Trojan.Malscript!html

Fermé
doudou - 26 avril 2009 à 08:57
 doudou - 26 avril 2009 à 22:45
Bonjour,depuis plusieurs jours,dès que j'ouvre internet ou que je change de page,Norton m'annonce qu'il a bloqué Trojan.Malscript!html et une page internet explorer s'ouvre sur un scan qui me dit que mon PC est infecté et que je dois télécharger un antivirus.Bien sur,je ne l'ai pas fait mais je voudrais savoir s'il est possible de supprimer ces ouvertures de pages intempestives.Merci d'avance pour vos réponses.Cordialement.
A voir également:

24 réponses

Merci pour tout le temps passé pour moi.Voici le rapport.Bonne soirée.Cordialement

--> Recherche:

C:\TB.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\herve doucet\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\HJTInstall.exe: trouvé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\ToolBarSD.exe: trouvé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\hijackthis.log: trouvé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\Rsit.exe: trouvé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\SmitFraudfix: trouvé !
C:\Documents and Settings\sylvie perez\Mes documents\Herve DOUCET\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\herve doucet\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\HJTInstall.exe: supprimé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\SmitFraudFix.exe: supprimé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\hijackthis.log: supprimé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\Rsit.exe: supprimé !
C:\Documents and Settings\sylvie perez\Mes documents\Herve DOUCET\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\herve doucet\Mes documents\Herve DOUCET\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
2
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 09:00
Bonjour,

1/ Quel est le nom de ce faux antivirus, stp ?

2/ Télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer ( si sous Vista --> Click droit et executer en tant qu’administrateur )

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

A+
0
Merci pour cette réponse aussi rapide.Le nom est System protector-system protector antivirus-Orange
Scan saved at 09:20:00, on 26/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [A00F135632.exe] C:\DOCUME~1\HERVED~1\LOCALS~1\Temp\_A00F135632.exe
O4 - HKCU\..\Run: [A00F172CDC.exe] C:\DOCUME~1\HERVED~1\LOCALS~1\Temp\_A00F172CDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: __c00309F - C:\WINDOWS\system32\__c00309F.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 09:34
OK,

Merci pour cette précision.

Il y a bien plusieurs infections sur le PC.

1/ tu télécharges smitfraudfix de S!Ri sur ton bureau
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Double clique sur l’exécutable. Il va crée un un dossier SmitFraudFix et lancer l’outil.

tu choisis l' option 1 .
Un rapport sera crée.
Copie/colle le rapport dans ton prochain message.

2/ Télécharge Random's System Information Tool (RSIT) de random/random et enregistre le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur " RSIT.exe " pour le lancer .
dans la fenêtre qui va s’ouvrir choisis 2 months pour l'option "List files/folders created ..." ,
cliques ensuite sur " Continue " pour lancer l'analyse ...

Si la dernière version de HijackThis n'est pas trouvée sur ton PC, RSIT la téléchargera et te demandera d'accepter la licence.

Attends jusqu’à la fin de l’analyse.
deux rapports vont être generés.

Poste uniquement le contenu de " log.txt ", et garde " info.txt " ( dans la barre des tâches), pour analyse, si je te le demande.

Si tu ne les trouves pas,les rapports sont sauvegardés dans le dossier C:\rsit.

A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Merci encore pour ton aide car je ne suis pas trop calé en informatique.Voici les rapports:

Rapport fait à 9:51:56,71, 26/04/2009
Executé à partir de C:\DOCUME~1\HERVED~1\MESDOC~1\HERVED~1\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\DOCUME~1\HERVED~1\MESDOC~1\HERVED~1\SmitfraudFix\Policies.exe
C:\DOCUME~1\HERVED~1\MESDOC~1\HERVED~1\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\herve doucet


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HERVED~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\herve doucet\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 802.11 USB Wireless LAN Adapter #4 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7C5DC29-7D75-4810-9CEE-EA8D2B26CA0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7C5DC29-7D75-4810-9CEE-EA8D2B26CA0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E7C5DC29-7D75-4810-9CEE-EA8D2B26CA0D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

Run by herve doucet at 2009-04-26 09:54:39
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 37 GB (51%) free of 73 GB
Total RAM: 767 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:49, on 26/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\DOCUME~1\HERVED~1\MESDOC~1\HERVED~1\rsit.exe
C:\Program Files\Trend Micro\HijackThis\herve doucet.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trooner.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [A00F135632.exe] C:\DOCUME~1\HERVED~1\LOCALS~1\Temp\_A00F135632.exe
O4 - HKCU\..\Run: [A00F172CDC.exe] C:\DOCUME~1\HERVED~1\LOCALS~1\Temp\_A00F172CDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: __c00309F - C:\WINDOWS\system32\__c00309F.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 10:10
On va commencer par enlever des barres d'outils infectieuses qui se sont installés sur le PC.

Lorsque tu passeras des outils, si tu rencontres des difficultés, n'hésite pas à me le dire.

Télécharge Toolbar-S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 . Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport qui va s’afficher.
Si tu ne le trouves pas, il est situé à C:\TB.txt .

A+
0
Je ne comprends pa sce que tu entends par "passer des outils",merci de me préciser.Voici le rapport:
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : herve doucet ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:36 Go)
D:\ (Local Disk) - FAT32 - Total:71 Go (Free:71 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 26/04/2009|10:20 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\HERVED~1\Cookies\herve_doucet@crawler[1].txt
C:\DOCUME~1\HERVED~1\Cookies\herve_doucet@dnl.crawler[1].txt
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127\temp\dealio-14279.log
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings
C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings\kb127\temp\ws-14359.log
C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings\kb127\temp\ws-14360.log
C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings
C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings\kb127\temp\ws-14331.log
C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings
C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings\kb127\temp\ws-14359.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\IESkins
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\SpamBlockerUtility.log
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\HostOI
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\HostOL
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\HostOI\dynamic
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\HostOI\static
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\HostOL\dynamic
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\HostOL\static
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\buttondir.txt
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.res
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.res
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.res
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.cdf
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\layout.xip
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.txt
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\HERVED~1\Cookies\herve_doucet@surfaccuracy[1].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.trooner.com/"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60076"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlocker
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility_Icons




1 - "C:\ToolBar SD\TB_1.txt" - 26/04/2009|10:22 - Option : [1]

-----------\\ Fin du rapport a 10:22:12,51
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 10:35
Passer des outils --> passer des logiciels pour désinfecter l'ordinateur.

1/ Relance Toolbar-S&D en double-cliquant sur le raccourci.

choisis l'option "2" puis valide en appuyant sur "Entrée".
Ne ferme pas la fenêtre lors de la suppression.

Un nouveau rapport sera généré, poste son contenu ici.

2/ Poste moi un rapport Hijackthis .

A+
0
Voila les rapports.Merci encore.
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 Processor 3500+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : herve doucet ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
C:\ (Local Disk) - NTFS - Total:71 Go (Free:36 Go)
D:\ (Local Disk) - FAT32 - Total:71 Go (Free:71 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 26/04/2009|10:40 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\HERVED~1\Cookies\herve_doucet@crawler[1].txt
Supprime! - C:\DOCUME~1\HERVED~1\Cookies\herve_doucet@dnl.crawler[1].txt
Supprime! - C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio\kb127
Supprime! - C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio\kb127
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
Supprime! - C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\IESkins
Supprime! - C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\SpamBlockerUtility.log
Supprime! - C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility\v3.0
Supprime! - C:\DOCUME~1\HERVED~1\Cookies\herve_doucet@surfaccuracy[1].txt
Supprime! - C:\DOCUME~1\MARIAN~1\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\MICKAE~1\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\HERVED~1\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\MICKAE~1\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\SYLVIE~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
Supprime! - C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076"
"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=60076"


--------------------\\ Recherche d'autres infections

--------------------\\ ROGUES ..

C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlocker
C:\DOCUME~1\HERVED~1\APPLIC~1\SpamBlockerUtility_Icons




1 - "C:\ToolBar SD\TB_1.txt" - 26/04/2009|10:22 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 26/04/2009|10:42 - Option : [2]

Scan saved at 10:44:18, on 26/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [A00F135632.exe] C:\DOCUME~1\HERVED~1\LOCALS~1\Temp\_A00F135632.exe
O4 - HKCU\..\Run: [A00F172CDC.exe] C:\DOCUME~1\HERVED~1\LOCALS~1\Temp\_A00F172CDC.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: __c00309F - C:\WINDOWS\system32\__c00309F.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 10:52
1/ tu fermes ton navigateur.
Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076


Tu choisis l'option " Fixchecked" en bas de la page.

2/ Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’éxecuter .
Accepte. Après la, mise à jour, le logiciel va s’ouvrir.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

le scan dure en moyenne 50 mn.

Je vais devoir m'absenter. Je serais de retour en début d'après-midi.

A+
0
Voici le rapport.J'ai l'impression que tout est rentré dans l'ordre.As-tu une idée de ce qui a déclenché çà?J'ai téléchargé shareaza,il y a peu,penses-tu que ça vient de ça et que je devrais le supprimer?Merci encore et bonne journée.
Version de la base de données: 2043
Windows 5.1.2600 Service Pack 3

26/04/2009 12:08:22
mbam-log-2009-04-26 (12-08-22).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 184060
Temps écoulé: 58 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\__c00309F.dat (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00309f (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\sbtv (Adware.Hotbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions\spam blocker for ms outlook (Adware.Hotbar) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Documents and Settings\herve doucet\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\herve doucet\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\__c00287A4.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00D48A3.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00F8D10.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\Documents and Settings\herve doucet\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\herve doucet\Local Settings\Temp\_A00F135632.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\herve doucet\Local Settings\Temp\_A00F172CDC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00309F.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c001715C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0016884.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00ACD20.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DB02D.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 13:41
On va vérifier cela.

Poste moi un rapport RSIT ( l'icône est sur ton bureau ).
Il n'y aura qu'un seul rapport d'édité.

A+
0
Je suis désolé mais je n'ai que hijackthis et malwarebytes sur mon bureau.Que dois-je faire?Merci d'avance.
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 16:27
Pourtant, tu m'avais posté un rapport RSIT :
http://www.commentcamarche.net/forum/affich 12178541 trojan malscript html?#3

Retélécharge-le s'il le faut et recommence la manip comme indiqué dans le message ci-dessus.

A+
0
Voila le rapport.Merci d'avance.
Run by herve doucet at 2009-04-26 18:17:21
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 37 GB (51%) free of 73 GB
Total RAM: 767 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:31, on 26/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\DOCUME~1\HERVED~1\MESDOC~1\HERVED~1\rsit.exe
C:\Program Files\Trend Micro\HijackThis\herve doucet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 18:48
1/ télécharge AFT Cleaner et enregistre-le sur le bureau.
http://www.atribune.org/ccount/click.php?id=1

Ferme ton navigateur. Double clique sur ATF-Cleaner.exe.
Si Tu as Firefox, clique dans le menu sur ce nom.

Choisis l'option Select All puis valide.

Mets à jour ton PC.

2/ Mets à jour Acrobat Reader. Il est la cible d'attaques et il est important d'avoir la dernière version sur son PC.
https://get2.adobe.com/fr/reader/otherversions/

3/ Télécharge JavaRa de PaulMcLain et Fred De Vries.
https://javara.fr.malavida.com/

* Click droit sur l'archive JavaRa.zip et extraire sur le bureau.
* Un dossier sera crée. L'ouvrir et double-cliquer sur JavaRa.exe pour le lancer
* Choisis la langue ( français )

Une fenêtre va s'ouvrir ou tu auras le choix entre mettre à jour et supprimer les anciennes versions de Java.

- Mise à jour :

* clique sur Recherche de mise à jour et choisis l'option Mettre à jour via jucheck.exe .
* Il te sera précisé si il existe ou pas de nouvelle version à installer sur ton PC.
* Si oui, clique sur Installer puis suis les invites.

Note : Si tu n'y arrives pas avec cette option, choisis l'autre Mettre à jour via le site Internet de Sun .

- Suppression des anciennes versions :

* Relance JavaRa.exe s'il le faut et choisis Effacer les anciennes versions
* Suis les invites.
* Il te sera précisé de la suppression les versions trouvées et supprimées

Un rapport sera crée. Poste-le.

A+
0
Je suis désolé mais je n'arrive pas à télécharger JavaRa et faire tout ce que tu dis en 3.Peux-tu m'aider?Merci d'avance.
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 20:08
Sur le lien que je t'ai indiqué pour le téléchargement de JavarA, si le téléchargement ne se fait pas automatiquement, regarde sur la page, il est écrit téléchargement manuel.

Commence par ce téléchargement. Suis ensuite les consignes.

Pose tes questions si tu as des difficultés.

A+
0
Voilà,j'y suis arrivé:

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Apr 26 21:08:13 2009

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.
0
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 180
26 avril 2009 à 21:18
très bien.

On termine.

1) On va enlever les logiciels qui ont été utilisés..
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/

Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.

Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt.

2/ Tu vas utiliser CCleaner.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

utilise les fonctions nettoyeur et registre.

3) Les points de restauration :

- Panneau de configuration --> Système --> Restauration du système

cocher " Désactiver la restauration .... " ( si elle est cochée sinon la décocher -- > valider -- > cocher )
Une fenêtre va s’ouvrir pour t’avertir que les poins de restauration existants seront supprimés.
Accepte.

Décoche ensuite « Désactiver la restauration .... » pour réactiver la restauration système

- Tu vas recréer un point de restauration propre.

Pour recréer un point de restauration :
Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système
Choisis "Créer un point de restauration". Suis les invites.

A+
0