean-08.02.2009.log"
[~3189 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - Prefs.js
C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - User.js
End at: 18:47:44 | 08/02/2009
.
+--------------------| E.O.F - 77 Lines
.
Et voici le rapport de Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:15, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:15, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
8 févr. 2009 à 19:02
8 févr. 2009 à 19:02
* Téléchargez et enregistrez Navilog1 sur le bureau.
* Sous XP : double-cliquez dessus pour l'installer et le lancer.
* Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
* Quand il sera installé, appuyez sur F pour Français.
* Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
* Tapez 1 pour exécuter une recherche.
* Laissez le programme travailler, il pourrait durer une dizaine de minutes.
* Un rapport va être généré dans le bloc note à la fin de l'analyse
* Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
* Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :
http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm
* Sous XP : double-cliquez dessus pour l'installer et le lancer.
* Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
* Quand il sera installé, appuyez sur F pour Français.
* Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
* Tapez 1 pour exécuter une recherche.
* Laissez le programme travailler, il pourrait durer une dizaine de minutes.
* Un rapport va être généré dans le bloc note à la fin de l'analyse
* Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
* Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :
http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm
voila le rapport de navifix
Search Navipromo version 3.7.2 commencé le 08/02/2009 à 19:10:51,51
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 07.02.2009 à 10h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\user\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\user\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\user\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\user\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\user\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 08/02/2009 à 19:12:44,37 ***
Search Navipromo version 3.7.2 commencé le 08/02/2009 à 19:10:51,51
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 07.02.2009 à 10h00 par IL-MAFIOSO
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\user\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\user\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\user\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\user\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\user\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 08/02/2009 à 19:12:44,37 ***
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
8 févr. 2009 à 19:50
8 févr. 2009 à 19:50
Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
voici le rapport de toolbar
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 08/02/2009|19:59 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\user\APPLIC~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14217.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14219.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14220.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14226.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14227.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14233.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14241.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14243.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14244.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14245.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14254.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14261.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14277.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1040_2472_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1060_2080_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1180_2684_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1208_3012_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1300_2904_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1312_1480_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1380_2512_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1412_4004_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_20864_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_21612_16.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1668_4192_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_2.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1964_2888_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2072_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_15.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_17.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_3924_8.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2056_3912_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2164_2608_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2428_6120_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2436_1748_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2556_856_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2648_964_7.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2836_1136_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_284_1192_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2920_3624_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_2476_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_1372_6.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_2556_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3204_2536_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3220_1004_12.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3288_1892_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3448_3184_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3616_3236_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3660_2660_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3700_3412_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3768_3348_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1276_54.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1352_72.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1708_99.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_2452_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_3492_126.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_2676_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_40196_39128_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_10916_251.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_11424_266.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_3228_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_4252_39.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6584_97.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6664_188.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4268_4488_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4544_4328_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_22052_14.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_51044_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5228_3092_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5392_3860_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_608_2724_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6136_5884_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_63148_61464_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7632_7668_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_784_3556_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_868_2436_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_8704_8708_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_916_3896_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_9816_9168_3.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Search Settings
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14281.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
--------------------\\ Suspect ..
C:\WINDOWS\system32\TDSSosvd.dat
1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]
-----------\\ Fin du rapport a 20:02:33,03
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 08/02/2009|19:59 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\user\APPLIC~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14217.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14219.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14220.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14226.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14227.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14233.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14241.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14243.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14244.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14245.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14254.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14261.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14277.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1040_2472_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1060_2080_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1180_2684_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1208_3012_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1300_2904_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1312_1480_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1380_2512_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1412_4004_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_20864_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_21612_16.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1668_4192_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_2.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1964_2888_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2072_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_15.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_17.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_3924_8.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2056_3912_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2164_2608_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2428_6120_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2436_1748_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2556_856_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2648_964_7.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2836_1136_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_284_1192_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2920_3624_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_2476_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_1372_6.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_2556_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3204_2536_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3220_1004_12.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3288_1892_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3448_3184_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3616_3236_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3660_2660_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3700_3412_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3768_3348_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1276_54.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1352_72.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1708_99.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_2452_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_3492_126.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_2676_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_40196_39128_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_10916_251.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_11424_266.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_3228_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_4252_39.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6584_97.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6664_188.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4268_4488_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4544_4328_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_22052_14.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_51044_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5228_3092_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5392_3860_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_608_2724_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6136_5884_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_63148_61464_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7632_7668_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_784_3556_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_868_2436_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_8704_8708_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_916_3896_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_9816_9168_3.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Search Settings
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14281.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
--------------------\\ Suspect ..
C:\WINDOWS\system32\TDSSosvd.dat
1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]
-----------\\ Fin du rapport a 20:02:33,03
pimprenelle27
Messages postés
20857
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 502
8 févr. 2009 à 21:55
8 févr. 2009 à 21:55
Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
voici le rapport de toolbar
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Fail-safe boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 08/02/2009|23:02 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
--------------------\\ Suspect ..
C:\WINDOWS\system32\TDSSosvd.dat
1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/02/2009|23:04 - Option : [2]
-----------\\ Fin du rapport a 23:04:15,73
et le rapport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:14, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Fail-safe boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 08/02/2009|23:02 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
--------------------\\ ROOTKIT !!
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]
--------------------\\ Suspect ..
C:\WINDOWS\system32\TDSSosvd.dat
1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/02/2009|23:04 - Option : [2]
-----------\\ Fin du rapport a 23:04:15,73
et le rapport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:14, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
7 févr. 2009 à 15:47
Scan saved at 15:46:08, on 07/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7217] command /c del "C:\Program Files\VnrBlock\xtarga.gz"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
7 févr. 2009 à 16:46