Comment enlever Malware defender 2009
Résolu/Fermé
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
-
24 mars 2009 à 14:26
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 10 févr. 2010 à 21:46
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 10 févr. 2010 à 21:46
A voir également:
- Comment enlever Malware defender 2009
- Desactiver windows defender - Guide
- Windows defender - Télécharger - Antivirus & Antimalwares
- Malware anti malware - Télécharger - Antivirus & Antimalwares
- Comment enlever une page sur word - Guide
- Enlever bing - Guide
17 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 14:34
24 mars 2009 à 14:34
slt,
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
smit fraud fix (colle le rapport)
1/ telecharger :
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double clique sur smitfraudfix. puis sélectionne 1 et appuyer sur entrée afin de créer le rapport des infection présentes.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 14:44
24 mars 2009 à 14:44
aie aie aie!!!
tu as des infections transitant par les supports externes alors branche tes clés usb ....
tu es infecté par des rogues et aussi détourné en ukraine quand tu surf
que du bonheur!
______________
redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veux nettoyer le registre mets oui en tapant 0 et entrée (colle le rapport dans ton prochain message)
_________________
en mode normal fais smitfraudfix option 5 et mets le rapport
____________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
tu as des infections transitant par les supports externes alors branche tes clés usb ....
tu es infecté par des rogues et aussi détourné en ukraine quand tu surf
que du bonheur!
______________
redémarre en mode sans échec (en appuyant sur F8 ou suppr, ou F5 au démarrage en général) puis lance smitfraudfix , sélectionne l'option 2 et appuyer sur entrée pour commencer la désinfection. lorsque le programme demande si tu veux nettoyer le registre mets oui en tapant 0 et entrée (colle le rapport dans ton prochain message)
_________________
en mode normal fais smitfraudfix option 5 et mets le rapport
____________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:22
24 mars 2009 à 15:22
je n arrive pas a redemarer en mode sans echec le pc reste sur une page noire avec un petit trait blanc en haut a gaucjhe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:24
24 mars 2009 à 15:24
alors saute cette étape et passe a la suite
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:27
24 mars 2009 à 15:27
voila le rapport:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-03-24 15:25:49
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (59%) free of 78 GB
Total RAM: 511 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:54, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: {d7a7cd98-d86a-c288-1e14-1f948a7fecb0} - {0bcef7a8-49f1-41e1-882c-a68d89dc7a7d} - C:\WINDOWS\system32\uucetj.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5556A90E-5044-486C-8495-46DB7FF00DC7} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Admin\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MESDOC~1\LOGICI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O20 - AppInit_DLLs: rliehi.dll,gjiwwc.dll qurxeh.dll qvhpvy.dll ahbvad.dll ulwaxe.dll otmuit.dll izduxq.dll tmxkwo.dll mrfarq.dll ywbibn.dll pgjbdv.dll uucetj.dll
O20 - Winlogon Notify: yayvVMGa - yayvVMGa.dll (file missing)
O21 - SSODL: HardwareDrivers - {87D1B9BC-2FAF-4914-AD68-B6FC90A8E24F} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {2ECA0F1D-DDD2-45B9-9282-F3BF1B08AF89} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\fsignhkpfh.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Mes documents\LOGICIELS A INSTALLER\WinStylerThemeSvc.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-03-24 15:25:49
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (59%) free of 78 GB
Total RAM: 511 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:25:54, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: {d7a7cd98-d86a-c288-1e14-1f948a7fecb0} - {0bcef7a8-49f1-41e1-882c-a68d89dc7a7d} - C:\WINDOWS\system32\uucetj.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5556A90E-5044-486C-8495-46DB7FF00DC7} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Admin\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MESDOC~1\LOGICI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.173,85.255.112.122
O20 - AppInit_DLLs: rliehi.dll,gjiwwc.dll qurxeh.dll qvhpvy.dll ahbvad.dll ulwaxe.dll otmuit.dll izduxq.dll tmxkwo.dll mrfarq.dll ywbibn.dll pgjbdv.dll uucetj.dll
O20 - Winlogon Notify: yayvVMGa - yayvVMGa.dll (file missing)
O21 - SSODL: HardwareDrivers - {87D1B9BC-2FAF-4914-AD68-B6FC90A8E24F} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {2ECA0F1D-DDD2-45B9-9282-F3BF1B08AF89} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\fsignhkpfh.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Mes documents\LOGICIELS A INSTALLER\WinStylerThemeSvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:27
24 mars 2009 à 15:27
tu as sauté d'autres etapes :(
fais ceci
en mode normal fais smitfraudfix option 5 et mets le rapport
____________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
fais ceci
en mode normal fais smitfraudfix option 5 et mets le rapport
____________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
_______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:33
24 mars 2009 à 15:33
il me dit que j ai certainement un detournement de DNS:85.255.X.X et me emande oui ou non si je veux reconfigurer mon reseau IP dynamiques -DHCP-
que doit je faire?
que doit je faire?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:34
24 mars 2009 à 15:34
OUI OUI OUI OUI
sinon tu restera détourné en ukraine quand tu surf!!!!!
sinon tu restera détourné en ukraine quand tu surf!!!!!
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:36
24 mars 2009 à 15:36
le rapport :
SmitFraudFix v2.405
Rapport fait à 15:30:02,76, 24/03/2009
Executé à partir de C:\Documents and Settings\Admin\Bureau\SECURITE\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.112.173
DNS Server Search Order: 85.255.112.122
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
SmitFraudFix v2.405
Rapport fait à 15:30:02,76, 24/03/2009
Executé à partir de C:\Documents and Settings\Admin\Bureau\SECURITE\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.112.173
DNS Server Search Order: 85.255.112.122
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:38
24 mars 2009 à 15:38
ok fais la suite
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:41
24 mars 2009 à 15:41
adresse introuvable
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:42
24 mars 2009 à 15:42
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:49
24 mars 2009 à 15:49
J ai bien installer le prog mais rien ne se passe quand je clic dessus,on dirait qu il ne veut pas demarrer
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:51
24 mars 2009 à 15:51
alors mets RSIT
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 15:52
24 mars 2009 à 15:52
Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-03-24 15:52:10
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (59%) free of 78 GB
Total RAM: 511 MB (17% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:11, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: {d7a7cd98-d86a-c288-1e14-1f948a7fecb0} - {0bcef7a8-49f1-41e1-882c-a68d89dc7a7d} - C:\WINDOWS\system32\uucetj.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5556A90E-5044-486C-8495-46DB7FF00DC7} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Mes documents\LOGICIELS A INSTALLER\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Admin\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MESDOC~1\LOGICI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rliehi.dll,gjiwwc.dll qurxeh.dll qvhpvy.dll ahbvad.dll ulwaxe.dll otmuit.dll izduxq.dll tmxkwo.dll mrfarq.dll ywbibn.dll pgjbdv.dll uucetj.dll
O20 - Winlogon Notify: yayvVMGa - yayvVMGa.dll (file missing)
O21 - SSODL: HardwareDrivers - {87D1B9BC-2FAF-4914-AD68-B6FC90A8E24F} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {2ECA0F1D-DDD2-45B9-9282-F3BF1B08AF89} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\fsignhkpfh.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Mes documents\LOGICIELS A INSTALLER\WinStylerThemeSvc.exe
Run by Admin at 2009-03-24 15:52:10
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 46 GB (59%) free of 78 GB
Total RAM: 511 MB (17% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:11, on 24/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: {d7a7cd98-d86a-c288-1e14-1f948a7fecb0} - {0bcef7a8-49f1-41e1-882c-a68d89dc7a7d} - C:\WINDOWS\system32\uucetj.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5556A90E-5044-486C-8495-46DB7FF00DC7} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {77AB5974-55A3-4737-9FD5-B93C64307F78} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] E:\Mes documents\LOGICIELS A INSTALLER\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Admin\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MESDOC~1\LOGICI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: rliehi.dll,gjiwwc.dll qurxeh.dll qvhpvy.dll ahbvad.dll ulwaxe.dll otmuit.dll izduxq.dll tmxkwo.dll mrfarq.dll ywbibn.dll pgjbdv.dll uucetj.dll
O20 - Winlogon Notify: yayvVMGa - yayvVMGa.dll (file missing)
O21 - SSODL: HardwareDrivers - {87D1B9BC-2FAF-4914-AD68-B6FC90A8E24F} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll
O21 - SSODL: DriversLoad - {2ECA0F1D-DDD2-45B9-9282-F3BF1B08AF89} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Media Index\Drivers\fsignhkpfh.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Mes documents\LOGICIELS A INSTALLER\WinStylerThemeSvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 15:59
24 mars 2009 à 15:59
Pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\vmreg.dll
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\syscert.exe
C:\WINDOWS\sys.com
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\reged.exe
C:\Program Files\Malware Defender 2009
C:\Program Files\Search Settings
C:\Program Files\Dealio
C:\Documents and Settings\Admin\Application Data\Dealio
C:\WINDOWS\system32\uucetj.dll
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\WINDOWS\tasks\nfxnxafv.job
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Search Settings\kb127\SearchSettings.dll
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bcef7a8-49f1-41e1-882c-a68d89dc7a7d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5556A90E-5044-486C-8495-46DB7FF00DC7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77AB5974-55A3-4737-9FD5-B93C64307F78}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
"malwaredef"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvVMGa]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
____________________
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_______________
telecharge combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
_________________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\WINDOWS\vmreg.dll
C:\WINDOWS\sysexplorer.exe
C:\WINDOWS\syscert.exe
C:\WINDOWS\sys.com
C:\WINDOWS\spoolsystem.exe
C:\WINDOWS\reged.exe
C:\Program Files\Malware Defender 2009
C:\Program Files\Search Settings
C:\Program Files\Dealio
C:\Documents and Settings\Admin\Application Data\Dealio
C:\WINDOWS\system32\uucetj.dll
C:\Program Files\Malware Defender 2009\malwaredef.exe
C:\WINDOWS\tasks\nfxnxafv.job
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Search Settings\kb127\SearchSettings.dll
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bcef7a8-49f1-41e1-882c-a68d89dc7a7d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5556A90E-5044-486C-8495-46DB7FF00DC7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77AB5974-55A3-4737-9FD5-B93C64307F78}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-
"malwaredef"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayvVMGa]
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
____________________
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
24 mars 2009 à 19:14
24 mars 2009 à 19:14
Voici le rapport
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:45 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:298 Go (Free:253 Go)
F:\ (USB) - FAT - Total:977 Mo (Free:0 Go)
G:\ (Local Disk) - NTFS - Total:74 Go (Free:33 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 24/03/2009|19:08 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Admin\APPLIC~1\Dealio
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\temp\dealio-14326.log
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\WINDOWS\Prefetch\DEALIO.EXE-02130387.pf
C:\WINDOWS\Prefetch\DEALIOAU.EXE-32C4A05D.pf
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Dealio
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\WINDOWS\Prefetch\SEARCHSETTINGSKIT.EXE-2CF0B947.pf
C:\DOCUME~1\Admin\APPLIC~1\Search Settings
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14324.log
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14325.log
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14326.log
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14327.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(Admin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Admin) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http://www.google.fr/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
C:\Program Files\WebMediaPlayer
C:\Program Files\WebMediaPlayer\resources
C:\Program Files\WebMediaPlayer\skins
C:\Program Files\WebMediaPlayer\sqlite3.dll
C:\Program Files\WebMediaPlayer\uninst.exe
C:\Program Files\WebMediaPlayer\updates
C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe
[b]==> EGDACCESS <==/b
C:\WINDOWS\system32\dJiOonnn.ini
C:\WINDOWS\system32\dJiOonnn.ini2
[b]==> VUNDO <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 24/03/2009|19:13 - Option : [1]
-----------\\ Fin du rapport a 19:13:40,09
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Admin ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:45 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:298 Go (Free:253 Go)
F:\ (USB) - FAT - Total:977 Mo (Free:0 Go)
G:\ (Local Disk) - NTFS - Total:74 Go (Free:33 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 24/03/2009|19:08 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Admin\APPLIC~1\Dealio
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\temp\dealio-14326.log
C:\DOCUME~1\Admin\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\WINDOWS\Prefetch\DEALIO.EXE-02130387.pf
C:\WINDOWS\Prefetch\DEALIOAU.EXE-32C4A05D.pf
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Dealio
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\WINDOWS\Prefetch\SEARCHSETTINGSKIT.EXE-2CF0B947.pf
C:\DOCUME~1\Admin\APPLIC~1\Search Settings
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14324.log
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14325.log
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14326.log
C:\DOCUME~1\Admin\APPLIC~1\Search Settings\kb127\temp\ws-14327.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(Admin) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Admin) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="http://www.google.fr/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
C:\Program Files\WebMediaPlayer
C:\Program Files\WebMediaPlayer\resources
C:\Program Files\WebMediaPlayer\skins
C:\Program Files\WebMediaPlayer\sqlite3.dll
C:\Program Files\WebMediaPlayer\uninst.exe
C:\Program Files\WebMediaPlayer\updates
C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe
[b]==> EGDACCESS <==/b
C:\WINDOWS\system32\dJiOonnn.ini
C:\WINDOWS\system32\dJiOonnn.ini2
[b]==> VUNDO <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 24/03/2009|19:13 - Option : [1]
-----------\\ Fin du rapport a 19:13:40,09
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
1
>
dalton72
Messages postés
290
Date d'inscription
jeudi 14 février 2008
Statut
Membre
Dernière intervention
21 janvier 2022
24 mars 2009 à 19:37
24 mars 2009 à 19:37
La je crois que je suis vraiment dans la m....
bonsoir,
pour le meme probleme d'infection malware j'ai suivi tes instructions jusqu'au chargement de Combofix. Voici les deux rapports RSIT. Que dois-je faire maintenant ? merci de ta réponse et de ton aide
mary
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ax£L at 2010-02-10 19:27:30
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 502 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:41, on 10/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Malware Defense\mdefense.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\windows\system32\lkpgmsi.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ax£L\Mes documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Ax£L.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [jgkfetnjq] c:\windows\system32\jgkfetnjq.exe jgkfetnjq
O4 - HKLM\..\Run: [qxvxphlda] c:\windows\system32\qxvxphlda.exe qxvxphlda
O4 - HKLM\..\Run: [vupedxfor] c:\windows\system32\vupedxfor.exe vupedxfor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [lkpgmsi] "c:\windows\system32\lkpgmsi.exe" lkpgmsi
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\AXL~1\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
pour le meme probleme d'infection malware j'ai suivi tes instructions jusqu'au chargement de Combofix. Voici les deux rapports RSIT. Que dois-je faire maintenant ? merci de ta réponse et de ton aide
mary
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ax£L at 2010-02-10 19:27:30
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 27 GB (36%) free of 76 GB
Total RAM: 502 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:41, on 10/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Creative\MediaSource5\MtdAcqu.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Malware Defense\mdefense.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\windows\system32\lkpgmsi.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Ax£L\Mes documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Ax£L.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [jgkfetnjq] c:\windows\system32\jgkfetnjq.exe jgkfetnjq
O4 - HKLM\..\Run: [qxvxphlda] c:\windows\system32\qxvxphlda.exe qxvxphlda
O4 - HKLM\..\Run: [vupedxfor] c:\windows\system32\vupedxfor.exe vupedxfor
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [lkpgmsi] "c:\windows\system32\lkpgmsi.exe" lkpgmsi
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\AXL~1\LOCALS~1\Temp\richtx64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
25 mars 2009 à 10:02
25 mars 2009 à 10:02
tu n'as pas fais la manœuvre avec combofix ....
fais la et seulement après tu mets le rapport toolbar
fais la et seulement après tu mets le rapport toolbar
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
29 mars 2009 à 19:36
29 mars 2009 à 19:36
ok
parfait
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
https://www.avira.com/fr/free-antivirus-windows
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR ou SPYWARE GUARD
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/18128.html
https://www.zonealarm.com/software/free-firewall
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
parfait
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
https://www.avira.com/fr/free-antivirus-windows
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR ou SPYWARE GUARD
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/18128.html
https://www.zonealarm.com/software/free-firewall
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
Bonjour j'ai le même probléme avec Win PC Defender il est toujour là ,il me laisse pas travailler même en télechageant des documents il perturbe mon travail et je n'arrive pas à le suprimé. je veux une solution pour l'enlever définitivement.merci
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
31 mars 2009 à 13:10
31 mars 2009 à 13:10
slt
essaie ceci
si cela persiste tu crée ton propre message car je ne poursuivrait pas ici!
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
essaie ceci
si cela persiste tu crée ton propre message car je ne poursuivrait pas ici!
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
tu vas dans poste de travail, dans c: dans programme file, puis dans malware denfencer: puis tu clic sur "uninstall" et c'est bon..
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
10 févr. 2010 à 21:46
10 févr. 2010 à 21:46
• Télécharge et installe
http://www.commentcamarche.net/telecharger/telecharger-34066197-usbfix
par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " nettoyage et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
______________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
remets un rapport rsit et dis si encore des soucis
http://www.commentcamarche.net/telecharger/telecharger-34066197-usbfix
par Chiquitine29
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .
• Au second menu Choisis l'option " 2 " nettoyage et tape sur [entrée]
• Laisse travailler l'outil.
• Ensuite poste le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
______________________
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
remets un rapport rsit et dis si encore des soucis
24 mars 2009 à 14:41
voici le rapport demande.
SmitFraudFix v2.405
Rapport fait à 14:37:41,81, 24/03/2009
Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wcenter.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\tempo-5896640.tmp
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
C:\autorun.inf PRESENT !
C:\resycled\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\reged.exe PRESENT !
C:\WINDOWS\spoolsystem.exe PRESENT !
C:\WINDOWS\sys.com PRESENT !
C:\WINDOWS\syscert.exe PRESENT !
C:\WINDOWS\sysexplorer.exe PRESENT !
C:\WINDOWS\vmreg.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\Admin\MENUDM~1\PROGRA~1\videosoft PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Admin\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Malware Defender 2009\ PRESENT !
C:\Program Files\videosoft\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="rliehi.dll,gjiwwc.dll qurxeh.dll qvhpvy.dll ahbvad.dll ulwaxe.dll otmuit.dll izduxq.dll tmxkwo.dll mrfarq.dll ywbibn.dll pgjbdv.dll uucetj.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !
Description: NVIDIA nForce MCP Networking Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.112.173
DNS Server Search Order: 85.255.112.122
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C5D09581-161D-4682-802B-6B609233D0DD}: NameServer=85.255.112.236,85.255.112.97
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.112.173,85.255.112.122
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.112.236,85.255.112.97
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin