Probleme de pub IE
Résolu/Fermé
A voir également:
- Probleme de pub IE
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer pub - Guide
- Google payment ie dublin - Forum Réseaux sociaux
143 réponses
Utilisateur anonyme
26 nov. 2008 à 23:35
26 nov. 2008 à 23:35
Navilog n'en fera pas forcement un repas.....bref revenons a notre souci merci
Utilisateur anonyme
26 nov. 2008 à 23:08
26 nov. 2008 à 23:08
salut tu es infectee par le trojan vundo.....
ComboFix:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware et ta connection internet
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
suivi d un nouvel hijackthis s il te plait
ComboFix:
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware et ta connection internet
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
suivi d un nouvel hijackthis s il te plait
alin44
Messages postés
1921
Date d'inscription
samedi 19 juin 2004
Statut
Membre
Dernière intervention
19 juin 2014
233
26 nov. 2008 à 23:08
26 nov. 2008 à 23:08
--
"La différence entre le génie et la bêtise, c'est que le génie a des limites"
ça tu peux vraiment le fixer!!!!!
C:\Program Files\Search Settings\SearchSettings.exe
"La différence entre le génie et la bêtise, c'est que le génie a des limites"
ça tu peux vraiment le fixer!!!!!
C:\Program Files\Search Settings\SearchSettings.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
alin44
Messages postés
1921
Date d'inscription
samedi 19 juin 2004
Statut
Membre
Dernière intervention
19 juin 2014
233
26 nov. 2008 à 23:14
26 nov. 2008 à 23:14
oui cocher cette case et fix cheked
search setting est un véritable parasite
après il y a d'autres manips à faire
search setting est un véritable parasite
après il y a d'autres manips à faire
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 999
26 nov. 2008 à 23:15
26 nov. 2008 à 23:15
Salut,
Ne fixe pas la ligne !!!
Cela ne supprimera pas l'infection !!!
Ne fixe pas la ligne !!!
Cela ne supprimera pas l'infection !!!
alin44
Messages postés
1921
Date d'inscription
samedi 19 juin 2004
Statut
Membre
Dernière intervention
19 juin 2014
233
26 nov. 2008 à 23:18
26 nov. 2008 à 23:18
la tienne
ou navilog
ou navilog
Utilisateur anonyme
26 nov. 2008 à 23:23
26 nov. 2008 à 23:23
Je vais peut etre te paraitre bete mais....tu la vois ou l infection Navipromo ?
alin44
Messages postés
1921
Date d'inscription
samedi 19 juin 2004
Statut
Membre
Dernière intervention
19 juin 2014
233
26 nov. 2008 à 23:30
26 nov. 2008 à 23:30
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\maud\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
je ne prétends pas que navilog peut tout nettoyer,
ceci au dessus c'est vraiment douteux
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
je ne prétends pas que navilog peut tout nettoyer,
ceci au dessus c'est vraiment douteux
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 999
26 nov. 2008 à 23:34
26 nov. 2008 à 23:34
Fais des recherches sur Google quand tu ne sais pas.
http://fbmsoftware.com/spyware-net/process/Dealio_dll/2994/
C'est pas parce qu'on parle qu'on attend pas ton rapport combo ... on est là pour toi bien entendu ! (n'oubliez pas qu'il y a un helpé, si vous avez des histoires de ménage, c'est en MP ... ;-) )
http://fbmsoftware.com/spyware-net/process/Dealio_dll/2994/
C'est pas parce qu'on parle qu'on attend pas ton rapport combo ... on est là pour toi bien entendu ! (n'oubliez pas qu'il y a un helpé, si vous avez des histoires de ménage, c'est en MP ... ;-) )
alin44
Messages postés
1921
Date d'inscription
samedi 19 juin 2004
Statut
Membre
Dernière intervention
19 juin 2014
233
26 nov. 2008 à 23:43
26 nov. 2008 à 23:43
j'ai eu search setting, poutant je suis bien protégé
j'ai fini par l'éliminer totalement en faisant regedit
et rechercher
search setting
en bcp de fois
sur toutes les clés et j'ai fini par ne rien avoir de search setting
et voir dans
egroup
dans IE
tout ça pour expliquer, simplement
j'ai fini par l'éliminer totalement en faisant regedit
et rechercher
search setting
en bcp de fois
sur toutes les clés et j'ai fini par ne rien avoir de search setting
et voir dans
egroup
dans IE
tout ça pour expliquer, simplement
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 999
26 nov. 2008 à 23:47
26 nov. 2008 à 23:47
Toolbar SD ne fera qu'une bouchée de searchsettings.
Utilisateur anonyme
26 nov. 2008 à 23:47
26 nov. 2008 à 23:47
D'accord on a compris.....mais...attendons le rapport maintenant !!!!!!!!!!!!!!!!!
Utilisateur anonyme
26 nov. 2008 à 23:48
26 nov. 2008 à 23:48
c est clair mais il n abattra pas ceci :
O4 - HKCU\..\Run: [22d74454] rundll32.exe "C:\Users\maud\AppData\Local\Temp\ctqyhqgr.dll",b
O4 - HKCU\..\Run: [22d74454] rundll32.exe "C:\Users\maud\AppData\Local\Temp\ctqyhqgr.dll",b
crapoulou
Messages postés
28160
Date d'inscription
mercredi 28 novembre 2007
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 mai 2024
7 999
26 nov. 2008 à 23:52
26 nov. 2008 à 23:52
Non bien sur, combo.
voila j ai fait ta manip mais j ai du réinstaller internet après c est normal et l icone IE est reaparu sur mon bureau ?
RAPPORT COMBOFIX
ComboFix 08-11-26.03 - maud 2008-11-26 23:17:11.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.250.1036.18.1893 [GMT 1:00]
Running from: c:\users\maud\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\maud\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt
c:\users\maud\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\maud\AppData\Roaming\gadcom
c:\users\maud\AppData\Roaming\gadcom\gadcom.exe
c:\users\maud\AppData\Roaming\inst.exe
c:\windows\system32\drivers\asc3550p.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_asc3550p
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 21:41 . 2008-11-26 21:41 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-26 19:07 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 19:07 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 19:07 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 17:46 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 17:30 . 2008-11-26 17:30 <REP> d-------- c:\users\maud\AppData\Roaming\Twain
2008-11-26 12:48 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 19:41 . 2008-11-25 19:41 <REP> d-------- c:\users\All Users\Avira
2008-11-25 19:41 . 2008-11-25 19:41 <REP> d-------- c:\programdata\Avira
2008-11-25 19:41 . 2008-11-25 19:41 <REP> d-------- c:\program files\Avira
2008-11-25 17:13 . 2008-11-25 17:13 7 --a------ c:\windows\sbacknt.bin
2008-11-25 17:12 . 2008-11-26 19:01 <REP> d-------- c:\users\maud\AppData\Roaming\vghd
2008-11-25 17:12 . 2008-11-25 17:12 152,904 --a------ c:\windows\System32\vghd.scr
2008-11-24 22:43 . 2004-05-22 10:42 69,632 --a------ c:\windows\System32\calc.dll
2008-11-24 22:28 . 1999-07-13 14:46 209,408 --a------ c:\windows\System32\tabctl32.ocx
2008-11-24 21:09 . 2008-11-24 21:10 <REP> d-------- c:\users\maud\Karaoke
2008-11-20 13:43 . 1999-07-13 14:46 209,408 --a------ c:\windows\system\tabctl32.ocx
2008-11-20 12:31 . 2008-11-20 12:31 297,327 --a------ c:\windows\System32\SpywareRemover.exe
2008-11-19 23:14 . 2005-08-27 02:38 1,435,272 --a------ c:\windows\System32\Flash.ocx
2008-11-19 23:14 . 2004-03-08 23:00 131,856 --a------ c:\windows\System32\MSADODC.ocx
2008-11-19 23:14 . 2000-12-05 23:00 109,248 --a------ c:\windows\System32\MSWINSCK.OCX
2008-11-19 23:14 . 2000-07-15 05:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL
2008-11-14 06:51 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 06:51 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 06:51 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 06:51 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 06:50 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 06:50 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 06:50 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 06:50 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 06:50 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 16:20 . 2008-11-18 19:33 <REP> d-------- c:\users\maud\Autocad travaux
2008-11-13 05:52 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 05:52 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 05:52 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 19:04 . 2008-11-18 19:31 <REP> d-------- c:\users\All Users\Autodesk
2008-11-12 19:04 . 2008-11-18 19:31 <REP> d-------- c:\programdata\Autodesk
2008-11-12 19:04 . 2008-11-12 19:08 <REP> d-------- c:\program files\AutoCAD 2008
2008-11-12 19:03 . 2008-11-12 19:08 <REP> d-------- c:\program files\Common Files\Autodesk Shared
2008-11-12 18:54 . 2008-11-12 19:03 <REP> d-------- c:\program files\Autodesk
2008-11-12 18:25 . 2008-11-18 19:31 <REP> d-------- c:\users\maud\AppData\Roaming\Autodesk
2008-11-04 19:38 . 2008-11-05 17:12 <REP> d--h----- c:\windows\msdownld.tmp
2008-11-04 19:38 . 2008-11-04 19:38 <REP> d-------- c:\program files\Windows Media Components
2008-11-03 22:12 . 2008-11-03 22:12 <REP> d-------- c:\windows\Setup533
2008-11-03 22:12 . 2002-10-21 11:37 515,803 --a------ c:\windows\System32\drivers\Ca533av.sys
2008-11-03 22:12 . 2002-01-19 15:33 131,072 --a------ c:\windows\System32\Sp5x_32.dll
2008-11-03 22:12 . 2002-07-30 19:40 16,384 --a------ c:\windows\System32\Dext533.ax
2008-11-03 22:12 . 2002-07-25 11:19 10,986 --a------ c:\windows\System32\drivers\Bulk533.sys
2008-11-03 22:12 . 2002-04-29 14:06 163 --a------ c:\windows\Setup533.ini
2008-11-03 22:09 . 2008-11-03 22:09 <REP> d-------- c:\windows\System32\Adobe
2008-11-03 22:09 . 2008-11-03 22:09 <REP> d-------- c:\windows\Profiles
2008-11-03 22:09 . 2008-11-03 22:09 <REP> d-------- c:\users\maud\AppData\Roaming\InterTrust
2008-11-03 22:09 . 1998-11-13 12:16 308,224 --a------ c:\windows\IsUn040c.exe
2008-11-03 22:04 . 2008-11-03 22:04 <REP> d-------- c:\windows\CameraInstall
2008-11-03 22:02 . 2001-11-02 15:10 163,840 --a------ c:\windows\System32\PhotoImpression Screen Saver.scr
2008-11-03 22:01 . 2008-11-03 22:01 <REP> d-------- c:\program files\ArcSoft
2008-11-03 22:01 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2008-11-03 22:01 . 2002-03-25 10:12 21 --a------ c:\windows\PI4_setup.ini
2008-11-03 21:49 . 2008-11-03 21:49 0 --ah----- c:\windows\System32\drivers\Msft_User_UsbDr_01_00_00.Wdf
2008-10-29 10:46 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 10:46 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 10:46 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 16:47 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-27 16:47 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-27 16:47 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-27 16:47 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-27 16:47 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 21:34 --------- d-----w c:\programdata\Google Updater
2008-11-25 16:26 109,249 ----a-w c:\program files\MSWINSCK.OCX
2008-11-25 16:04 --------- d-----w c:\users\maud\AppData\Roaming\LimeWire
2008-11-24 20:26 --------- d-----w c:\users\maud\AppData\Roaming\OpenOffice.org2
2008-11-20 15:57 4,942 ----a-w c:\users\maud\AppData\Roaming\wklnhst.dat
2008-11-12 17:54 --------- d-----w c:\program files\Autodesk Network License Manager
2008-11-03 21:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 21:09 --------- d-----w c:\program files\Common Files\Adobe
2008-10-27 16:11 --------- d-----w c:\users\maud\AppData\Roaming\DNA
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\MegauploadToolbar
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\Megaupload
2008-10-23 10:30 --------- d-----w c:\programdata\Megaupload
2008-10-23 10:30 --------- d-----w c:\programdata\EmailNotifier
2008-10-23 10:30 --------- d-----w c:\program files\MegauploadToolbar
2008-10-23 10:29 --------- d-----w c:\program files\Megaupload
2008-10-22 21:12 --------- d-----w c:\program files\Counter-Strike Source
2008-10-21 15:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 15:21 --------- d-----w c:\program files\Java
2008-10-16 17:44 --------- d-----w c:\program files\Windows Mail
2008-10-14 15:39 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-11 18:15 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 18:15 --------- d-----w c:\program files\iTunes
2008-10-11 18:15 --------- d-----w c:\program files\iPod
2008-10-11 18:14 --------- d-----w c:\program files\Bonjour
2008-10-10 22:08 --------- d-----w c:\program files\Common Files\Totem Shared
2008-10-10 21:01 47,360 ----a-w c:\users\maud\AppData\Roaming\pcouffin.sys
2008-10-10 21:01 --------- d-----w c:\users\maud\AppData\Roaming\Vso
2008-10-09 21:27 --------- d-----w c:\users\maud\AppData\Roaming\BitTorrent
2008-10-09 21:11 --------- d-----w c:\program files\Common Files\Droppix
2008-10-09 21:10 --------- d-----w c:\programdata\Droppix
2008-10-09 21:10 --------- d-----w c:\program files\Droppix
2008-10-09 20:18 --------- d-----w c:\program files\BitTorrent
2008-10-09 20:16 --------- d-----w c:\program files\LuckyTender
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\dvdcss
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\CyberLink
2008-10-09 19:53 --------- d-----w c:\programdata\CyberLink
2008-10-09 19:33 --------- d-----w c:\program files\Common Files\Ahead
2008-10-09 19:24 --------- d-----w c:\programdata\Nero
2008-10-09 19:24 --------- d-----w c:\program files\Common Files\Nero
2008-10-09 19:06 --------- d-----w c:\program files\Nero
2008-10-09 18:44 --------- d-----w c:\users\maud\AppData\Roaming\Droppix
2008-10-09 18:44 --------- d-----w c:\program files\Common Files\Codejock Software
2008-10-09 18:18 --------- d-----w c:\program files\Search Settings
2008-10-09 18:18 --------- d-----w c:\program files\Dealio
2008-10-09 17:35 --------- d-----w c:\program files\Micro Application
2008-10-09 11:49 --------- d-----w c:\programdata\LightScribe
2008-10-08 20:19 --------- d-----w c:\users\maud\AppData\Roaming\Nero
2008-10-08 19:57 --------- d-----w c:\program files\AskTBar
2008-10-08 19:36 --------- d---a-w c:\program files\Common Files\LightScribe
2008-10-08 18:51 --------- d-----w c:\programdata\vsosdk
2008-10-08 18:18 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-08 18:01 --------- d-----w c:\program files\HT MPEG Encoder 7.0 Trial
2008-10-06 20:21 --------- d-----w c:\program files\LimeWire
2008-10-01 20:39 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-09-30 20:56 --------- d-----w c:\program files\Electronic Arts
2008-09-28 20:00 --------- d-----w c:\program files\Kaspersky Lab
2008-09-28 19:23 --------- d-----w c:\programdata\eMule
2008-09-28 19:18 --------- d-----w c:\program files\DNA
2008-07-04 18:56 174 --sha-w c:\program files\desktop.ini
2008-07-02 20:15 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-20 297327]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
c:\users\autre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Need.For.Speed.Carbon.FRENCH-ReVOLVeR.iso [2006-11-04 3818127360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-06-18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
[HKLM\~\startupfolder\C:^Users^maud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\maud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-09-11 15:51 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2008-05-26 18:50 595296 c:\program files\Dealio\DealioAU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-09-28 21:04 289088 c:\users\maud\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
--a------ 2007-03-01 07:01 180736 c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-04 19:00 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-03 18:02 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 19:10 21898024 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 08:21 648072 c:\windows\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2A13FD50-7C0E-45D0-BE41-9AA064C25C31}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1C960DB5-C071-4C67-94F3-73E5F8188271}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{843D7A5A-5F16-40A4-9689-9177FC672F9D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{9F4AD292-52BB-42E0-B6AA-6F205D7F9951}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C5EF3E05-313B-4B9C-860E-3B0D51E7E2D6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{178DA06D-4B2F-4931-8403-7B477E9A3694}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F319C5A2-F703-476B-83D5-C3B1DC9541A2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{AA4F021C-DFE3-4540-95E6-E3A5C66E9574}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{7266D896-699B-4D41-805A-7A90184AFF2C}c:\\users\\maud\\videos\\emule\\emule.exe"= UDP:c:\users\maud\videos\emule\emule.exe:emule.exe
"UDP Query User{C8308E38-6714-47D4-AD0C-6CC07C54DF34}c:\\users\\maud\\videos\\emule\\emule.exe"= TCP:c:\users\maud\videos\emule\emule.exe:emule.exe
"{72AFBBA3-FCD4-4C93-BD6E-963CB3541B32}"= UDP:34823:Emule
"{F79F2CF8-CA46-4105-B7A1-4592FE3DE24D}"= TCP:41812:Emule
"{43B9118F-CA78-4CBE-9411-414FE272A1E5}"= UDP:c:\windows\Temp\~os6152.tmp\ossproxy.exe:ossproxy.exe
"{A822532A-0AC0-4239-B1BD-3299FAB995C3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCC6BC8A-1557-45A7-8DF8-0346F6A913A6}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{60ACB9B1-D2FA-4BCA-935C-C6296B03B6A3}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{1A95C0D2-309A-4478-A821-DF4AC7675F87}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5906BBB-D3EC-4E8D-B40B-9DB31D6EFD67}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{09B24350-E89B-4F84-812C-64E2BB1BB339}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{60D68592-CAFD-4665-9260-6CDA57AB10A6}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{878A604A-4232-4A48-8B16-45C223406FCA}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{6A5909B6-C4EB-4B1E-8957-3600A00A89F4}c:\\kav\\kav8.0\\french\\setup.exe"= UDP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{54FC41B9-9355-4D82-8608-AF6E00AB3FC7}c:\\kav\\kav8.0\\french\\setup.exe"= TCP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"{5BABE5D7-9426-4EC5-B5F8-F20869C7F7F2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{2DA1DCF7-D533-489C-96E0-25C5CA5D60BE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{408AEB7E-890C-479E-BBD5-9E3D5BA593CD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{F93A0F73-80AC-4E0B-8BFC-DD5EB86C2361}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{AA4F6B08-E405-424B-A2CC-2DB24D56E0DF}c:\\users\\maud\\program files\\dna\\btdna.exe"= UDP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F16F1BB3-0A83-417C-896D-9BF662220B01}c:\\users\\maud\\program files\\dna\\btdna.exe"= TCP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7114C21B-1AFE-40D2-9841-78EC86E83B6B}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"UDP Query User{259F00DC-528A-43CE-AE88-9989CEA94FB8}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"TCP Query User{322264AD-AF96-4933-8E6C-6561AD45EC7B}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"UDP Query User{0882CA1C-9CC1-4C42-99DB-E4C6F4C30DD8}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"{E637264D-B711-4B38-8E01-7284B6936BF6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE1F0106-1726-4206-A7C9-7D5C4F82C0F3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EC54280A-2FDB-4C52-9CC5-E51E8357C9FF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89F59DE9-0537-4298-A503-77E1E38A226D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{56E4123E-26BE-4953-A3EF-E6EC0C2E2680}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= UDP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
"UDP Query User{D548C160-D973-4B25-81B1-CCFDEE41234C}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= TCP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-06-18 33792]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-11-26 3151872]
S3 Droppix Service;Droppix Service;"c:\program files\Common Files\Droppix\DxService.exe" [2008-10-09 147456]
S3 GameConsoleService;GameConsoleService;"c:\program files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 181800]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 29744]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2008-11-03 10986]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e195451-3c3f-11dd-afe9-001e8c4dba9c}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542febc-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - N:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542fef1-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - O:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
ShellExecuteHooks-{C81BAB98-02D9-4CCD-BC3B-9A0C4609706F} - (no file)
MSConfigStartUp-Lexmark 5200 series - c:\program files\Lexmark 5200 series\lxbtbmgr.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\maud\AppData\Roaming\Mozilla\Firefox\Profiles\jrr3b55e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\users\maud\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 23:22:12
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Internet Explorer\ieuser.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-11-26 23:25:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 22:25:24
Pre-Run: 304 531 308 544 octets libres
Post-Run: 312,220,733,440 octets libres
342 --- E O F --- 2008-11-26 20:10:56
RAPPORT hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:39, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\maud\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\maud\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D307E1CC-267F-44F2-8075-F4B1E056916C}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
RAPPORT COMBOFIX
ComboFix 08-11-26.03 - maud 2008-11-26 23:17:11.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.250.1036.18.1893 [GMT 1:00]
Running from: c:\users\maud\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\maud\AppData\Local\Microsoft\Windows\Temporary Internet Files\bestwiner.stt
c:\users\maud\AppData\Local\Microsoft\Windows\Temporary Internet Files\fbk.sts
c:\users\maud\AppData\Roaming\gadcom
c:\users\maud\AppData\Roaming\gadcom\gadcom.exe
c:\users\maud\AppData\Roaming\inst.exe
c:\windows\system32\drivers\asc3550p.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_asc3550p
-------\Service_RelevantKnowledge
((((((((((((((((((((((((( Files Created from 2008-10-26 to 2008-11-26 )))))))))))))))))))))))))))))))
.
2008-11-26 21:41 . 2008-11-26 21:41 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-26 19:07 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 19:07 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 19:07 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 17:46 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 17:30 . 2008-11-26 17:30 <REP> d-------- c:\users\maud\AppData\Roaming\Twain
2008-11-26 12:48 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 19:41 . 2008-11-25 19:41 <REP> d-------- c:\users\All Users\Avira
2008-11-25 19:41 . 2008-11-25 19:41 <REP> d-------- c:\programdata\Avira
2008-11-25 19:41 . 2008-11-25 19:41 <REP> d-------- c:\program files\Avira
2008-11-25 17:13 . 2008-11-25 17:13 7 --a------ c:\windows\sbacknt.bin
2008-11-25 17:12 . 2008-11-26 19:01 <REP> d-------- c:\users\maud\AppData\Roaming\vghd
2008-11-25 17:12 . 2008-11-25 17:12 152,904 --a------ c:\windows\System32\vghd.scr
2008-11-24 22:43 . 2004-05-22 10:42 69,632 --a------ c:\windows\System32\calc.dll
2008-11-24 22:28 . 1999-07-13 14:46 209,408 --a------ c:\windows\System32\tabctl32.ocx
2008-11-24 21:09 . 2008-11-24 21:10 <REP> d-------- c:\users\maud\Karaoke
2008-11-20 13:43 . 1999-07-13 14:46 209,408 --a------ c:\windows\system\tabctl32.ocx
2008-11-20 12:31 . 2008-11-20 12:31 297,327 --a------ c:\windows\System32\SpywareRemover.exe
2008-11-19 23:14 . 2005-08-27 02:38 1,435,272 --a------ c:\windows\System32\Flash.ocx
2008-11-19 23:14 . 2004-03-08 23:00 131,856 --a------ c:\windows\System32\MSADODC.ocx
2008-11-19 23:14 . 2000-12-05 23:00 109,248 --a------ c:\windows\System32\MSWINSCK.OCX
2008-11-19 23:14 . 2000-07-15 05:00 101,888 --a------ c:\windows\System32\VB6STKIT.DLL
2008-11-14 06:51 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 06:51 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 06:51 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 06:51 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 06:50 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 06:50 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 06:50 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 06:50 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 06:50 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 16:20 . 2008-11-18 19:33 <REP> d-------- c:\users\maud\Autocad travaux
2008-11-13 05:52 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 05:52 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 05:52 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 19:04 . 2008-11-18 19:31 <REP> d-------- c:\users\All Users\Autodesk
2008-11-12 19:04 . 2008-11-18 19:31 <REP> d-------- c:\programdata\Autodesk
2008-11-12 19:04 . 2008-11-12 19:08 <REP> d-------- c:\program files\AutoCAD 2008
2008-11-12 19:03 . 2008-11-12 19:08 <REP> d-------- c:\program files\Common Files\Autodesk Shared
2008-11-12 18:54 . 2008-11-12 19:03 <REP> d-------- c:\program files\Autodesk
2008-11-12 18:25 . 2008-11-18 19:31 <REP> d-------- c:\users\maud\AppData\Roaming\Autodesk
2008-11-04 19:38 . 2008-11-05 17:12 <REP> d--h----- c:\windows\msdownld.tmp
2008-11-04 19:38 . 2008-11-04 19:38 <REP> d-------- c:\program files\Windows Media Components
2008-11-03 22:12 . 2008-11-03 22:12 <REP> d-------- c:\windows\Setup533
2008-11-03 22:12 . 2002-10-21 11:37 515,803 --a------ c:\windows\System32\drivers\Ca533av.sys
2008-11-03 22:12 . 2002-01-19 15:33 131,072 --a------ c:\windows\System32\Sp5x_32.dll
2008-11-03 22:12 . 2002-07-30 19:40 16,384 --a------ c:\windows\System32\Dext533.ax
2008-11-03 22:12 . 2002-07-25 11:19 10,986 --a------ c:\windows\System32\drivers\Bulk533.sys
2008-11-03 22:12 . 2002-04-29 14:06 163 --a------ c:\windows\Setup533.ini
2008-11-03 22:09 . 2008-11-03 22:09 <REP> d-------- c:\windows\System32\Adobe
2008-11-03 22:09 . 2008-11-03 22:09 <REP> d-------- c:\windows\Profiles
2008-11-03 22:09 . 2008-11-03 22:09 <REP> d-------- c:\users\maud\AppData\Roaming\InterTrust
2008-11-03 22:09 . 1998-11-13 12:16 308,224 --a------ c:\windows\IsUn040c.exe
2008-11-03 22:04 . 2008-11-03 22:04 <REP> d-------- c:\windows\CameraInstall
2008-11-03 22:02 . 2001-11-02 15:10 163,840 --a------ c:\windows\System32\PhotoImpression Screen Saver.scr
2008-11-03 22:01 . 2008-11-03 22:01 <REP> d-------- c:\program files\ArcSoft
2008-11-03 22:01 . 1999-05-26 09:46 212,480 --a------ c:\windows\pcdlib32.dll
2008-11-03 22:01 . 2002-03-25 10:12 21 --a------ c:\windows\PI4_setup.ini
2008-11-03 21:49 . 2008-11-03 21:49 0 --ah----- c:\windows\System32\drivers\Msft_User_UsbDr_01_00_00.Wdf
2008-10-29 10:46 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-10-29 10:46 . 2008-09-18 05:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-10-29 10:46 . 2008-09-18 05:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-27 16:47 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-27 16:47 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-27 16:47 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-27 16:47 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-27 16:47 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 21:34 --------- d-----w c:\programdata\Google Updater
2008-11-25 16:26 109,249 ----a-w c:\program files\MSWINSCK.OCX
2008-11-25 16:04 --------- d-----w c:\users\maud\AppData\Roaming\LimeWire
2008-11-24 20:26 --------- d-----w c:\users\maud\AppData\Roaming\OpenOffice.org2
2008-11-20 15:57 4,942 ----a-w c:\users\maud\AppData\Roaming\wklnhst.dat
2008-11-12 17:54 --------- d-----w c:\program files\Autodesk Network License Manager
2008-11-03 21:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 21:09 --------- d-----w c:\program files\Common Files\Adobe
2008-10-27 16:11 --------- d-----w c:\users\maud\AppData\Roaming\DNA
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\MegauploadToolbar
2008-10-23 10:30 --------- d-----w c:\users\maud\AppData\Roaming\Megaupload
2008-10-23 10:30 --------- d-----w c:\programdata\Megaupload
2008-10-23 10:30 --------- d-----w c:\programdata\EmailNotifier
2008-10-23 10:30 --------- d-----w c:\program files\MegauploadToolbar
2008-10-23 10:29 --------- d-----w c:\program files\Megaupload
2008-10-22 21:12 --------- d-----w c:\program files\Counter-Strike Source
2008-10-21 15:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 15:21 --------- d-----w c:\program files\Java
2008-10-16 17:44 --------- d-----w c:\program files\Windows Mail
2008-10-14 15:39 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-11 18:15 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-11 18:15 --------- d-----w c:\program files\iTunes
2008-10-11 18:15 --------- d-----w c:\program files\iPod
2008-10-11 18:14 --------- d-----w c:\program files\Bonjour
2008-10-10 22:08 --------- d-----w c:\program files\Common Files\Totem Shared
2008-10-10 21:01 47,360 ----a-w c:\users\maud\AppData\Roaming\pcouffin.sys
2008-10-10 21:01 --------- d-----w c:\users\maud\AppData\Roaming\Vso
2008-10-09 21:27 --------- d-----w c:\users\maud\AppData\Roaming\BitTorrent
2008-10-09 21:11 --------- d-----w c:\program files\Common Files\Droppix
2008-10-09 21:10 --------- d-----w c:\programdata\Droppix
2008-10-09 21:10 --------- d-----w c:\program files\Droppix
2008-10-09 20:18 --------- d-----w c:\program files\BitTorrent
2008-10-09 20:16 --------- d-----w c:\program files\LuckyTender
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\dvdcss
2008-10-09 19:53 --------- d-----w c:\users\maud\AppData\Roaming\CyberLink
2008-10-09 19:53 --------- d-----w c:\programdata\CyberLink
2008-10-09 19:33 --------- d-----w c:\program files\Common Files\Ahead
2008-10-09 19:24 --------- d-----w c:\programdata\Nero
2008-10-09 19:24 --------- d-----w c:\program files\Common Files\Nero
2008-10-09 19:06 --------- d-----w c:\program files\Nero
2008-10-09 18:44 --------- d-----w c:\users\maud\AppData\Roaming\Droppix
2008-10-09 18:44 --------- d-----w c:\program files\Common Files\Codejock Software
2008-10-09 18:18 --------- d-----w c:\program files\Search Settings
2008-10-09 18:18 --------- d-----w c:\program files\Dealio
2008-10-09 17:35 --------- d-----w c:\program files\Micro Application
2008-10-09 11:49 --------- d-----w c:\programdata\LightScribe
2008-10-08 20:19 --------- d-----w c:\users\maud\AppData\Roaming\Nero
2008-10-08 19:57 --------- d-----w c:\program files\AskTBar
2008-10-08 19:36 --------- d---a-w c:\program files\Common Files\LightScribe
2008-10-08 18:51 --------- d-----w c:\programdata\vsosdk
2008-10-08 18:18 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-08 18:01 --------- d-----w c:\program files\HT MPEG Encoder 7.0 Trial
2008-10-06 20:21 --------- d-----w c:\program files\LimeWire
2008-10-01 20:39 --------- d-----w c:\programdata\Kaspersky Lab Setup Files
2008-09-30 20:56 --------- d-----w c:\program files\Electronic Arts
2008-09-28 20:00 --------- d-----w c:\program files\Kaspersky Lab
2008-09-28 19:23 --------- d-----w c:\programdata\eMule
2008-09-28 19:18 --------- d-----w c:\program files\DNA
2008-07-04 18:56 174 --sha-w c:\program files\desktop.ini
2008-07-02 20:15 22 --sha-w c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 13:54 1555480 --a------ c:\program files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-20 297327]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
c:\users\autre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Need.For.Speed.Carbon.FRENCH-ReVOLVeR.iso [2006-11-04 3818127360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"= "c:\windows\system32\EZUPBH~1.DLL" [2008-06-18 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"VIDC.SP54"= SP5X_32.DLL
[HKLM\~\startupfolder\C:^Users^maud^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\users\maud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-09-11 15:51 4608 c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 11:57 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
--a------ 2008-05-26 18:50 595296 c:\program files\Dealio\DealioAU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-09-28 21:04 289088 c:\users\maud\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
--a------ 2007-03-01 07:01 180736 c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-08-04 19:00 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
--a------ 2007-10-03 18:02 1783136 c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-12 19:10 21898024 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
--a------ 2007-05-31 08:21 648072 c:\windows\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2A13FD50-7C0E-45D0-BE41-9AA064C25C31}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1C960DB5-C071-4C67-94F3-73E5F8188271}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{843D7A5A-5F16-40A4-9689-9177FC672F9D}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{9F4AD292-52BB-42E0-B6AA-6F205D7F9951}c:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:c:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{C5EF3E05-313B-4B9C-860E-3B0D51E7E2D6}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{178DA06D-4B2F-4931-8403-7B477E9A3694}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{F319C5A2-F703-476B-83D5-C3B1DC9541A2}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{AA4F021C-DFE3-4540-95E6-E3A5C66E9574}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{7266D896-699B-4D41-805A-7A90184AFF2C}c:\\users\\maud\\videos\\emule\\emule.exe"= UDP:c:\users\maud\videos\emule\emule.exe:emule.exe
"UDP Query User{C8308E38-6714-47D4-AD0C-6CC07C54DF34}c:\\users\\maud\\videos\\emule\\emule.exe"= TCP:c:\users\maud\videos\emule\emule.exe:emule.exe
"{72AFBBA3-FCD4-4C93-BD6E-963CB3541B32}"= UDP:34823:Emule
"{F79F2CF8-CA46-4105-B7A1-4592FE3DE24D}"= TCP:41812:Emule
"{43B9118F-CA78-4CBE-9411-414FE272A1E5}"= UDP:c:\windows\Temp\~os6152.tmp\ossproxy.exe:ossproxy.exe
"{A822532A-0AC0-4239-B1BD-3299FAB995C3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FCC6BC8A-1557-45A7-8DF8-0346F6A913A6}"= UDP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{60ACB9B1-D2FA-4BCA-935C-C6296B03B6A3}"= TCP:c:\program files\RelevantKnowledge\rlvknlg.exe:rlvknlg.exe
"{1A95C0D2-309A-4478-A821-DF4AC7675F87}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5906BBB-D3EC-4E8D-B40B-9DB31D6EFD67}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{09B24350-E89B-4F84-812C-64E2BB1BB339}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{60D68592-CAFD-4665-9260-6CDA57AB10A6}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= UDP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"UDP Query User{878A604A-4232-4A48-8B16-45C223406FCA}c:\\program files\\ea games\\need for speed underground 2\\speed2.exe"= TCP:c:\program files\ea games\need for speed underground 2\speed2.exe:speed2
"TCP Query User{6A5909B6-C4EB-4B1E-8957-3600A00A89F4}c:\\kav\\kav8.0\\french\\setup.exe"= UDP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"UDP Query User{54FC41B9-9355-4D82-8608-AF6E00AB3FC7}c:\\kav\\kav8.0\\french\\setup.exe"= TCP:c:\kav\kav8.0\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009
"{5BABE5D7-9426-4EC5-B5F8-F20869C7F7F2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{2DA1DCF7-D533-489C-96E0-25C5CA5D60BE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{408AEB7E-890C-479E-BBD5-9E3D5BA593CD}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"UDP Query User{F93A0F73-80AC-4E0B-8BFC-DD5EB86C2361}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:µTorrent
"TCP Query User{AA4F6B08-E405-424B-A2CC-2DB24D56E0DF}c:\\users\\maud\\program files\\dna\\btdna.exe"= UDP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"UDP Query User{F16F1BB3-0A83-417C-896D-9BF662220B01}c:\\users\\maud\\program files\\dna\\btdna.exe"= TCP:c:\users\maud\program files\dna\btdna.exe:btdna.exe
"TCP Query User{7114C21B-1AFE-40D2-9841-78EC86E83B6B}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"UDP Query User{259F00DC-528A-43CE-AE88-9989CEA94FB8}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009
"TCP Query User{322264AD-AF96-4933-8E6C-6561AD45EC7B}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= UDP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"UDP Query User{0882CA1C-9CC1-4C42-99DB-E4C6F4C30DD8}c:\\program files\\electronic arts\\need for speed carbon\\nfsc.exe"= TCP:c:\program files\electronic arts\need for speed carbon\nfsc.exe:nfsc
"{E637264D-B711-4B38-8E01-7284B6936BF6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EE1F0106-1726-4206-A7C9-7D5C4F82C0F3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EC54280A-2FDB-4C52-9CC5-E51E8357C9FF}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{89F59DE9-0537-4298-A503-77E1E38A226D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{56E4123E-26BE-4953-A3EF-E6EC0C2E2680}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= UDP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
"UDP Query User{D548C160-D973-4B25-81B1-CCFDEE41234C}c:\\users\\maud\\appdata\\local\\temp\\rar$ex00.645\\chantal v1.0.exe"= TCP:c:\users\maud\appdata\local\temp\rar$ex00.645\chantal v1.0.exe:chantal v1.0.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 ezntsvc;EasyBits Magic Desktop Services for Windows NT;c:\windows\system32\ezNTSvc.exe [2008-06-18 33792]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-11-26 3151872]
S3 Droppix Service;Droppix Service;"c:\program files\Common Files\Droppix\DxService.exe" [2008-10-09 147456]
S3 GameConsoleService;GameConsoleService;"c:\program files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-24 181800]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-04 29744]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys [2008-11-03 10986]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e195451-3c3f-11dd-afe9-001e8c4dba9c}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542febc-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - N:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e542fef1-62cf-11dd-9820-001e8c4dba9c}]
\shell\AutoRun\command - O:\Autorun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
ShellExecuteHooks-{C81BAB98-02D9-4CCD-BC3B-9A0C4609706F} - (no file)
MSConfigStartUp-Lexmark 5200 series - c:\program files\Lexmark 5200 series\lxbtbmgr.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\maud\AppData\Roaming\Mozilla\Firefox\Profiles\jrr3b55e.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\users\maud\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 23:22:12
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\Internet Explorer\ieuser.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-11-26 23:25:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-26 22:25:24
Pre-Run: 304 531 308 544 octets libres
Post-Run: 312,220,733,440 octets libres
342 --- E O F --- 2008-11-26 20:10:56
RAPPORT hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:55:39, on 26/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\maud\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\Windows\system32\SpywareRemover.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\maud\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{D307E1CC-267F-44F2-8075-F4B1E056916C}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:\Windows\system32\ezNTSvc.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Utilisateur anonyme
27 nov. 2008 à 00:01
27 nov. 2008 à 00:01
Magnifique maintenant Toolbar S&D :
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
voila;
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
USER : maud ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:455 Go (Free:288 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
L:\ (USB)
M:\ (USB)
N:\ (CD or DVD)
O:\ (CD or DVD)
P:\ (USB)
Q:\ (USB)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 27/11/2008| 0:02 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\Users\maud\AppData\Roaming\MICROS~1\Windows\Cookies\maud@mysearch[1].txt
C:\Windows\Prefetch\SEARCHSETTINGS.EXE-93C1DB37.pf
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\Windows\iun6002.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT1098640"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\maud\AppData\Roaming\BitTorrent\Droppix Label Maker ver 2.9.2.0 + Crack.torrent
C:\Users\maud\AppData\Roaming\BitTorrent\Kaspersky 2009 Crack.exe.torrent
C:\Users\maud\AppData\Roaming\BitTorrent\Kaspersky Antivirus new 2009 Platinum Editions +New Keys + completly crack.,.,.torrent
C:\Users\maud\AppData\Roaming\BitTorrent\Kaspersky AV 2009 Crack recomended.torrent
C:\Users\maud\AppData\Roaming\LimeWire\.AppSpecialShare\Kaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE.torrent
C:\Users\maud\AppData\Roaming\Microsoft\Office\Recent\crack nocd nfs need for speed carbon fr.LNK
C:\Users\maud\Documents\LimeWire\Incomplete\6XRNXSSJQEMQMINYX5F2S5DLR6PPFFB4\.datKaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE
C:\Users\maud\Documents\LimeWire\Incomplete\6XRNXSSJQEMQMINYX5F2S5DLR6PPFFB4\Kaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE
C:\Users\maud\Music\Eminem\VA-Eminem_Presents_The_Re-Up-2006-RNS\VA-Eminem_Presents_The_Re-Up-2006-RNS\08-eminem_and_50_cent-jimmy_crack_corn.mp3
C:\Users\maud\Music\Rockin-Squat\Rockin__Squat_-_Too_Hot_For_TV-2007-BY_POPOF\Rockin' Squat - Too Hot For TV-2007-BY POPOF\05 Crack game.mp3
C:\Users\maud\programme\Crack Empire Earth2 Fr.txt
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr
C:\Users\maud\programme\Nero 9 Ultra Edition 9.0.9.4b + New KeyGen serial valid crack Burning ROM retail upgrade box version(1).txt
C:\Users\maud\programme\Nfs Need For Speed Carbon PC + Crack Keygen FR Le Vrai
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen
C:\Users\maud\programme\[PC] NFS Need For Speed Carbon FR + Crack.iso
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\1 a voir image impressionante emule insolite incroyable superbe rare accident mickamila.JPG
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\1 pps impressionnant insolite incroyable accident crash a voir absolument drole funny tres belle photo spectaculaire 2006 mickamila.pps
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\demarche a suivre.txt
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\nfsc.exe
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\rld-nfsc.exe
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\By Sicoon.txt
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Cl_.txt
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 Cd1.nrg
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 Cd2.nrg
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 French-Revolver Crackfix By T U A
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0 Public Server Patch
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0\EE2.exe
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0 Public Server Patch\EE2.exe
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 French-Revolver Crackfix By T U A\ReVOLVeR
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 French-Revolver Crackfix By T U A\ReVOLVeR\EE2.exe
C:\Users\maud\programme\Nfs Need For Speed Carbon PC + Crack Keygen FR Le Vrai\nfs carbon
C:\Users\maud\programme\Nfs Need For Speed Carbon PC + Crack Keygen FR Le Vrai\nfs carbon\Need.For.Speed.Carbon.FRENCH-ReVOLVeR.iso
C:\Users\maud\programme\Nouveau dossier\keygen - Raccourci.lnk
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\http--www.emule-paradise.com-.url
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\Keygen
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\x-video-converter.exe
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\Keygen\KeyGen.exe
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 27/11/2008| 0:02 - Option : [1]
-----------\\ Fin du rapport a 0:02:46,32
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz )
BIOS : BIOS Date: 12/05/07 11:10:18 Ver: 5.11
USER : maud ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:455 Go (Free:288 Go)
D:\ (Local Disk) - NTFS - Total:10 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
L:\ (USB)
M:\ (USB)
N:\ (CD or DVD)
O:\ (CD or DVD)
P:\ (USB)
Q:\ (USB)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 27/11/2008| 0:02 )
[ UAC => 1 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\Users\maud\AppData\Roaming\MICROS~1\Windows\Cookies\maud@mysearch[1].txt
C:\Windows\Prefetch\SEARCHSETTINGS.EXE-93C1DB37.pf
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\Windows\iun6002.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT1098640"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\Users\maud\AppData\Roaming\BitTorrent\Droppix Label Maker ver 2.9.2.0 + Crack.torrent
C:\Users\maud\AppData\Roaming\BitTorrent\Kaspersky 2009 Crack.exe.torrent
C:\Users\maud\AppData\Roaming\BitTorrent\Kaspersky Antivirus new 2009 Platinum Editions +New Keys + completly crack.,.,.torrent
C:\Users\maud\AppData\Roaming\BitTorrent\Kaspersky AV 2009 Crack recomended.torrent
C:\Users\maud\AppData\Roaming\LimeWire\.AppSpecialShare\Kaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE.torrent
C:\Users\maud\AppData\Roaming\Microsoft\Office\Recent\crack nocd nfs need for speed carbon fr.LNK
C:\Users\maud\Documents\LimeWire\Incomplete\6XRNXSSJQEMQMINYX5F2S5DLR6PPFFB4\.datKaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE
C:\Users\maud\Documents\LimeWire\Incomplete\6XRNXSSJQEMQMINYX5F2S5DLR6PPFFB4\Kaspersky Anti-Virus 2009 8.0.0.357 +Lifetime Keygen.EXE
C:\Users\maud\Music\Eminem\VA-Eminem_Presents_The_Re-Up-2006-RNS\VA-Eminem_Presents_The_Re-Up-2006-RNS\08-eminem_and_50_cent-jimmy_crack_corn.mp3
C:\Users\maud\Music\Rockin-Squat\Rockin__Squat_-_Too_Hot_For_TV-2007-BY_POPOF\Rockin' Squat - Too Hot For TV-2007-BY POPOF\05 Crack game.mp3
C:\Users\maud\programme\Crack Empire Earth2 Fr.txt
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr
C:\Users\maud\programme\Nero 9 Ultra Edition 9.0.9.4b + New KeyGen serial valid crack Burning ROM retail upgrade box version(1).txt
C:\Users\maud\programme\Nfs Need For Speed Carbon PC + Crack Keygen FR Le Vrai
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen
C:\Users\maud\programme\[PC] NFS Need For Speed Carbon FR + Crack.iso
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\1 a voir image impressionante emule insolite incroyable superbe rare accident mickamila.JPG
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\1 pps impressionnant insolite incroyable accident crash a voir absolument drole funny tres belle photo spectaculaire 2006 mickamila.pps
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\demarche a suivre.txt
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\nfsc.exe
C:\Users\maud\programme\crack nocd nfs need for speed carbon fr\rld-nfsc.exe
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\By Sicoon.txt
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Cl_.txt
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 Cd1.nrg
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 Cd2.nrg
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 French-Revolver Crackfix By T U A
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0 Public Server Patch
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0\EE2.exe
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Crack\Crack v1.0 Public Server Patch\EE2.exe
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 French-Revolver Crackfix By T U A\ReVOLVeR
C:\Users\maud\programme\Empire Earth 2 Fr jeu pc (2Cd image) + crack + cl‚ fr\Empire Earth 2 Fr (2Cd)\Empire Earth 2 French-Revolver Crackfix By T U A\ReVOLVeR\EE2.exe
C:\Users\maud\programme\Nfs Need For Speed Carbon PC + Crack Keygen FR Le Vrai\nfs carbon
C:\Users\maud\programme\Nfs Need For Speed Carbon PC + Crack Keygen FR Le Vrai\nfs carbon\Need.For.Speed.Carbon.FRENCH-ReVOLVeR.iso
C:\Users\maud\programme\Nouveau dossier\keygen - Raccourci.lnk
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\http--www.emule-paradise.com-.url
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\Keygen
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\x-video-converter.exe
C:\Users\maud\programme\Xilisoft.Video.Converter.v3.1.7.0630b.Multilangages.Incl.Keygen\Keygen\KeyGen.exe
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 27/11/2008| 0:02 - Option : [1]
-----------\\ Fin du rapport a 0:02:46,32
Utilisateur anonyme
27 nov. 2008 à 00:27
27 nov. 2008 à 00:27
et bien nettoyons maintenant :
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2.
* Poste le rapport généré. (C:\TB.txt)
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2.
* Poste le rapport généré. (C:\TB.txt)
