Comment détruire Gen:trojan.Heur.544453

Fermé
Signaler
-
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
-
Bonjour,j'utilise bitdefender comme antivirus seulement il m'envoit des message d'alerte pour me dire que mon ordinatuer est infecté par le virus Gen:trojan.Heur.544453 ainsi que Gen:trojen.heur.23, Behaveslike:win32.ExplorerHijack, Trojan.Generic.1268856,Trojan.Generic.1300959...bitdefender ne veut pas désinfectés ces virus et je ne m'y connait pas vraiemnt en informatique, je ne sais vraiment plus quoi faire,s'il vous plait aidez moi.
aurevoir

33 réponses

Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
Télécharge le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la licence en cliquant sur le bouton "I Accept"

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

Tutoriaux (ne fixe rien pour le moment !!)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:08, on 07/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7217] command /c del "C:\Program Files\VnrBlock\xtarga.gz"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
> schewpinett
je renouvelle mon problème c'est important j'aimerais ien que l'on me dise quoi faire!
merci je vais essayer^^
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
Téléchargez SmitfraudFix et enregistrez-le sur le bureau
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

Regarde bien le tuto qui est avec


/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

En mode sans echec la suppression des fichiers présents.


process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
je n'ai pas réussis a téléchargé smitfraudfix je rééssaye mais un nouveau virus est sur mon ordinatuer trojanzlob.50795
il me dit que tous les fichier smitfraudfix que je télécharge sont infecté par le virus directement...je ne sais plus quoi faire j'ai essayé de téléchargé la version normal et toutes les version miroir de smitfraudfix et il met met toujours le même virus qui inffecte le logiciel.
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
il te dit quoi quand tu le télécharge?
enfaite j'ai réussi a le télécharger une première fois mais pendant que je le téléchargeait bitdefender m'a avertit que le logiciel a peine télécharger était infecté par un virus trojan.zlob.50795 et donc le téléchargement a échoué .j'ai tout de même essayé de le faire marché mais il ne marchait pas alors, je l'ai re-télécharger avec les version miroir ça na pas marché non plus et maintenant je ne peux plus suprimer non plus.
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
il faut que tu désactive l'antivirus le temps de télécharger smithfraud.
j'ai réussit voila le rapport
SmitFraudFix v2.392

Rapport fait à 17:10:50,64, 07/02/2009
Executé à partir de C:\Documents and Settings\user\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdmcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\user\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\user\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D5BF49A2-94F1-42BD-F434-3604812C807D}"="KJhaiufhw3nrih7wefywjfsdfd"

[HKEY_CLASSES_ROOT\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@="C:\WINDOWS\system32\jsdf768wude.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{D5BF49A2-94F1-42BD-F434-3604812C807D}\InProcServer32]
@="C:\WINDOWS\system32\jsdf768wude.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C5BF49A2-94F3-42BD-F434-3604812C897D}"="mcb7uehuj3n8weuhejsw"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SAGEM Wi-Fi 11g USB adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3B3641C2-0489-47CE-B1F6-5A81133D0051}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
> schewpinett
mais je n'ai pas compris ce qu'il fallait faire après
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496 > schewpinett
Pour smithfraud :

Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

Puis choisi l'option 2 suppression.


ensuite faire pour les fichiers hosts
Messages postés
113932
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 279 >
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019

Salut

HostsXpert et non RHosts.exe faut le faire AVANT smitfraud option 2

++

Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496 >
Messages postés
113932
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020

Télécharge HostsXpert sur ton Bureau :
http://www.funkytoad.com/download/HostsXpert.zip

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

Puis choisi l'option 2 suppression.



Puis pour Fichier hosts corrompu !


Télécharge cet outil de SiRi sur ton bureau :

RHost

Double-clique dessus pour le lancer .

-> clique sur " Restore original Hosts " et attendre un court instant ...

( ps : c'est normal que rien ne se passe ... )
ca y est j'ai réussit à tout faire^^ merci beaucoups est-ce que ça veut dire que tous les virus trojan ont disparu?
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
non non poste moi un nouvel hijackthis et le rapport après suppression de smithfraud.
désolée hier je devais partir voici le rapport Hijackthis après suppression de smithfraud
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:22:04, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdlite.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O2 - BHO: C:\WINDOWS\system32\jsdf768wude.dll - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O2 - BHO: {ca39df2f-dd77-7c79-41a4-c8cb987309ad} - {da903789-bc8c-4a14-97c7-77ddf2fd93ac} - C:\WINDOWS\system32\ahwurn.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [vaienctsjusg] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\ptxvhgoktiyu.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O22 - SharedTaskScheduler: KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\jsdf768wude.dll (file missing)
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - (no file)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log


Tutoriaux

ok je fais tout ça
voici le rapport de malwarebytes
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1654
Windows 5.1.2600 Service Pack 2

08/02/2009 17:08:55
mbam-log-2009-02-08 (17-08-36)2

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 97352
Temps écoulé: 1 hour(s), 17 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{da903789-bc8c-4a14-97c7-77ddf2fd93ac} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{125e9d24-2428-38d2-8e23-804e3275209c} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3f2579e9-ec37-3112-9bde-d2db14e95c32} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e12688ce-9384-28e3-a041-4e1a9ce14506} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98d555cc-a569-43fb-2f43-3a98ccda4b50} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{40b2127e-cc18-37d0-43ca-afa158c64001} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5abbd91b-0215-2fe1-7a7e-753f05b40cb8} (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31cdfcb9-37d6-4c1d-a31d-aa2dd56f637b} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Rapid Antivirus (Rogue.RapidAntivirus) -> No action taken.
HKEY_CLASSES_ROOT\AppID\BrowsingEnhancer.DLL (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fci (Rootkit.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vaienctsjusg (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> No action taken.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\ppcbooster (Trojan.Agent) -> No action taken.
C:\Program Files\p2pmax (Trojan.Agent) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\ahwurn.dll (Trojan.Vundo.H) -> No action taken.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108959.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108942.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108943.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108944.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108945.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108947.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108948.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108949.dll (Trojan.Clicker) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108951.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108952.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108953.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108954.dll (Trojan.TDSS) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108955.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108958.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108964.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108965.exe (Adware.BHO) -> No action taken.
C:\System Volume Information\_restore{D5E7B663-6C5D-4CE3-93E1-C43A11172900}\RP495\A0108971.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\service.exe (Adware.Mirar) -> No action taken.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> No action taken.
C:\Program Files\ppcbooster\ppcbu_32.exe (Trojan.Agent) -> No action taken.
C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\user\Application Data\DriveCleaner Free\Logs\update.log (Rogue.DriveCleaner) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\regsvr32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> No action taken.
C:\Program Files\EoRezo (Rogue.Eorezo) -> No action taken.
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
et ba avec tout ça maintenant afficher rapport et supprimer tout cela. ensuite vider la quarantaine, puis un nouvel hijackthis + ceci :

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :


/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
voici la rapport

------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

Updated by C_XX on 07/02/2009 at 14:30

Start at: 17:46:53 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: Normal
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 48

+--------------------| Boonty/Boonty Games Elements Found:

.
.

+--------------------| Eorezo Elements Found:

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\SOFTWARE\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Documents and Settings\user\Application Data\EoRezo
C:\Documents and Settings\user\Application Data\EoRezo\db
C:\Documents and Settings\user\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\user\Application Data\EoRezo\eoStats
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_classic
C:\Documents and Settings\user\Application Data\EoRezo\EoWeather\images_station_meteo

+--------------------| Infected Poker Softwares Elements Found:

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

HKCU\SOFTWARE\ItsLabel
HKU\S-1-5-21-436374069-152049171-839522115-1003\Software\ItsLabel
.
C:\Documents and Settings\user\Application Data\ItsLabel
C:\Documents and Settings\user\Application Data\ItsLabel\ItsTV

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: j2oqgv6o.default
.
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com

+-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]

Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]


+---------------------------------------------------------------------------+

[~3054 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
-

End at: 17:48:42 | 08/02/2009
.
+--------------------| E.O.F - 72 Lines
.
qu'est-ce que je fais après?
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
! Déconnectes toi et fermes toutes applications en cours !

Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

* Relances "Ad-remover" : au menu principal choisi l'option "B" .

--> le programme va travailler ...

* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\


+ un nouvel hijackthis.
voici le rapport de AD-remover

------- LOGFILE OF AD-REMOVER 1.1.0.9 | ONLY XP/VISTA -------

Updated by C_XX on 07/02/2009 at 14:30

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
FunWebProduct/MyWay/MyWebSearch
It's TV
Sweetim

******************

Start at: 18:44:21 | Dim 08/02/2009 | Microsoft® Windows XP™ SP2 (V5.1.2600)
Boot mode: MSE
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Pc: MAISON-NUAQ4LYW | User: user ( Current user is an administrator)
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 15

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

.
.

+--------------------| Eorezo Elements Deleted :

HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
.
C:\Program Files\EoRezo
C:\Documents and Settings\user\Application Data\EoRezo

+--------------------| Infected Poker Softwares Elements Deleted :

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

+--------------------| It's TV Elements Deleted :

HKCU\SOFTWARE\ItsLabel
.
C:\Documents and Settings\user\Application Data\ItsLabel

+--------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: j2oqgv6o.default
.
.
.
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/go.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com

+-[HKEY_USERS\S-1-5-21-436374069-152049171-839522115-1003\..\Internet Explorer\Main]

Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/go.microsoft.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/www.microsoft.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp:/www.microsoft.com
Default_Search_URL: hxxp:/www.microsoft.com
Search bar: hxxp:/search.msn.com
Search Page: hxxp:/www.microsoft.com
Start page: hxxp:/fr.msn.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp:/ieframe.dll

+---------------------------------------------------------------------------+

[~2749 Bytes] - "C:\Ad-Report-Clean-08.02.2009.log"
[~3189 Bytes] - "C:\Ad-Report-Scan-08.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - Prefs.js
C:\Program Files\Ad-remover\TOOLS\BACKUP\08.02.2009 - User.js

End at: 18:47:44 | 08/02/2009
.
+--------------------| E.O.F - 77 Lines
.
Et voici le rapport de Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:54:15, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\user\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
* Téléchargez et enregistrez Navilog1 sur le bureau.
* Sous XP : double-cliquez dessus pour l'installer et le lancer.
* Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
* Quand il sera installé, appuyez sur F pour Français.
* Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
* Tapez 1 pour exécuter une recherche.
* Laissez le programme travailler, il pourrait durer une dizaine de minutes.
* Un rapport va être généré dans le bloc note à la fin de l'analyse
* Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
* Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :


http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm
voila le rapport de navifix
Search Navipromo version 3.7.2 commencé le 08/02/2009 à 19:10:51,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 07.02.2009 à 10h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Normal boot

Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\user\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\user\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\user\menudm~1\progra~1" ***


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\user\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\user\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 08/02/2009 à 19:12:44,37 ***
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
voici le rapport de toolbar

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Normal boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 08/02/2009|19:59 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\user\APPLIC~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14217.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14219.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14220.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14226.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14227.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14233.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14241.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14243.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14244.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14245.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14254.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14261.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dealio-14277.log
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1040_2472_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1060_2080_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1180_2684_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1208_3012_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_3660_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1300_2904_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1312_1480_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1380_2512_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1412_4004_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_20864_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_14572_21612_16.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1668_4192_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_908_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1796_3484_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_2.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1828_2476_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1892_3460_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1964_2888_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2072_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_15.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_2396_17.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1988_3924_8.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2036_2812_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2056_3912_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2084_2236_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_212_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_208_2192_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2104_2676_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2120_972_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2128_4020_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2164_2608_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1416_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2248_2276_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2356_2376_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2368_2400_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2392_688_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2428_6120_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2436_1748_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2440_1324_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2516_2508_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2556_856_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2648_964_7.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2656_1672_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2664_2680_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2704_112_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_4004_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2720_768_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2808_2032_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2824_2820_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2836_1136_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_284_1192_4.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2852_2868_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2892_3604_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2920_3624_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2984_2980_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_1372_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3008_3012_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_2476_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3016_4060_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_1372_6.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3100_2556_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3148_3152_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3204_2536_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_320_280_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3220_1004_12.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3288_1892_5.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3324_3304_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_332_276_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_2124_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3384_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3384_3804_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3416_3420_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_2408_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3448_3184_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3488_3492_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3536_3540_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3556_3560_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3608_3612_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3616_3236_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3648_840_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3660_2660_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3700_3412_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3768_3348_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3796_2332_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_1352_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1276_54.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1352_72.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_1708_99.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_2452_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_384_3492_126.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3884_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3912_3252_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_2676_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3908_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3976_3980_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_2232_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4008_2760_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4016_3804_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_40196_39128_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4020_2768_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3792_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_384_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4060_2364_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_10916_251.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_11424_266.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_3228_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_4252_39.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6584_97.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4176_6664_188.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4268_4488_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4544_4328_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_460_444_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_22052_14.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_49944_51044_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5228_3092_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5392_3860_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_572_3312_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_600_616_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_608_2724_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6136_5884_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_63148_61464_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_664_364_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_684_880_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_692_2372_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7632_7668_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_784_3556_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_1.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_792_3924_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_868_2436_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_8704_8708_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_916_3896_3.html
C:\DOCUME~1\user\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_9816_9168_3.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\user\APPLIC~1\Search Settings
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14281.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp

-----------\\ Extensions

(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSosvd.dat




1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]

-----------\\ Fin du rapport a 20:02:33,03
qu'est-ce que je fais maintenant?
Messages postés
20851
Date d'inscription
lundi 10 décembre 2007
Statut
Contributeur sécurité
Dernière intervention
8 octobre 2019
2 496
Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.


!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

voici le rapport de toolbar

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.00GHz )
BIOS : 686O2 v2.20
USER : user ( Administrator )
BOOT : Fail-safe boot
Antivirus : BitDefender Professional Edition v7.2 7.2 (Activated)
Firewall : BitDefender Professional Edition v7.2 7.2 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 08/02/2009|23:02 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\dinstallhelper.5B2AFDE74970456CB04DEFE462F784A6.dll
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\user\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(user) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections

--------------------\\ ROOTKIT !!

Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv.sys]
Rootkit Tibs ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDSSserv.sys]

--------------------\\ Suspect ..

C:\WINDOWS\system32\TDSSosvd.dat




1 - "C:\ToolBar SD\TB_1.txt" - 08/02/2009|20:02 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 08/02/2009|23:04 - Option : [2]

-----------\\ Fin du rapport a 23:04:15,73

et le rapport de hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:08:14, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {34660E6A-59FF-4448-B20E-A4BE34DDDB50} - C:\WINDOWS\system32\byXOiFuT.dll (file missing)
O2 - BHO: (no name) - {7F0887E6-F710-4685-802F-1F01D10020DD} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: p2pmax.lnk = C:\Program Files\p2pmax\p2pmax.exe
O4 - Startup: ppcb_32.lnk = C:\Program Files\ppcbooster\ppcb_32.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: 704c5a7f509 - C:\WINDOWS\System32\dsprpres32.dll (file missing)
O20 - Winlogon Notify: UpdateNf - updatenf.dll (file missing)
O20 - Winlogon Notify: vtUopNEU - vtUopNEU.dll (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: sgSchedulerService - Unknown owner - C:\Program Files\SystemGuards.com\SystemGuards\sgScheduleService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe