Sujet Précédent Sujet Suivant

System Security

Résolu/Fermé
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009 - 14 févr. 2009 à 13:25
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 24 févr. 2009 à 16:07
Bonjour,

pas plus tard qu'avant hier, tout allait bien: j'étais protégée par l'antivirus Avast, puis j'ai été sur un site et, après avoir voulu téléchargé (fichier exécutable) une vidéo, me suis retrouvé avec des tas de fenêtres me disant d'acheter tel ou tel antivirus, de plus mon ordi s'affolait et m'affichait sans cesse "problème de sécurité" avec une petite croix rouge dans la barre des tâches! Ne savant plus quoi faire, j'ai finallement acheté la version complète de System Security qui se proposait. Puis, tout allait bien, il me faisait des scans réguliers, jusqu'à ce matin où il ne démarre plus de scan, et dès que je clique sur l'icône du bureau, il me sort une petite fenêtre avec écrit:

Exception EIncorrectUDB in module 1767467305.exe at 000AB335.
The file is not a database.

Quelqu'un a-t'il une idée de ce que je dois faire? Parce que celà me semble bizarre sur une version complète et payante! Grand merci par avance à vous tous!

M.

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
21 févr. 2009 à 10:01
Re,


• Rends toi sur le site https://www.virustotal.com/gui/
• Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : c:\windows\system32\A644747463.sys
• Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.
• Fais un copier/coller du rapport sur le forum.

Si tu ne trouves pas le fichier, fais ceci :
• Menu Démarrer --> Panneau de configuration --> Options des dossiers --> Affichage
• Coche "Afficher les fichiers et dossiers cachés", décoche "Masquer les extensions de fichiers connus", décoche "Masquer les fichiers protégés du Système", puis valide.
• Tu pourras à nouveau masquer les fichiers cachés une fois la manipulation terminée, si tu le souhaites.


0
Réponse 22 / 28
mijanou05
22 févr. 2009 à 13:11
Voici le rapport:

Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.93 2009.02.22 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.21 -
Authentium 5.1.0.4 2009.02.21 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.21 -
BitDefender 7.2 2009.02.22 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.22 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.21 -
F-Secure 8.0.14470.0 2009.02.22 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.22 -
Ikarus T3.1.1.45.0 2009.02.22 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.22 -
McAfee 5532 2009.02.21 -
McAfee+Artemis 5532 2009.02.21 -
Microsoft 1.4306 2009.02.22 -
NOD32 3877 2009.02.22 -
Norman 6.00.06 None.. -
nProtect 2009.1.8.0 2009.02.22 -
Panda 10.0.0.10 2009.02.21 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.22 -
Rising 21.17.62.00 2009.02.22 -
SecureWeb-Gateway 6.7.6 2009.02.22 -
Sophos 4.39.0 2009.02.22 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.22 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.21 -
Information additionnelle
File size: 88 bytes
MD5...: 92c0cc2b7033b321dace81350189458c
SHA1..: 4940c038adee728761feaf8f162e501409818e6a
SHA256: 433a9c1bbd6c96c6db13d59e318358b59e658aa2d629a3b2748dc55c1f312432
SHA512: 19b9b000a86d03f6400a7938498071a6f9615084bc9bf8f00da33d5f5c5c5802
4b188a526f967955edc8a397f0a8804ae0fe1dc0d959f1f54cc5a13358ef354a
ssdeep: 3:hl/JgMlll/in:K2E

PEiD..: -
TrID..: File type identification
MS Flight Simulator Aircraft Performance Info (100.0%)
PEInfo: -
0
Réponse 23 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
23 févr. 2009 à 18:01
Re,


/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour mijanou05, il n'est pas transposable sur un autre ordinateur !


Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\documents and settings\All Users\Application Data\123478687123.dat
c:\docume~1\Marjorie\LOCALS~1\Temp\~DF9504.tmp
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

Folder::
c:\windows\system32\config\systemprofile\Application Data\Search Settings
c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\documents and settings\All Users\Application Data\1960183940

------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt


0
Réponse 24 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
23 févr. 2009 à 19:27
J'ai suivi ça à la lettre. Voici le rapport:

ComboFix 09-02-19.01 - Marjorie 2009-02-23 18:39:56.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.503.148 [GMT 1:00]
Lancé depuis: c:\documents and settings\Marjorie\Bureau\C-Fix.exe
Commutateurs utilisés :: c:\documents and settings\Marjorie\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\docume~1\Marjorie\LOCALS~1\Temp\~DF9504.tmp
c:\documents and settings\All Users\Application Data\123478687123.dat
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\123478687123.dat
c:\documents and settings\All Users\Application Data\1960183940
c:\documents and settings\All Users\Application Data\1960183940\config.udb
c:\documents and settings\All Users\Application Data\1960183940\init.udb
c:\documents and settings\All Users\Application Data\1960183940\Langs.udb
c:\windows\system32\config\systemprofile\Application Data\Dealio
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_rec.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\alerts_rec_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\chevron-small.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\deal_report.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\DealioSearch.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\deals-leftcap.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\ebay_login.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\err_mainwindow.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\err_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\global_scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\headerbgthin.jpg
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\highlight-bg.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\logo.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\logo_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.css
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbar.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\man_toolbarl.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\post-this-deal.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\post-this-deal_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\scripts.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\scroller.js
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search-chevron.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search-chevron_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\search_bg_blink.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\separator.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\settings.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\settings_over.gif
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\res\yahoo-search.png
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\index.76.35
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.10.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.109.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.110.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.12.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.13.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.130.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.135.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.153.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.155.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.156.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.16.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.161.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.178.66
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.184.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.188.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.189.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.196.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.198.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.199.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.200.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.201.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.202.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.203.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.205.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.213.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.214.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.215.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.216.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.217.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.218.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.219.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.220.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.221.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.222.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.223.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.226.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.227.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.228.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.229.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.23.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.239.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.24.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.240.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.241.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.242.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.243.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.244.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.245.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.247.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.248.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.249.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.250.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.251.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.252.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.253.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.254.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.255.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.256.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.257.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.279.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.28.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.282.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.283.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.284.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.289.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.290.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.291.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.296.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.297.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.304.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.307.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.308.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.31.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.310.46
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.311.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.315.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.316.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.317.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.318.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.319.49
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.32.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.334.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.335.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.336.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.337.44
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.338.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.339.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.34.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.340.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.341.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.349.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.35.48
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.350.50
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.351.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.352.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.353.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.354.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.357.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.358.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.359.52
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.360.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.361.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.362.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.363.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.364.54
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.365.53
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.367.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.368.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.369.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.370.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.371.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.372.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.373.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.375.56
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.376.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.377.55
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.378.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.384.58
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.386.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.387.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.388.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.389.59
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.390.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.391.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.392.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.393.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.394.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.396.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.397.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.398.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.399.60
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.403.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.404.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.405.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.406.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.407.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.408.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.409.61
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.412.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.413.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.414.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.415.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.416.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.417.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.418.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.419.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.420.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.421.62
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.423.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.424.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.425.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.426.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.427.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.428.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.429.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.430.63
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.432.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.433.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.434.65
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.435.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.436.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.437.64
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.438.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.439.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.440.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.442.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.443.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.444.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.445.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.446.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.450.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.451.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.452.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.453.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.454.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.456.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.457.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.458.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.459.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.460.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.462.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.463.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.464.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.465.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.468.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.469.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.470.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.471.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.472.70
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.478.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.479.73
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.480.68
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.481.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.482.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.49.67
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.50.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.500.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.501.74
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.502.71
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.51.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.52.72
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.520.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.521.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.522.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.53.51
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.531.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.532.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.534.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.54.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.55.45
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.56.69
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.57.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.58.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.593.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.595.76
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.63.57
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.66.47
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.70.75
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\rules\rules.1.71.43
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_10308_10356_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_10444_12968_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_10696_10728_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_10716_10876_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_10920_10944_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_10976_11248_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_11256_10248_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_11372_11412_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_11628_11696_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_11720_18452_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1176_1332_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1176_756_6.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_11772_11796_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_11980_4792_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1204_2844_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_12092_12172_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_12100_12124_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_12316_12344_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1248_5696_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_12580_12616_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_12812_12836_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13052_12964_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13060_13736_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13088_13176_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13120_13144_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1328_2868_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13396_13420_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13692_13716_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1384_2944_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13888_18916_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_13916_13940_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_14168_14192_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_14228_10576_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_14468_9160_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_14508_14532_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_14796_14824_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_15100_15128_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_15300_15328_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_15532_15556_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_15724_15264_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_15788_16884_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_15788_18992_6.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_16008_16040_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_16132_16156_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_16464_16488_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_16524_10384_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_16592_16752_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1660_3848_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_16852_16876_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_17120_15036_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_17200_17232_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_17504_17528_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_17552_17660_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_17796_17824_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_180_2244_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_18092_18116_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_184_2436_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_18408_9892_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_18472_19676_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1860_3144_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_18696_12736_6.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_18696_16908_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_18716_18740_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_19136_19200_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_19240_19264_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_1948_4108_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_19820_19852_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2136_2848_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2168_4016_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2172_3352_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2200_2704_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2204_844_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2308_3160_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2308_904_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_232_3320_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2432_1700_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2584_1560_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2620_2884_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2656_2424_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_2716_1496_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3024_3884_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3104_1392_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3116_2612_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3156_1544_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3264_2392_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_340_3072_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3400_172_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3508_1496_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3696_3716_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3728_2352_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3828_168_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_3888_3708_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_400_2032_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_400_2064_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4032_1032_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4052_3936_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_408_1120_9.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_408_464_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4116_4140_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4256_4284_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4364_456_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4400_4424_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4480_4504_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4484_4544_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4524_4552_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4728_4908_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4752_5936_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4768_5568_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4816_4840_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4832_4860_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4952_4976_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_4952_6632_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5004_5036_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5080_5104_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5140_4972_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5188_5212_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5248_5264_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5276_5300_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5300_5600_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5384_5416_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5484_5508_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5572_5484_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5636_5504_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5648_5456_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5728_5756_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5772_5796_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_5960_5988_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6028_6052_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6204_4332_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6248_448_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6288_6312_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6320_6372_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6532_6560_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_660_2572_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6632_6656_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6704_6680_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6752_6776_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_6868_6900_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7008_7416_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7020_7044_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7032_7088_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7232_7256_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7264_7288_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7432_7456_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7496_19456_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7624_7656_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7632_7656_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_772_4060_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7804_7904_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7852_6264_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_7876_7900_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8016_8040_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_804_968_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8120_7972_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8168_3424_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8316_8340_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8356_8388_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8564_6948_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8580_8604_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8616_8648_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8788_8812_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8808_8836_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8844_7092_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_8940_8964_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9072_9096_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9180_7568_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9288_9944_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9296_9320_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9524_9548_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9708_9732_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9884_14976_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\_toolbar_tmp_9988_10012_3.html
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dealio-14286.log
c:\windows\system32\config\systemprofile\Application Data\Dealio\kb127\temp\dod_cache.xml
c:\windows\system32\config\systemprofile\Application Data\Search Settings
c:\windows\system32\config\systemprofile\Application Data\Search Settings\kb127\temp\ws-14286.log
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-23 au 2009-02-23 ))))))))))))))))))))))))))))))))))))
.

2009-02-23 18:36 . 2009-02-23 18:39 <REP> d-------- C:\ComboFix
2009-02-17 17:00 . 2009-02-17 17:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 17:00 . 2009-02-17 17:00 <REP> d-------- c:\documents and settings\Marjorie\Application Data\Malwarebytes
2009-02-17 17:00 . 2009-02-17 17:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 17:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 17:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 14:36 . 2009-02-17 14:36 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-17 14:32 . 2009-02-17 14:32 <REP> d-------- c:\windows\ERUNT
2009-02-17 13:51 . 2009-02-17 14:53 <REP> d-------- C:\SDFix
2009-02-17 13:36 . 2009-02-17 13:36 <REP> d-------- c:\program files\MessenPass
2009-02-17 13:36 . 2009-02-17 13:36 39,424 --a------ c:\windows\zipinst.exe
2009-02-17 01:22 . 2009-02-17 01:22 244 --ah----- C:\sqmnoopt05.sqm
2009-02-17 01:22 . 2009-02-17 01:22 232 --ah----- C:\sqmdata05.sqm
2009-02-17 01:14 . 2009-02-17 01:14 244 --ah----- C:\sqmnoopt04.sqm
2009-02-17 01:14 . 2009-02-17 01:14 232 --ah----- C:\sqmdata04.sqm
2009-02-16 09:16 . 2009-02-16 09:16 244 --ah----- C:\sqmnoopt03.sqm
2009-02-16 09:16 . 2009-02-16 09:16 232 --ah----- C:\sqmdata03.sqm
2009-02-14 19:09 . 2009-02-14 19:09 244 --ah----- C:\sqmnoopt02.sqm
2009-02-14 19:09 . 2009-02-14 19:09 232 --ah----- C:\sqmdata02.sqm
2009-02-14 18:17 . 2009-02-17 01:07 <REP> d-------- C:\ToolBar SD
2009-02-14 18:08 . 2009-02-17 01:12 <REP> d-------- c:\program files\Ad-remover
2009-02-14 17:57 . 2009-02-14 17:58 <REP> d-------- C:\rsit
2009-02-14 17:57 . 2009-02-17 18:16 <REP> d-------- c:\program files\trend micro
2009-02-13 23:52 . 2009-02-13 23:52 244 --ah----- C:\sqmnoopt01.sqm
2009-02-13 23:52 . 2009-02-13 23:52 244 --ah----- C:\sqmnoopt00.sqm
2009-02-13 23:52 . 2009-02-13 23:52 232 --ah----- C:\sqmdata01.sqm
2009-02-13 23:52 . 2009-02-13 23:52 232 --ah----- C:\sqmdata00.sqm
2009-02-12 00:39 . 2009-02-12 00:39 <REP> dr------- c:\documents and settings\NetworkService\Favoris

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 17:35 --------- d-----w c:\documents and settings\Marjorie\Application Data\MSN6
2009-02-23 09:37 --------- d-----w c:\program files\eMule
2009-02-13 22:52 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-13 20:52 --------- d-----w c:\program files\Google
2009-02-11 23:39 --------- d-----w c:\program files\MSN Messenger
2009-01-18 21:45 3,532 ----a-w C:\drmHeader.bin
2008-12-26 12:11 61,224 ----a-w c:\documents and settings\Marjorie\GoToAssistDownloadHelper.exe
2008-12-26 12:11 --------- d-----w c:\program files\Citrix
2008-08-31 22:12 0 ----a-w c:\program files\temp01
2007-07-30 17:13 47,360 ----a-w c:\documents and settings\Marjorie\Application Data\pcouffin.sys
2007-03-17 00:41 87,608 ----a-w c:\documents and settings\Marjorie\Application Data\ezpinst.exe
2007-02-24 14:55 94,080 ----a-w c:\documents and settings\Marjorie\Application Data\ezplay.sys
2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2009-02-17 00:33 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-02-17 00:33 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-17 00:33 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-02-17 00:33 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-02-17 00:33 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-20 22:25 88 --sh--r c:\windows\system32\A644747463.sys
2007-08-20 22:25 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-26 22:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\Marjorie\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-09-23 4708864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Google Updater.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marjorie^Menu Démarrer^Programmes^Démarrage^BoontyBox 01net.lnk]
path=c:\documents and settings\Marjorie\Menu Démarrer\Programmes\Démarrage\BoontyBox 01net.lnk
backup=c:\windows\pss\BoontyBox 01net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-08-08 14:53 88024 c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
--a------ 2006-02-14 05:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-10-06 12:13 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-10-06 12:11 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-07-08 04:48 50688 c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-10-06 12:10 94208 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Freeciv-2.1.5-gtk2\\civserver.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9186:TCP"= 9186:TCP:BitComet 9186 TCP
"9186:UDP"= 9186:UDP:BitComet 9186 UDP

R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-10-18 16896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Start.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-02-23 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\documents and settings\Marjorie\Application Data\Mozilla\Firefox\Profiles\jx61hblp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 18:44:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,0f,1e,31,37,a1,
6a,73,41,e2,63,26,f1,3f,c8,ff,68,c3,3a,27,47,36,1a,8d,13,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,83,74,a9,ca,30,
46,6e,88,6a,9c,d6,61,af,45,84,18,a2,10,96,45,88,5c,08,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1b,df,3f,7c,82,
d2,43,11,ff,7c,85,e0,43,d4,0e,fe,b7,0f,82,76,57,47,a3,96,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,70,46,c7,44,f8,
c6,75,18,86,8c,21,01,be,91,eb,e7,79,c5,fb,27,3d,63,16,e1,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,92,8f,79,a0,12,
68,ce,b2,f5,1d,4d,73,a8,13,5c,05,a5,4b,a0,71,04,2d,7b,1a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b7,2e,3d,9b,f6,
34,b5,37,df,20,58,62,78,6b,cf,c8,e3,0c,ef,6b,cc,da,35,55,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,f4,68,70,5b,68,
f0,62,85,fb,a7,78,e6,12,2f,9a,ea,07,c2,55,4a,74,07,26,0b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,0a,44,85,69,
99,e4,7e,01,3a,48,fc,e8,04,4a,f1,ca,2a,cc,1a,4c,05,af,08,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ba,5c,29,8f,3e,
6f,7d,0d,f6,0f,4e,58,98,5b,89,c9,9f,3f,9b,5f,ab,4f,f9,1d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b6,09,5d,ba,de,
30,97,32,3d,ce,ea,26,2d,45,aa,78,e7,ea,21,ac,d1,04,08,52,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a0
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
23 févr. 2009 à 19:49
Parfait :)

J'ai besoin d'un dernier rapport pour te donner les conseils de fin de désinfection (nettoyage, sécurisation et optimisation).


Télécharge hijackthis (logiciel de diagnostic) sur ton Bureau :
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/

Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum

0
Réponse 26 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
23 févr. 2009 à 22:37
Le voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:01, on 23/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 27 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
24 févr. 2009 à 14:33
J'ai suivi tes conseils à la lettre!

Un grand Merci à toi d'avoir pris de ton temps pour m'aider! A bientôt alors ;)

Marjorie.
0
Réponse 28 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
24 févr. 2009 à 16:07
Heureux d'avoir pu t'aider ;)

Bonne continuation !
0

Discussions similaires

Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses