SOS !!! un trojan DNSchanger codec !!!

Résolu
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention   -  
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

Mon PC est infecté par un "trojan DNSchanger codec" détecté par super anti spywar et je n'arrive vraiment pas a m'en débarrasser c'est dingue !!! Je le met en quarantaine puis je le supprime, mais rien y fait, chaque fois que j'éteins le PC ben je refais l'analyse et rebelotte, encore la !!! J'ai lu des discussion sur les forums, j'ai telecharger bit defender, hijackthis AVG etc, je n'arrive pas à le detruire et je suis tout le temps embeté par des fenetre de pub qui s'ouvrent chaque fois que je visite des pages etc...
Svp si vs avez des tuyaux :-(
PS : je ne suis pas un pro de l'informatique...
A voir également:

54 réponses

Réponse 1 / 54
Utilisateur anonyme
 
SAlut!

Nettoie d'abord les outils, que l'on parte sur une base saine:

Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau:

Toolscleaner

Clique sur Recherche et laisse le scan se terminer.

Clique, sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options facultatives.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

======================

Puis:

Poste un rapport Hijackthis pour cibler l'infection, si infection il y a :

▶ Télécharge hijackthis

▶ Tout est expliqué sur ce site web pour l'installer et l'utiliser correctement.

▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.


Comment copier/coller le rapport :


▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ Ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

A++ ;)
0
Réponse 2 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Voila la première chose que tu m'as demandé :-)

[ Rapport ToolsCleaner version 2.3.2 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\RAJI\Bureau\Navilog1.exe: trouvé !
C:\Documents and Settings\RAJI\Recent\HijackThis.lnk: trouvé !
C:\Documents and Settings\RAJI\Recent\Navilog1.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\RAJI\Recent\HijackThis.lnk: supprimé !
C:\Documents and Settings\RAJI\Recent\Navilog1.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
0
Réponse 3 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le rapport et vraiment MERCI !!!
en + j'apprend des truc en informatik c cool :-)
t super.
k'en penses tu ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:28, on 22/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\documents and settings\raji\local settings\application data\auukuig.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iOpus\AC-Plug\acplug.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\RAJI\Bureau\test.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.fr.netscape.com/fr/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AliceSAV] "C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [auukuig] "c:\documents and settings\raji\local settings\application data\auukuig.exe" auukuig
O4 - HKCU\..\Run: [Trojan Killer] "C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe" 0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 42 AC Plug.lnk = C:\Program Files\iOpus\AC-Plug\acplug.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\RAJI\Application Data\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
0
Réponse 4 / 54
Utilisateur anonyme
 
Re!

Commence par ceci:

Tu es infecté par Navipromo/ Magic Control: 

C'est un adware installé par les programmes suivants:

* Funky Emoticons 
* go-astro
* GoRecord
* HotTVPlayer / HotTVPlayer & Paris Hilton
* Live-Player
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Official Emule (Version d'Emule modifiée)
* Original Solitaire
* SuperSexPlayer
* Speed Downloading
* Sudoplanet
* Webmediaplayer
* Sur le site www.games-desktop.com (n'allez pas dessus!!)

(N'aie plus aucun contact avec eux)
Liens utiles: http://www.malekal.com/Adware.Magic_Control.php

========================================

Télécharge sur le bureau navilog1

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Double-clique sur le raccourci "navilog1" sur ton bureau.
(Si Vista: Clique-droit + "Exécuter en tant qu'administrateur)

Appuie sur la lettre f de ton clavier puis sur la touche Entrée.
Appuie sur une touche de ton clavier pour continuer...

Tape 1, puis appuie sur la touche Entrée.
Ainsi Navilog1 va effectuer la recherche des fichiers infectieux:

/!\ NE PAS UTILISER L'OPTION 2, 3, 4 SANS AVIS /!\

Patiente, cela peut prendre une dizaine de minutes...
Navilog1 t'informera que la recherche est terminée :
Appuie sur une touche pour afficher le rapport qu'il a généré.

Le rapport sera sauvegardé dans le fichier suivant : "fixnavi.txt" à la racine
du disque dur (ex : C:\fixnavi.txt).

Poste le rapport généré.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Il me semble avoir lu pendant l'analyse "Navipromo/ Magic Control detecté" mais je ne le vois pas ici :-I ... Sinon Voila le rapport mon ami :-) :

Search Navipromo version 3.7.6 commencé le 22/03/2009 à 22:56:26,16

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : RAJI ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090321-0] 4.8.1335 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:23 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:103 Go (Free:103 Go)


Recherche executé en mode normal


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\RAJI\applic~1" ***

...\Live-Player trouvé !

*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\RAJI\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\RAJI\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\RAJI\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***


c:\docume~1\alluse~1\bureau\Live-Player.lnk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auukuig"="\"c:\\documents and settings\\raji\\local settings\\application data\\auukuig.exe\" auukuig"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

exnjjt_navtmp.dat trouvé !
hnkliswlnc.dat trouvé !
hnkliswlnc_nav.dat trouvé !
hnkliswlnc_navps.dat trouvé !
hotjwbbde.dat.vir trouvé !
hotjwbbde_nav.dat.vir trouvé !
hotjwbbde_navps.dat.vir trouvé !
rtpwaeosdn.dat trouvé !
rtpwaeosdn_nav.dat trouvé !
rtpwaeosdn_navps.dat trouvé !

* Dans "C:\Documents and Settings\RAJI\locals~1\applic~1" :

auukuig.exe trouvé !
auukuig.dat trouvé !
auukuig_nav.dat trouvé !
auukuig_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 22/03/2009 à 23:00:25,10 ***
0
Réponse 6 / 54
Utilisateur anonyme
 
Re!

N'installe plus Live-Player, c'est lui qui t'a infecté.

Relance Navilog et fais l'option2, celle du nettoyage.

Le pc va redémarrer, c'est normal.

Poste le rapport généré.

==================================

Puis fais ceci après avoir posté le rapport navilog:

Lors de l'installation de programmes gratuits, il faut lire attentivement et décocher tous les programmes additionnels inutiles qui sont proposés, en particulier les barres d'outil !

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le rapport généré. (C:\TB.txt)
0
Réponse 7 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
jesper ke tu sera la demain mon ami :-)
je vais m'occuper de faire tou ca et je te dis a demain et ne te remercierai jamai assez !!!
les gens comme com toi ca remonte le moral face a c gens ki produisent tou ca !!!
t genial
a demain jesper

saber
0
Réponse 8 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Voici le rapport obtenu a l'allumage du PC :

Clean Navipromo version 3.7.6 commencé le 23/03/2009 à 0:04:34,55

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.03.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : RAJI ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090321-0] 4.8.1335 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:23 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:103 Go (Free:103 Go)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\RAJI\locals~1\applic~1" *


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\RAJI\applic~1" ***

...\Live-Player ...suppression...
...\Live-Player supprimé !


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\RAJI\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\RAJI\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***



*** Suppression fichiers ***

c:\docume~1\alluse~1\bureau\Live-Player.lnk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\RAJI\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


exnjjt_navtmp.dat trouvé !
Copie exnjjt_navtmp.dat réalisée avec succès !
exnjjt_navtmp.dat supprimé !

hnkliswlnc.dat trouvé !
Copie hnkliswlnc.dat réalisée avec succès !
hnkliswlnc.dat supprimé !

hnkliswlnc_nav.dat trouvé !
Copie hnkliswlnc_nav.dat réalisée avec succès !
hnkliswlnc_nav.dat supprimé !

hnkliswlnc_navps.dat trouvé !
Copie hnkliswlnc_navps.dat réalisée avec succès !
hnkliswlnc_navps.dat supprimé !

hotjwbbde.dat.vir trouvé !
Copie hotjwbbde.dat.vir réalisée avec succès !
hotjwbbde.dat.vir supprimé !

hotjwbbde_nav.dat.vir trouvé !
Copie hotjwbbde_nav.dat.vir réalisée avec succès !
hotjwbbde_nav.dat.vir supprimé !

hotjwbbde_navps.dat.vir trouvé !
Copie hotjwbbde_navps.dat.vir réalisée avec succès !
hotjwbbde_navps.dat.vir supprimé !

rtpwaeosdn.dat trouvé !
Copie rtpwaeosdn.dat réalisée avec succès !
rtpwaeosdn.dat supprimé !

rtpwaeosdn_nav.dat trouvé !
Copie rtpwaeosdn_nav.dat réalisée avec succès !
rtpwaeosdn_nav.dat supprimé !

rtpwaeosdn_navps.dat trouvé !
Copie rtpwaeosdn_navps.dat réalisée avec succès !
rtpwaeosdn_navps.dat supprimé !


* Dans "C:\Documents and Settings\RAJI\locals~1\applic~1" *


auukuig.exe trouvé !
Copie auukuig.exe réalisée avec succès !
auukuig.exe supprimé !

auukuig.dat trouvé !
Copie auukuig.dat réalisée avec succès !
auukuig.dat supprimé !

auukuig_nav.dat trouvé !
Copie auukuig_nav.dat réalisée avec succès !
auukuig_nav.dat supprimé !

auukuig_navps.dat trouvé !
Copie auukuig_navps.dat réalisée avec succès !
auukuig_navps.dat supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 23/03/2009 à 0:10:43,88 ***
0
Réponse 9 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
L'autre rapport :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : RAJI ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090322-0] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:23 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:103 Go (Free:103 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 23/03/2009| 0:17 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\00097766
C:\Program Files\AskBarDis\bar\Cache\00097B9C.bin
C:\Program Files\AskBarDis\bar\Cache\00097CD5.bin
C:\Program Files\AskBarDis\bar\Cache\00097D71.bin
C:\Program Files\AskBarDis\bar\Cache\00097E0D.bin
C:\Program Files\AskBarDis\bar\Cache\00097E9A.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\DOCUME~1\RAJI\APPLIC~1\Dealio
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\as_sidebar.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\blank.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\DealioSearch.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\deals-endcap.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\deals-leftcap.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\deal_report.jpg
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\ebay_login.jpg
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\endcap22-bg.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\endcap22-left.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\endcap22-right-arrow.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\endcap22-right.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\ErrorPageTemplate.css
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\err_mainwindow.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\err_sidebar.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\err_toolbar.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\global_scripts.js
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\headerbgthin.jpg
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\help.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\logo.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\logo_over.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\man_toolbar.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\man_toolbar.js
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\pill_bg.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\post-this-deal.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\post-this-deal_over.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\scripts.js
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\scroller.js
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\search-chevron.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\search_bg_blink.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\separator.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\settings.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\settings_over.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\sidebar.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\steals_bg.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\tabdata.js
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\tablib.js
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\tabwelcome_en.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\tab_icon.png
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\toolbar_background.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\res\yahoo_search.gif
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\index.1.80.39
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.10.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.109.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.110.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.12.52
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.13.58
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.130.58
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.135.50
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.153.44
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.155.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.156.49
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.16.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.161.52
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.178.66
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.184.55
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.188.52
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.189.45
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.196.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.198.56
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.199.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.200.53
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.201.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.202.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.203.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.205.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.213.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.214.49
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.215.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.216.67
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.217.67
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.218.52
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.219.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.220.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.221.57
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.222.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.223.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.226.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.227.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.228.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.229.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.23.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.239.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.24.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.240.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.241.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.242.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.243.77
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.244.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.245.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.247.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.248.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.249.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.250.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.251.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.252.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.253.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.254.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.255.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.256.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.257.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.279.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.28.58
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.282.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.283.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.284.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.289.67
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.290.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.291.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.296.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.297.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.304.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.307.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.308.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.31.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.310.46
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.311.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.315.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.316.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.317.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.318.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.319.49
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.32.48
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.334.44
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.335.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.336.44
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.337.44
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.338.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.339.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.34.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.340.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.341.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.349.50
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.35.48
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.350.50
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.351.51
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.352.77
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.353.51
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.354.51
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.357.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.358.52
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.359.52
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.360.53
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.361.54
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.362.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.363.58
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.364.54
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.365.53
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.367.56
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.368.58
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.369.55
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.370.80
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.371.56
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.372.57
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.373.55
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.375.56
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.376.57
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.377.55
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.378.65
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.384.58
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.386.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.387.59
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.388.59
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.389.59
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.390.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.391.78
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.392.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.393.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.394.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.396.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.397.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.398.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.399.60
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.403.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.404.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.405.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.406.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.407.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.408.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.409.61
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.412.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.413.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.414.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.415.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.416.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.417.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.418.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.419.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.420.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.421.62
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.423.77
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.424.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.425.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.426.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.427.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.428.65
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.429.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.430.63
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.432.65
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.433.64
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.434.65
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.435.64
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.436.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.437.64
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.438.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.439.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.440.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.442.73
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.443.73
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.444.73
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.445.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.446.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.450.67
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.451.67
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.452.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.453.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.454.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.456.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.457.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.458.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.459.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.460.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.462.74
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.463.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.464.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.465.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.468.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.469.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.470.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.471.73
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.472.70
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.478.74
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.479.73
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.480.68
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.481.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.482.74
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.49.67
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.50.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.500.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.501.74
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.502.71
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.51.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.52.72
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.520.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.521.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.522.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.53.51
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.531.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.532.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.533.77
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.534.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.54.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.55.45
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.56.69
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.57.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.58.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.591.79
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.592.79
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.593.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.594.77
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.595.76
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.608.78
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.610.80
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.611.79
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.614.79
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.617.79
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.624.80
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.63.57
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.640.80
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.641.80
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.66.47
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.70.75
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\rules\rules.1.71.43
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\dealio-14322.log
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\dealio-14323.log
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\dealio-14325.log
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\dod_cache.xml
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\_toolbar_tmp_3244_3780_5.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\_toolbar_tmp_3760_3716_5.html
C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124\temp\~dtEF.tmp
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb124
C:\Program Files\Dealio\kb124\Dealio Deskbar.exe
C:\Program Files\Dealio\kb124\Dealio.dll
C:\Program Files\Dealio\kb124\res
C:\Program Files\Dealio\kb124\rules
C:\Program Files\Dealio\kb124\temp
C:\Program Files\Dealio\kb124\res\as_sidebar.html
C:\Program Files\Dealio\kb124\res\blank.gif
C:\Program Files\Dealio\kb124\res\DealioSearch.html
C:\Program Files\Dealio\kb124\res\deals-endcap.gif
C:\Program Files\Dealio\kb124\res\deals-leftcap.gif
C:\Program Files\Dealio\kb124\res\deal_report.jpg
C:\Program Files\Dealio\kb124\res\ebay_login.jpg
C:\Program Files\Dealio\kb124\res\endcap22-bg.png
C:\Program Files\Dealio\kb124\res\endcap22-left.png
C:\Program Files\Dealio\kb124\res\endcap22-right-arrow.png
C:\Program Files\Dealio\kb124\res\endcap22-right.png
C:\Program Files\Dealio\kb124\res\ErrorPageTemplate.css
C:\Program Files\Dealio\kb124\res\err_mainwindow.html
C:\Program Files\Dealio\kb124\res\err_sidebar.html
C:\Program Files\Dealio\kb124\res\err_toolbar.html
C:\Program Files\Dealio\kb124\res\global_scripts.js
C:\Program Files\Dealio\kb124\res\headerbgthin.jpg
C:\Program Files\Dealio\kb124\res\help.gif
C:\Program Files\Dealio\kb124\res\logo.png
C:\Program Files\Dealio\kb124\res\logo_over.png
C:\Program Files\Dealio\kb124\res\man_toolbar.html
C:\Program Files\Dealio\kb124\res\man_toolbar.js
C:\Program Files\Dealio\kb124\res\pill_bg.gif
C:\Program Files\Dealio\kb124\res\post-this-deal.gif
C:\Program Files\Dealio\kb124\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb124\res\scripts.js
C:\Program Files\Dealio\kb124\res\scroller.js
C:\Program Files\Dealio\kb124\res\search-chevron.gif
C:\Program Files\Dealio\kb124\res\search_bg_blink.gif
C:\Program Files\Dealio\kb124\res\separator.gif
C:\Program Files\Dealio\kb124\res\settings.gif
C:\Program Files\Dealio\kb124\res\settings_over.gif
C:\Program Files\Dealio\kb124\res\sidebar.html
C:\Program Files\Dealio\kb124\res\steals_bg.gif
C:\Program Files\Dealio\kb124\res\tabdata.js
C:\Program Files\Dealio\kb124\res\tablib.js
C:\Program Files\Dealio\kb124\res\tabwelcome_en.html
C:\Program Files\Dealio\kb124\res\tab_icon.png
C:\Program Files\Dealio\kb124\res\Thumbs.db
C:\Program Files\Dealio\kb124\res\toolbar_background.gif
C:\Program Files\Dealio\kb124\res\yahoo_search.gif
C:\Program Files\Dealio\kb124\rules\index.1.80.39
C:\Program Files\Dealio\kb124\rules\rules.1.10.76
C:\Program Files\Dealio\kb124\rules\rules.1.109.43
C:\Program Files\Dealio\kb124\rules\rules.1.110.43
C:\Program Files\Dealio\kb124\rules\rules.1.12.52
C:\Program Files\Dealio\kb124\rules\rules.1.13.58
C:\Program Files\Dealio\kb124\rules\rules.1.130.58
C:\Program Files\Dealio\kb124\rules\rules.1.135.50
C:\Program Files\Dealio\kb124\rules\rules.1.153.44
C:\Program Files\Dealio\kb124\rules\rules.1.155.43
C:\Program Files\Dealio\kb124\rules\rules.1.156.49
C:\Program Files\Dealio\kb124\rules\rules.1.16.60
C:\Program Files\Dealio\kb124\rules\rules.1.161.52
C:\Program Files\Dealio\kb124\rules\rules.1.178.66
C:\Program Files\Dealio\kb124\rules\rules.1.184.55
C:\Program Files\Dealio\kb124\rules\rules.1.188.52
C:\Program Files\Dealio\kb124\rules\rules.1.189.45
C:\Program Files\Dealio\kb124\rules\rules.1.196.43
C:\Program Files\Dealio\kb124\rules\rules.1.198.56
C:\Program Files\Dealio\kb124\rules\rules.1.199.43
C:\Program Files\Dealio\kb124\rules\rules.1.200.53
C:\Program Files\Dealio\kb124\rules\rules.1.201.43
C:\Program Files\Dealio\kb124\rules\rules.1.202.43
C:\Program Files\Dealio\kb124\rules\rules.1.203.71
C:\Program Files\Dealio\kb124\rules\rules.1.205.62
C:\Program Files\Dealio\kb124\rules\rules.1.213.71
C:\Program Files\Dealio\kb124\rules\rules.1.214.49
C:\Program Files\Dealio\kb124\rules\rules.1.215.43
C:\Program Files\Dealio\kb124\rules\rules.1.216.67
C:\Program Files\Dealio\kb124\rules\rules.1.217.67
C:\Program Files\Dealio\kb124\rules\rules.1.218.52
C:\Program Files\Dealio\kb124\rules\rules.1.219.43
C:\Program Files\Dealio\kb124\rules\rules.1.220.43
C:\Program Files\Dealio\kb124\rules\rules.1.221.57
C:\Program Files\Dealio\kb124\rules\rules.1.222.43
C:\Program Files\Dealio\kb124\rules\rules.1.223.68
C:\Program Files\Dealio\kb124\rules\rules.1.226.68
C:\Program Files\Dealio\kb124\rules\rules.1.227.43
C:\Program Files\Dealio\kb124\rules\rules.1.228.62
C:\Program Files\Dealio\kb124\rules\rules.1.229.76
C:\Program Files\Dealio\kb124\rules\rules.1.23.63
C:\Program Files\Dealio\kb124\rules\rules.1.239.43
C:\Program Files\Dealio\kb124\rules\rules.1.24.43
C:\Program Files\Dealio\kb124\rules\rules.1.240.43
C:\Program Files\Dealio\kb124\rules\rules.1.241.43
C:\Program Files\Dealio\kb124\rules\rules.1.242.43
C:\Program Files\Dealio\kb124\rules\rules.1.243.77
C:\Program Files\Dealio\kb124\rules\rules.1.244.63
C:\Program Files\Dealio\kb124\rules\rules.1.245.43
C:\Program Files\Dealio\kb124\rules\rules.1.247.43
C:\Program Files\Dealio\kb124\rules\rules.1.248.43
C:\Program Files\Dealio\kb124\rules\rules.1.249.43
C:\Program Files\Dealio\kb124\rules\rules.1.250.43
C:\Program Files\Dealio\kb124\rules\rules.1.251.43
C:\Program Files\Dealio\kb124\rules\rules.1.252.43
C:\Program Files\Dealio\kb124\rules\rules.1.253.43
C:\Program Files\Dealio\kb124\rules\rules.1.254.43
C:\Program Files\Dealio\kb124\rules\rules.1.255.43
C:\Program Files\Dealio\kb124\rules\rules.1.256.43
C:\Program Files\Dealio\kb124\rules\rules.1.257.43
C:\Program Files\Dealio\kb124\rules\rules.1.279.43
C:\Program Files\Dealio\kb124\rules\rules.1.28.58
C:\Program Files\Dealio\kb124\rules\rules.1.282.75
C:\Program Files\Dealio\kb124\rules\rules.1.283.43
C:\Program Files\Dealio\kb124\rules\rules.1.284.43
C:\Program Files\Dealio\kb124\rules\rules.1.289.67
C:\Program Files\Dealio\kb124\rules\rules.1.290.62
C:\Program Files\Dealio\kb124\rules\rules.1.291.61
C:\Program Files\Dealio\kb124\rules\rules.1.296.43
C:\Program Files\Dealio\kb124\rules\rules.1.297.43
C:\Program Files\Dealio\kb124\rules\rules.1.304.43
C:\Program Files\Dealio\kb124\rules\rules.1.307.43
C:\Program Files\Dealio\kb124\rules\rules.1.308.75
C:\Program Files\Dealio\kb124\rules\rules.1.31.47
C:\Program Files\Dealio\kb124\rules\rules.1.310.46
C:\Program Files\Dealio\kb124\rules\rules.1.311.43
C:\Program Files\Dealio\kb124\rules\rules.1.315.43
C:\Program Files\Dealio\kb124\rules\rules.1.316.43
C:\Program Files\Dealio\kb124\rules\rules.1.317.43
C:\Program Files\Dealio\kb124\rules\rules.1.318.43
C:\Program Files\Dealio\kb124\rules\rules.1.319.49
C:\Program Files\Dealio\kb124\rules\rules.1.32.48
C:\Program Files\Dealio\kb124\rules\rules.1.334.44
C:\Program Files\Dealio\kb124\rules\rules.1.335.60
C:\Program Files\Dealio\kb124\rules\rules.1.336.44
C:\Program Files\Dealio\kb124\rules\rules.1.337.44
C:\Program Files\Dealio\kb124\rules\rules.1.338.75
C:\Program Files\Dealio\kb124\rules\rules.1.339.47
C:\Program Files\Dealio\kb124\rules\rules.1.34.43
C:\Program Files\Dealio\kb124\rules\rules.1.340.47
C:\Program Files\Dealio\kb124\rules\rules.1.341.47
C:\Program Files\Dealio\kb124\rules\rules.1.349.50
C:\Program Files\Dealio\kb124\rules\rules.1.35.48
C:\Program Files\Dealio\kb124\rules\rules.1.350.50
C:\Program Files\Dealio\kb124\rules\rules.1.351.51
C:\Program Files\Dealio\kb124\rules\rules.1.352.77
C:\Program Files\Dealio\kb124\rules\rules.1.353.51
C:\Program Files\Dealio\kb124\rules\rules.1.354.51
C:\Program Files\Dealio\kb124\rules\rules.1.357.62
C:\Program Files\Dealio\kb124\rules\rules.1.358.52
C:\Program Files\Dealio\kb124\rules\rules.1.359.52
C:\Program Files\Dealio\kb124\rules\rules.1.360.53
C:\Program Files\Dealio\kb124\rules\rules.1.361.54
C:\Program Files\Dealio\kb124\rules\rules.1.362.68
C:\Program Files\Dealio\kb124\rules\rules.1.363.58
C:\Program Files\Dealio\kb124\rules\rules.1.364.54
C:\Program Files\Dealio\kb124\rules\rules.1.365.53
C:\Program Files\Dealio\kb124\rules\rules.1.367.56
C:\Program Files\Dealio\kb124\rules\rules.1.368.58
C:\Program Files\Dealio\kb124\rules\rules.1.369.55
C:\Program Files\Dealio\kb124\rules\rules.1.370.80
C:\Program Files\Dealio\kb124\rules\rules.1.371.56
C:\Program Files\Dealio\kb124\rules\rules.1.372.57
C:\Program Files\Dealio\kb124\rules\rules.1.373.55
C:\Program Files\Dealio\kb124\rules\rules.1.375.56
C:\Program Files\Dealio\kb124\rules\rules.1.376.57
C:\Program Files\Dealio\kb124\rules\rules.1.377.55
C:\Program Files\Dealio\kb124\rules\rules.1.378.65
C:\Program Files\Dealio\kb124\rules\rules.1.384.58
C:\Program Files\Dealio\kb124\rules\rules.1.386.71
C:\Program Files\Dealio\kb124\rules\rules.1.387.59
C:\Program Files\Dealio\kb124\rules\rules.1.388.59
C:\Program Files\Dealio\kb124\rules\rules.1.389.59
C:\Program Files\Dealio\kb124\rules\rules.1.390.60
C:\Program Files\Dealio\kb124\rules\rules.1.391.78
C:\Program Files\Dealio\kb124\rules\rules.1.392.60
C:\Program Files\Dealio\kb124\rules\rules.1.393.60
C:\Program Files\Dealio\kb124\rules\rules.1.394.60
C:\Program Files\Dealio\kb124\rules\rules.1.396.61
C:\Program Files\Dealio\kb124\rules\rules.1.397.61
C:\Program Files\Dealio\kb124\rules\rules.1.398.60
C:\Program Files\Dealio\kb124\rules\rules.1.399.60
C:\Program Files\Dealio\kb124\rules\rules.1.403.61
C:\Program Files\Dealio\kb124\rules\rules.1.404.63
C:\Program Files\Dealio\kb124\rules\rules.1.405.61
C:\Program Files\Dealio\kb124\rules\rules.1.406.61
C:\Program Files\Dealio\kb124\rules\rules.1.407.76
C:\Program Files\Dealio\kb124\rules\rules.1.408.63
C:\Program Files\Dealio\kb124\rules\rules.1.409.61
C:\Program Files\Dealio\kb124\rules\rules.1.412.62
C:\Program Files\Dealio\kb124\rules\rules.1.413.62
C:\Program Files\Dealio\kb124\rules\rules.1.414.62
C:\Program Files\Dealio\kb124\rules\rules.1.415.62
C:\Program Files\Dealio\kb124\rules\rules.1.416.62
C:\Program Files\Dealio\kb124\rules\rules.1.417.62
C:\Program Files\Dealio\kb124\rules\rules.1.418.62
C:\Program Files\Dealio\kb124\rules\rules.1.419.62
C:\Program Files\Dealio\kb124\rules\rules.1.420.62
C:\Program Files\Dealio\kb124\rules\rules.1.421.62
C:\Program Files\Dealio\kb124\rules\rules.1.423.77
C:\Program Files\Dealio\kb124\rules\rules.1.424.63
C:\Program Files\Dealio\kb124\rules\rules.1.425.63
C:\Program Files\Dealio\kb124\rules\rules.1.426.63
C:\Program Files\Dealio\kb124\rules\rules.1.427.63
C:\Program Files\Dealio\kb124\rules\rules.1.428.65
C:\Program Files\Dealio\kb124\rules\rules.1.429.63
C:\Program Files\Dealio\kb124\rules\rules.1.430.63
C:\Program Files\Dealio\kb124\rules\rules.1.432.65
C:\Program Files\Dealio\kb124\rules\rules.1.433.64
C:\Program Files\Dealio\kb124\rules\rules.1.434.65
C:\Program Files\Dealio\kb124\rules\rules.1.435.64
C:\Program Files\Dealio\kb124\rules\rules.1.436.76
C:\Program Files\Dealio\kb124\rules\rules.1.437.64
C:\Program Files\Dealio\kb124\rules\rules.1.438.71
C:\Program Files\Dealio\kb124\rules\rules.1.439.71
C:\Program Files\Dealio\kb124\rules\rules.1.440.75
C:\Program Files\Dealio\kb124\rules\rules.1.442.73
C:\Program Files\Dealio\kb124\rules\rules.1.443.73
C:\Program Files\Dealio\kb124\rules\rules.1.444.73
C:\Program Files\Dealio\kb124\rules\rules.1.445.68
C:\Program Files\Dealio\kb124\rules\rules.1.446.69
C:\Program Files\Dealio\kb124\rules\rules.1.450.67
C:\Program Files\Dealio\kb124\rules\rules.1.451.67
C:\Program Files\Dealio\kb124\rules\rules.1.452.68
C:\Program Files\Dealio\kb124\rules\rules.1.453.68
C:\Program Files\Dealio\kb124\rules\rules.1.454.69
C:\Program Files\Dealio\kb124\rules\rules.1.456.69
C:\Program Files\Dealio\kb124\rules\rules.1.457.75
C:\Program Files\Dealio\kb124\rules\rules.1.458.70
C:\Program Files\Dealio\kb124\rules\rules.1.459.70
C:\Program Files\Dealio\kb124\rules\rules.1.460.69
C:\Program Files\Dealio\kb124\rules\rules.1.462.74
C:\Program Files\Dealio\kb124\rules\rules.1.463.69
C:\Program Files\Dealio\kb124\rules\rules.1.464.70
C:\Program Files\Dealio\kb124\rules\rules.1.465.68
C:\Program Files\Dealio\kb124\rules\rules.1.468.70
C:\Program Files\Dealio\kb124\rules\rules.1.469.70
C:\Program Files\Dealio\kb124\rules\rules.1.470.70
C:\Program Files\Dealio\kb124\rules\rules.1.471.73
C:\Program Files\Dealio\kb124\rules\rules.1.472.70
C:\Program Files\Dealio\kb124\rules\rules.1.478.74
C:\Program Files\Dealio\kb124\rules\rules.1.479.73
C:\Program Files\Dealio\kb124\rules\rules.1.480.68
C:\Program Files\Dealio\kb124\rules\rules.1.481.71
C:\Program Files\Dealio\kb124\rules\rules.1.482.74
C:\Program Files\Dealio\kb124\rules\rules.1.49.67
C:\Program Files\Dealio\kb124\rules\rules.1.50.43
C:\Program Files\Dealio\kb124\rules\rules.1.500.71
C:\Program Files\Dealio\kb124\rules\rules.1.501.74
C:\Program Files\Dealio\kb124\rules\rules.1.502.71
C:\Program Files\Dealio\kb124\rules\rules.1.51.69
C:\Program Files\Dealio\kb124\rules\rules.1.52.72
C:\Program Files\Dealio\kb124\rules\rules.1.520.76
C:\Program Files\Dealio\kb124\rules\rules.1.521.76
C:\Program Files\Dealio\kb124\rules\rules.1.522.76
C:\Program Files\Dealio\kb124\rules\rules.1.53.51
C:\Program Files\Dealio\kb124\rules\rules.1.531.76
C:\Program Files\Dealio\kb124\rules\rules.1.532.75
C:\Program Files\Dealio\kb124\rules\rules.1.533.77
C:\Program Files\Dealio\kb124\rules\rules.1.534.75
C:\Program Files\Dealio\kb124\rules\rules.1.54.47
C:\Program Files\Dealio\kb124\rules\rules.1.55.45
C:\Program Files\Dealio\kb124\rules\rules.1.56.69
C:\Program Files\Dealio\kb124\rules\rules.1.57.43
C:\Program Files\Dealio\kb124\rules\rules.1.58.47
C:\Program Files\Dealio\kb124\rules\rules.1.591.79
C:\Program Files\Dealio\kb124\rules\rules.1.592.79
C:\Program Files\Dealio\kb124\rules\rules.1.593.76
C:\Program Files\Dealio\kb124\rules\rules.1.594.77
C:\Program Files\Dealio\kb124\rules\rules.1.595.76
C:\Program Files\Dealio\kb124\rules\rules.1.608.78
C:\Program Files\Dealio\kb124\rules\rules.1.610.80
C:\Program Files\Dealio\kb124\rules\rules.1.611.79
C:\Program Files\Dealio\kb124\rules\rules.1.614.79
C:\Program Files\Dealio\kb124\rules\rules.1.617.79
C:\Program Files\Dealio\kb124\rules\rules.1.624.80
C:\Program Files\Dealio\kb124\rules\rules.1.63.57
C:\Program Files\Dealio\kb124\rules\rules.1.640.80
C:\Program Files\Dealio\kb124\rules\rules.1.641.80
C:\Program Files\Dealio\kb124\rules\rules.1.66.47
C:\Program Files\Dealio\kb124\rules\rules.1.70.75
C:\Program Files\Dealio\kb124\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(RAJI) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
(RAJI) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"
"Start Page"="https://www.google.fr/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.01net.com/telecharger/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.01net.com/telecharger/"
"Search Bar"="http://home.fr.netscape.com/fr/home/winsearch200.html"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60341"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 23/03/2009| 0:18 - Option : [1]

-----------\\ Fin du rapport a 0:18:55,35
0
Réponse 10 / 54
Utilisateur anonyme
 
Génial!

Tu pourras relancer ToolbarSD et faire l'option 2, celle du nettoyage.

Poste le rapport généré.

=============================================

L'infection Navipromo est supprimée, la toolbar infectieuse aussi.

=============================================

Après avoir posté le rapport toolbar, option2, fais ceci:

Télécharge Malwarebytes Anti-Malware (MBAM):

MBAM

Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.

Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".

Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".

Poste le rapport généré.

A++ ;)
0
Réponse 11 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Voila chef :-) :
jesper ke c le bon :-)


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3000+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : RAJI ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090322-0] 4.8.1335 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:24 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:103 Go (Free:103 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 23/03/2009| 0:32 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\RAJI\APPLIC~1\Dealio\kb124
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb124
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\DOCUME~1\RAJI\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(All Users) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(RAJI) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
(RAJI) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"
"Start Page"="https://www.google.fr/?gws_rd=ssl"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.01net.com/telecharger/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="http://home.fr.netscape.com/fr/home/winsearch200.html"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60341"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60341"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 23/03/2009| 0:18 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 23/03/2009| 0:34 - Option : [2]

-----------\\ Fin du rapport a 0:34:13,05
0
Réponse 12 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
la suite :

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1887
Windows 5.1.2600 Service Pack 2

23/03/2009 00:44:15
mbam-log-2009-03-23 (00-44-15).txt

Type de recherche: Examen rapide
Eléments examinés: 77344
Temps écoulé: 4 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 13 / 54
Utilisateur anonyme
 
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.

--> Ce fichier a besoin que tu redémarres le pc pour être supprimé. Fais-le.

================================================

Au redémarrage: Ré-ouvre MBAM, va dans l'onglet "Quarantaine" et supprime ce qui s'y trouve.

================================================

Puis fais ceci pour vérifier:

Ad-Remover:

▶ Télécharge et enregistre le fichier d installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

▶ Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

▶ Ouvre le dossier Ad-remover présent sur ton bureau

▶ Double clique sur Ad-remover.bat.

▶ Au menu principal choisi l'option "A"

▶ Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 14 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
C'est long, je vais laisser chercher :-)
je te souhaite une très bonne nuit chere ami
a demain jesper
je te poste ca et MERCI
0
Réponse 15 / 54
Utilisateur anonyme
 
Ok! A demain, je raccroche aussi pour ce soir de toute façon.

++
0
Réponse 16 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Salut l'ami ;-)
voila je refais ce ke tu m'a expliké mais il se trouve ke c long, trè long la recherche...
bon j'attend, je te poste ce ke j'ai ensuite
merci
0
Réponse 17 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Voila le rapport je repar en guerre avec ton aide :-)
dis moi, depuis kan fais tu tou ca ??? c geant kan meme :-)


------- LOGFILE OF AD-REMOVER 1.1.2.0 | ONLY XP/VISTA -------

Updated by C_XX on 22/03/2009 at 10:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 18:06:39, Lun 23/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: RAJI-1E11DCCF00
Current User: RAJI - Administrator
Drive(s):
- C:\ (File System: NTFS)
- G:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 49

+-----------------| Boonty/Boonty Games Elements Found:

.
.

+-----------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
.
C:\Program Files\EoRezo
C:\Documents and Settings\RAJI\Application Data\EoRezo

+-----------------| Infected Poker Softwares Elements Found:

.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
HKU\S-1-5-21-1123561945-651377827-725345543-1004\Software\ItsLabel
.
C:\Documents and Settings\RAJI\Application Data\ItsLabel

+-----------------| Sweetim Elements Found:

HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.SWEETIE.1
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\MediaPlayer.GraphicsUtils
HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
HKLM\Software\Classes\MgMediaPlayer.GifAnimator
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
HKLM\Software\Classes\SWEETIE.SWEETIE.1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCR\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\Software\Classes\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKCU\SOFTWARE\Microsoft\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\E4748F9A4181FCE46A23C13B517B9420
.
C:\WINDOWS\Installer\4017e.msi
C:\WINDOWS\Installer\40199.msi
C:\WINDOWS\Installer\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}

============ Other Adwares Found ============

.
HKLM\Software\Trymedia Systems
.
C:\WINDOWS\System32\nsfts.dll

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.7 ----

ProfilePath: (RAJI)
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-1123561945-651377827-725345543-1004\..\Internet Explorer\Main]

Search bar: hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.01net.com/telecharger/
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
SearchAssistant: hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
Search bar: hxxp://home.fr.netscape.com/fr/home/winsearch200.html
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

10600 Byte(s) - C:\Ad-Report-Scan-23.03.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 18:49:45 | 23/03/2009
.
+-----------------| E.O.F - 151 Lines
.
0
Réponse 18 / 54
Utilisateur anonyme
 
Salut!

Depuis pas si longtemps en fait, mais j'ai de bons professeurs! ;))

! Déconnecte toi et ferme toute application en cours !

● Relance "Ad-remover" : au menu principal choisis l'option "B" .

● Coche à l'écran de sélection :



2. Suppression Eorezo

5. Suppression It's TV
6. Suppression Sweetim
7. Suppression autres adwares


Tape le chiffre correspondant à la suppression demandée et valide par ENTREE pour le cocher.

● Puis choisis "S" , le programme va travailler.

● Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide)
0
Réponse 19 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
Jusqu'ici tout va bien :-)
mille thank you !!!
En revanche j'ai cru lire pendan la suppression ke eorezo eté introuvable !!! c koi ?
sinon, voila le rapport, le fameux lol :

------- LOGFILE OF AD-REMOVER 1.1.2.0 | ONLY XP/VISTA -------

Updated by C_XX on 22/03/2009 at 10:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

**** LIMITED TO ****

Eorezo
It's TV
Sweetim
Other Adwares

********************

Start at: 21:31:36, Lun 23/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: RAJI-1E11DCCF00
Current User: RAJI - Administrator
Drive(s):
- C:\ (File System: NTFS)
- G:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 46

(!) ---- IE start pages/Tabs reset

+-----------------| Eorezo Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Program Files\EoRezo
C:\Documents and Settings\RAJI\Application Data\EoRezo

+-----------------| It's TV Elements Deleted :

HKCU\Software\ItsLabel
HKLM\Software\ItsLabel
.
C:\Documents and Settings\RAJI\Application Data\ItsLabel

+-----------------| Sweetim Elements Deleted :

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.SWEETIE.1
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83FA27D5-25B5-4D24-B796-DF742F08A5CF}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}
HKCR\Installer\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKCU\SOFTWARE\Microsoft\Installer\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\428C9AFC877ABE7409DCBBD48BC23F84
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Products\5D72AF385B5242D47B69FD47F2805AFC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-21-1123561945-651377827-725345543-1004\Components\E4748F9A4181FCE46A23C13B517B9420
.
C:\WINDOWS\Installer\4017e.msi
C:\WINDOWS\Installer\40199.msi
C:\WINDOWS\Installer\{CFA9C824-A778-47EB-90CD-BB4DB82CF348}

============ Other Adwares Deleted ============

.
HKLM\Software\Trymedia Systems
.
C:\WINDOWS\System32\nsfts.dll

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.7 ----

ProfilePath: (RAJI)
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1123561945-651377827-725345543-1004\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchAssistant: hxxp://www.crawler.com/search/ie.aspx?tb_id=60341
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

10337 Byte(s) - C:\Ad-Report-Clean-23.03.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
3 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 21:59:29 | 23/03/2009
.
+-----------------| E.O.F - 144 Lines
.
0
Réponse 20 / 54
Saber03 Messages postés 133 Date d'inscription   Statut Membre Dernière intervention  
 
puis-je ajouter autre chose ? lol :-)
je ne sais pa si tu connais le jeu "mission president", c un jeu ke jadore et ki bugué tou le temp en indiquant "violation access...etc" ecran tou noir et fin de la partie et cetai souvent aprè kelke heures de jeu... ben depui ke jai fais ce ke tu ma dis, ca ne le fai plu !!! est ce kil ya un rapport avec tou c virus ke je detruit grace a toi, je ne c pa !? ce ke je pe dire c vraiment te remercier tu m'as enormement aidé !!! tou roule pour le moment ;-)
merci grave !!!

excuz moi c'etai appart ke je dis ca ;-)
revenons au rapport stp
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses
power point code 64 bit requis pour insérer une vidéo
moi31 -
moi31 -

14 réponses