Warning! Dangerous Spyware

Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   -  
Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,

J'ai depuis hier soir un fond d'ecran warning spyware detected on your computer...
En cherchant sur ce forum,j'ai vu que c'etait un virus que vous connaissez...
Pourriez-vous s'il vous plait m'aider a m'en debarrasser...
Je suis sous Windows XP, antivirus : antivir...
Je vous en remercie d'avance...
Bizzzzz
Stef
Configuration: Windows XP
Firefox 3.0.4

25 réponses

  • 1
  • 2
  1. MorkaC Messages postés 455 Statut Membre 144
     
    Bonjour,

    Passe un scan complet de Malwarebytes anti-malware sur ton pc. En mode sans échec, c'est encore mieux (F8 avant le démarrage de Windaube).
    A+
    0
  2. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    Voila le rapport :

    Malwarebytes' Anti-Malware 1.14
    Version de la base de données: 826

    16:33:57 30/11/2008
    mbam-log-11-30-2008 (16-33-57).txt

    Type de recherche: Examen rapide
    Eléments examinés: 51723
    Temps écoulé: 25 minute(s), 28 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 3
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
    C:\Program Files\RealAV\Infected (Rogue.RealAV) -> Quarantined and deleted successfully.
    C:\Program Files\RealAV\Suspicious (Rogue.RealAV) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\RealAV\RealAV.exe (Rogue.RealAV) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alex\Bureau\realav.exe (Rogue.RealAV) -> Quarantined and deleted successfully.
    0
  3. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    J'avais fait un examen complet mais le rapport ne s est pas enregistré.
    Et comme il a duré 5 heures,j ai prefere refaire juste un rapide.
    De toute facon il avait trouvé les memes choses.
    0
  4. MorkaC Messages postés 455 Statut Membre 144
     
    Et ça va mieux après ou pas. Car il a effectivement trouvé quelque chose. Qu'en est-il?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. furio
     
    salut,commence par sa
    - Télécharge HijackThis v2.0.2 sur ton Bureau.

    - Double-clique sur HJTInstall afin de lancer l'installation.

    - Clique sur Install ensuite sur I Accept.

    - Clique sur Do a system scan and save a logfile.

    - Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
    0
  7. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:52:35, on 30/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Autumn_2\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71067
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Around the World in 80 Days
    O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Autumn_2\Application Data\Dealio\kb127\res\DealioSearch.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    0
  8. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    Pour MorkaC : Non le virus est toujours là.
    0
  9. stevex92 Messages postés 21 Statut Membre
     
    salut !
    bon courage
    malgré de super conseil hier, je ne suis pas parvenu à m'en debarasser !!!
    j'ai meme planté tout le pc en voulant faire une reconfig sortie d'usine !!
    et la j'ai racheté un nouveau pc !
    0
  10. Utilisateur anonyme
     
    Salut,

    je prend la suite:

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp
    0
  11. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    SmitFraudFix v2.379

    Rapport fait à 17:06:07,54, dim. 30/11/2008
    Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Autumn_2

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Autumn_2\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Autumn_2\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Autumn_2\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Google\googletoolbar1.dll PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.68.193.110
    DNS Server Search Order: 212.68.193.196

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  12. Utilisateur anonyme
     
    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum
    0
  13. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    SmitFraudFix v2.379

    Rapport fait à 17:18:59,96, dim. 30/11/2008
    Executé à partir de C:\Documents and Settings\Autumn_2\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\Program Files\Google\googletoolbar1.dll supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. Utilisateur anonyme
     
    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  15. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
    BIOS : Default System BIOS
    USER : Autumn_2 ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    Firewall : Norton Internet Worm Protection 2006 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:66 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [1] ( dim. 30/11/2008|17:35 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\WINDOWS\Prefetch\BUILDALOT2.EXE-0E791682.pf
    C:\DOCUME~1\Autumn_2\Cookies\autumn_2@bananalotto[1].txt
    C:\DOCUME~1\Autumn_2\Cookies\autumn_2@www.bananalotto[2].txt
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\alerts.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\alerts_over.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\chevron-small.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\DealioSearch.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\deal_report.jpg
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\err_toolbar.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\global_scripts.js
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\highlight-bg.png
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\logo.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\logo_over.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\man_toolbar.css
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\man_toolbar.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\man_toolbar.js
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\scripts.js
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\scroller.js
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\search-chevron.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\separator.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\settings.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\settings_over.gif
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\res\yahoo-search.png
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\index.76.35
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\dealio-14212.log
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\dealio-14213.log
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1112_2244_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1300_2880_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1500_3816_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1716_132_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1880_1300_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_220_1824_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2244_2288_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_244_2060_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2708_2744_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2864_3016_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3360_3832_4.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3360_3832_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3396_3884_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_4004_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4328_4456_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4752_4244_5.html
    C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5500_4480_5.html
    C:\Program Files\Dealio
    C:\Program Files\Dealio\DealioAU.exe
    C:\Program Files\Dealio\kb127
    C:\Program Files\Dealio\SearchSettingsKit.exe
    C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
    C:\Program Files\Dealio\kb127\Dealio.dll
    C:\Program Files\Dealio\kb127\DealioRes409.dll
    C:\Program Files\Dealio\kb127\res
    C:\Program Files\Dealio\kb127\resDN
    C:\Program Files\Dealio\kb127\rules
    C:\Program Files\Dealio\kb127\temp
    C:\Program Files\Dealio\kb127\res\alerts.gif
    C:\Program Files\Dealio\kb127\res\alerts_over.gif
    C:\Program Files\Dealio\kb127\res\alerts_rec.gif
    C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
    C:\Program Files\Dealio\kb127\res\chevron-small.gif
    C:\Program Files\Dealio\kb127\res\DealioSearch.html
    C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
    C:\Program Files\Dealio\kb127\res\deal_report.jpg
    C:\Program Files\Dealio\kb127\res\ebay_login.jpg
    C:\Program Files\Dealio\kb127\res\err_mainwindow.html
    C:\Program Files\Dealio\kb127\res\err_toolbar.html
    C:\Program Files\Dealio\kb127\res\global_scripts.js
    C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
    C:\Program Files\Dealio\kb127\res\highlight-bg.png
    C:\Program Files\Dealio\kb127\res\logo.gif
    C:\Program Files\Dealio\kb127\res\logo_over.gif
    C:\Program Files\Dealio\kb127\res\man_toolbar.css
    C:\Program Files\Dealio\kb127\res\man_toolbar.html
    C:\Program Files\Dealio\kb127\res\man_toolbar.js
    C:\Program Files\Dealio\kb127\res\man_toolbarl.js
    C:\Program Files\Dealio\kb127\res\post-this-deal.gif
    C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
    C:\Program Files\Dealio\kb127\res\scripts.js
    C:\Program Files\Dealio\kb127\res\scroller.js
    C:\Program Files\Dealio\kb127\res\search-chevron.gif
    C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
    C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
    C:\Program Files\Dealio\kb127\res\separator.gif
    C:\Program Files\Dealio\kb127\res\settings.gif
    C:\Program Files\Dealio\kb127\res\settings_over.gif
    C:\Program Files\Dealio\kb127\res\yahoo-search.png
    C:\Program Files\Dealio\kb127\resDN\bottom.gif
    C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
    C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
    C:\Program Files\Dealio\kb127\resDN\close.gif
    C:\Program Files\Dealio\kb127\resDN\deskbar.css
    C:\Program Files\Dealio\kb127\resDN\deskbar.js
    C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
    C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
    C:\Program Files\Dealio\kb127\resDN\logo.gif
    C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
    C:\Program Files\Dealio\kb127\resDN\losing.gif
    C:\Program Files\Dealio\kb127\resDN\lost.gif
    C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
    C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
    C:\Program Files\Dealio\kb127\resDN\menu_check.gif
    C:\Program Files\Dealio\kb127\resDN\no_image.gif
    C:\Program Files\Dealio\kb127\resDN\prod_img.gif
    C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
    C:\Program Files\Dealio\kb127\resDN\spacer.gif
    C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
    C:\Program Files\Dealio\kb127\resDN\top.gif
    C:\Program Files\Dealio\kb127\resDN\unknown.gif
    C:\Program Files\Dealio\kb127\resDN\winning.gif
    C:\Program Files\Dealio\kb127\resDN\won.gif
    C:\Program Files\Dealio\kb127\rules\index.76.35
    C:\Program Files\Dealio\kb127\rules\rules.1.10.76
    C:\Program Files\Dealio\kb127\rules\rules.1.109.43
    C:\Program Files\Dealio\kb127\rules\rules.1.110.43
    C:\Program Files\Dealio\kb127\rules\rules.1.12.52
    C:\Program Files\Dealio\kb127\rules\rules.1.13.58
    C:\Program Files\Dealio\kb127\rules\rules.1.130.58
    C:\Program Files\Dealio\kb127\rules\rules.1.135.50
    C:\Program Files\Dealio\kb127\rules\rules.1.153.44
    C:\Program Files\Dealio\kb127\rules\rules.1.155.43
    C:\Program Files\Dealio\kb127\rules\rules.1.156.49
    C:\Program Files\Dealio\kb127\rules\rules.1.16.60
    C:\Program Files\Dealio\kb127\rules\rules.1.161.52
    C:\Program Files\Dealio\kb127\rules\rules.1.178.66
    C:\Program Files\Dealio\kb127\rules\rules.1.184.55
    C:\Program Files\Dealio\kb127\rules\rules.1.188.52
    C:\Program Files\Dealio\kb127\rules\rules.1.189.45
    C:\Program Files\Dealio\kb127\rules\rules.1.196.43
    C:\Program Files\Dealio\kb127\rules\rules.1.198.56
    C:\Program Files\Dealio\kb127\rules\rules.1.199.43
    C:\Program Files\Dealio\kb127\rules\rules.1.200.53
    C:\Program Files\Dealio\kb127\rules\rules.1.201.43
    C:\Program Files\Dealio\kb127\rules\rules.1.202.43
    C:\Program Files\Dealio\kb127\rules\rules.1.203.71
    C:\Program Files\Dealio\kb127\rules\rules.1.205.62
    C:\Program Files\Dealio\kb127\rules\rules.1.213.71
    C:\Program Files\Dealio\kb127\rules\rules.1.214.49
    C:\Program Files\Dealio\kb127\rules\rules.1.215.43
    C:\Program Files\Dealio\kb127\rules\rules.1.216.67
    C:\Program Files\Dealio\kb127\rules\rules.1.217.67
    C:\Program Files\Dealio\kb127\rules\rules.1.218.52
    C:\Program Files\Dealio\kb127\rules\rules.1.219.43
    C:\Program Files\Dealio\kb127\rules\rules.1.220.43
    C:\Program Files\Dealio\kb127\rules\rules.1.221.57
    C:\Program Files\Dealio\kb127\rules\rules.1.222.43
    C:\Program Files\Dealio\kb127\rules\rules.1.223.68
    C:\Program Files\Dealio\kb127\rules\rules.1.226.68
    C:\Program Files\Dealio\kb127\rules\rules.1.227.43
    C:\Program Files\Dealio\kb127\rules\rules.1.228.62
    C:\Program Files\Dealio\kb127\rules\rules.1.229.76
    C:\Program Files\Dealio\kb127\rules\rules.1.23.63
    C:\Program Files\Dealio\kb127\rules\rules.1.239.43
    C:\Program Files\Dealio\kb127\rules\rules.1.24.43
    C:\Program Files\Dealio\kb127\rules\rules.1.240.43
    C:\Program Files\Dealio\kb127\rules\rules.1.241.43
    C:\Program Files\Dealio\kb127\rules\rules.1.242.43
    C:\Program Files\Dealio\kb127\rules\rules.1.243.43
    C:\Program Files\Dealio\kb127\rules\rules.1.244.63
    C:\Program Files\Dealio\kb127\rules\rules.1.245.43
    C:\Program Files\Dealio\kb127\rules\rules.1.247.43
    C:\Program Files\Dealio\kb127\rules\rules.1.248.43
    C:\Program Files\Dealio\kb127\rules\rules.1.249.43
    C:\Program Files\Dealio\kb127\rules\rules.1.250.43
    C:\Program Files\Dealio\kb127\rules\rules.1.251.43
    C:\Program Files\Dealio\kb127\rules\rules.1.252.43
    C:\Program Files\Dealio\kb127\rules\rules.1.253.43
    C:\Program Files\Dealio\kb127\rules\rules.1.254.43
    C:\Program Files\Dealio\kb127\rules\rules.1.255.43
    C:\Program Files\Dealio\kb127\rules\rules.1.256.43
    C:\Program Files\Dealio\kb127\rules\rules.1.257.43
    C:\Program Files\Dealio\kb127\rules\rules.1.279.43
    C:\Program Files\Dealio\kb127\rules\rules.1.28.58
    C:\Program Files\Dealio\kb127\rules\rules.1.282.75
    C:\Program Files\Dealio\kb127\rules\rules.1.283.43
    C:\Program Files\Dealio\kb127\rules\rules.1.284.43
    C:\Program Files\Dealio\kb127\rules\rules.1.289.67
    C:\Program Files\Dealio\kb127\rules\rules.1.290.62
    C:\Program Files\Dealio\kb127\rules\rules.1.291.61
    C:\Program Files\Dealio\kb127\rules\rules.1.296.43
    C:\Program Files\Dealio\kb127\rules\rules.1.297.43
    C:\Program Files\Dealio\kb127\rules\rules.1.304.43
    C:\Program Files\Dealio\kb127\rules\rules.1.307.43
    C:\Program Files\Dealio\kb127\rules\rules.1.308.75
    C:\Program Files\Dealio\kb127\rules\rules.1.31.47
    C:\Program Files\Dealio\kb127\rules\rules.1.310.46
    C:\Program Files\Dealio\kb127\rules\rules.1.311.43
    C:\Program Files\Dealio\kb127\rules\rules.1.315.43
    C:\Program Files\Dealio\kb127\rules\rules.1.316.43
    C:\Program Files\Dealio\kb127\rules\rules.1.317.43
    C:\Program Files\Dealio\kb127\rules\rules.1.318.43
    C:\Program Files\Dealio\kb127\rules\rules.1.319.49
    C:\Program Files\Dealio\kb127\rules\rules.1.32.48
    C:\Program Files\Dealio\kb127\rules\rules.1.334.44
    C:\Program Files\Dealio\kb127\rules\rules.1.335.60
    C:\Program Files\Dealio\kb127\rules\rules.1.336.44
    C:\Program Files\Dealio\kb127\rules\rules.1.337.44
    C:\Program Files\Dealio\kb127\rules\rules.1.338.75
    C:\Program Files\Dealio\kb127\rules\rules.1.339.47
    C:\Program Files\Dealio\kb127\rules\rules.1.34.43
    C:\Program Files\Dealio\kb127\rules\rules.1.340.47
    C:\Program Files\Dealio\kb127\rules\rules.1.341.47
    C:\Program Files\Dealio\kb127\rules\rules.1.349.50
    C:\Program Files\Dealio\kb127\rules\rules.1.35.48
    C:\Program Files\Dealio\kb127\rules\rules.1.350.50
    C:\Program Files\Dealio\kb127\rules\rules.1.351.51
    C:\Program Files\Dealio\kb127\rules\rules.1.352.54
    C:\Program Files\Dealio\kb127\rules\rules.1.353.51
    C:\Program Files\Dealio\kb127\rules\rules.1.354.51
    C:\Program Files\Dealio\kb127\rules\rules.1.357.62
    C:\Program Files\Dealio\kb127\rules\rules.1.358.52
    C:\Program Files\Dealio\kb127\rules\rules.1.359.52
    C:\Program Files\Dealio\kb127\rules\rules.1.360.53
    C:\Program Files\Dealio\kb127\rules\rules.1.361.54
    C:\Program Files\Dealio\kb127\rules\rules.1.362.68
    C:\Program Files\Dealio\kb127\rules\rules.1.363.58
    C:\Program Files\Dealio\kb127\rules\rules.1.364.54
    C:\Program Files\Dealio\kb127\rules\rules.1.365.53
    C:\Program Files\Dealio\kb127\rules\rules.1.367.56
    C:\Program Files\Dealio\kb127\rules\rules.1.368.58
    C:\Program Files\Dealio\kb127\rules\rules.1.369.55
    C:\Program Files\Dealio\kb127\rules\rules.1.370.56
    C:\Program Files\Dealio\kb127\rules\rules.1.371.56
    C:\Program Files\Dealio\kb127\rules\rules.1.372.57
    C:\Program Files\Dealio\kb127\rules\rules.1.373.55
    C:\Program Files\Dealio\kb127\rules\rules.1.375.56
    C:\Program Files\Dealio\kb127\rules\rules.1.376.57
    C:\Program Files\Dealio\kb127\rules\rules.1.377.55
    C:\Program Files\Dealio\kb127\rules\rules.1.378.65
    C:\Program Files\Dealio\kb127\rules\rules.1.384.58
    C:\Program Files\Dealio\kb127\rules\rules.1.386.71
    C:\Program Files\Dealio\kb127\rules\rules.1.387.59
    C:\Program Files\Dealio\kb127\rules\rules.1.388.59
    C:\Program Files\Dealio\kb127\rules\rules.1.389.59
    C:\Program Files\Dealio\kb127\rules\rules.1.390.60
    C:\Program Files\Dealio\kb127\rules\rules.1.391.60
    C:\Program Files\Dealio\kb127\rules\rules.1.392.60
    C:\Program Files\Dealio\kb127\rules\rules.1.393.60
    C:\Program Files\Dealio\kb127\rules\rules.1.394.60
    C:\Program Files\Dealio\kb127\rules\rules.1.396.61
    C:\Program Files\Dealio\kb127\rules\rules.1.397.61
    C:\Program Files\Dealio\kb127\rules\rules.1.398.60
    C:\Program Files\Dealio\kb127\rules\rules.1.399.60
    C:\Program Files\Dealio\kb127\rules\rules.1.403.61
    C:\Program Files\Dealio\kb127\rules\rules.1.404.63
    C:\Program Files\Dealio\kb127\rules\rules.1.405.61
    C:\Program Files\Dealio\kb127\rules\rules.1.406.61
    C:\Program Files\Dealio\kb127\rules\rules.1.407.76
    C:\Program Files\Dealio\kb127\rules\rules.1.408.63
    C:\Program Files\Dealio\kb127\rules\rules.1.409.61
    C:\Program Files\Dealio\kb127\rules\rules.1.412.62
    C:\Program Files\Dealio\kb127\rules\rules.1.413.62
    C:\Program Files\Dealio\kb127\rules\rules.1.414.62
    C:\Program Files\Dealio\kb127\rules\rules.1.415.62
    C:\Program Files\Dealio\kb127\rules\rules.1.416.62
    C:\Program Files\Dealio\kb127\rules\rules.1.417.62
    C:\Program Files\Dealio\kb127\rules\rules.1.418.62
    C:\Program Files\Dealio\kb127\rules\rules.1.419.62
    C:\Program Files\Dealio\kb127\rules\rules.1.420.62
    C:\Program Files\Dealio\kb127\rules\rules.1.421.62
    C:\Program Files\Dealio\kb127\rules\rules.1.423.63
    C:\Program Files\Dealio\kb127\rules\rules.1.424.63
    C:\Program Files\Dealio\kb127\rules\rules.1.425.63
    C:\Program Files\Dealio\kb127\rules\rules.1.426.63
    C:\Program Files\Dealio\kb127\rules\rules.1.427.63
    C:\Program Files\Dealio\kb127\rules\rules.1.428.65
    C:\Program Files\Dealio\kb127\rules\rules.1.429.63
    C:\Program Files\Dealio\kb127\rules\rules.1.430.63
    C:\Program Files\Dealio\kb127\rules\rules.1.432.65
    C:\Program Files\Dealio\kb127\rules\rules.1.433.64
    C:\Program Files\Dealio\kb127\rules\rules.1.434.65
    C:\Program Files\Dealio\kb127\rules\rules.1.435.64
    C:\Program Files\Dealio\kb127\rules\rules.1.436.76
    C:\Program Files\Dealio\kb127\rules\rules.1.437.64
    C:\Program Files\Dealio\kb127\rules\rules.1.438.71
    C:\Program Files\Dealio\kb127\rules\rules.1.439.71
    C:\Program Files\Dealio\kb127\rules\rules.1.440.75
    C:\Program Files\Dealio\kb127\rules\rules.1.442.73
    C:\Program Files\Dealio\kb127\rules\rules.1.443.73
    C:\Program Files\Dealio\kb127\rules\rules.1.444.73
    C:\Program Files\Dealio\kb127\rules\rules.1.445.68
    C:\Program Files\Dealio\kb127\rules\rules.1.446.69
    C:\Program Files\Dealio\kb127\rules\rules.1.450.67
    C:\Program Files\Dealio\kb127\rules\rules.1.451.67
    C:\Program Files\Dealio\kb127\rules\rules.1.452.68
    C:\Program Files\Dealio\kb127\rules\rules.1.453.68
    C:\Program Files\Dealio\kb127\rules\rules.1.454.69
    C:\Program Files\Dealio\kb127\rules\rules.1.456.69
    C:\Program Files\Dealio\kb127\rules\rules.1.457.75
    C:\Program Files\Dealio\kb127\rules\rules.1.458.70
    C:\Program Files\Dealio\kb127\rules\rules.1.459.70
    C:\Program Files\Dealio\kb127\rules\rules.1.460.69
    C:\Program Files\Dealio\kb127\rules\rules.1.462.74
    C:\Program Files\Dealio\kb127\rules\rules.1.463.69
    C:\Program Files\Dealio\kb127\rules\rules.1.464.70
    C:\Program Files\Dealio\kb127\rules\rules.1.465.68
    C:\Program Files\Dealio\kb127\rules\rules.1.468.70
    C:\Program Files\Dealio\kb127\rules\rules.1.469.70
    C:\Program Files\Dealio\kb127\rules\rules.1.470.70
    C:\Program Files\Dealio\kb127\rules\rules.1.471.73
    C:\Program Files\Dealio\kb127\rules\rules.1.472.70
    C:\Program Files\Dealio\kb127\rules\rules.1.478.74
    C:\Program Files\Dealio\kb127\rules\rules.1.479.73
    C:\Program Files\Dealio\kb127\rules\rules.1.480.68
    C:\Program Files\Dealio\kb127\rules\rules.1.481.71
    C:\Program Files\Dealio\kb127\rules\rules.1.482.74
    C:\Program Files\Dealio\kb127\rules\rules.1.49.67
    C:\Program Files\Dealio\kb127\rules\rules.1.50.43
    C:\Program Files\Dealio\kb127\rules\rules.1.500.71
    C:\Program Files\Dealio\kb127\rules\rules.1.501.74
    C:\Program Files\Dealio\kb127\rules\rules.1.502.71
    C:\Program Files\Dealio\kb127\rules\rules.1.51.69
    C:\Program Files\Dealio\kb127\rules\rules.1.52.72
    C:\Program Files\Dealio\kb127\rules\rules.1.520.76
    C:\Program Files\Dealio\kb127\rules\rules.1.521.76
    C:\Program Files\Dealio\kb127\rules\rules.1.522.76
    C:\Program Files\Dealio\kb127\rules\rules.1.53.51
    C:\Program Files\Dealio\kb127\rules\rules.1.531.76
    C:\Program Files\Dealio\kb127\rules\rules.1.532.75
    C:\Program Files\Dealio\kb127\rules\rules.1.534.75
    C:\Program Files\Dealio\kb127\rules\rules.1.54.47
    C:\Program Files\Dealio\kb127\rules\rules.1.55.45
    C:\Program Files\Dealio\kb127\rules\rules.1.56.69
    C:\Program Files\Dealio\kb127\rules\rules.1.57.43
    C:\Program Files\Dealio\kb127\rules\rules.1.58.47
    C:\Program Files\Dealio\kb127\rules\rules.1.593.76
    C:\Program Files\Dealio\kb127\rules\rules.1.595.76
    C:\Program Files\Dealio\kb127\rules\rules.1.63.57
    C:\Program Files\Dealio\kb127\rules\rules.1.66.47
    C:\Program Files\Dealio\kb127\rules\rules.1.70.75
    C:\Program Files\Dealio\kb127\rules\rules.1.71.43
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127\res
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127\temp
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127\temp\ws-14210.log
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127\temp\ws-14211.log
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127\temp\ws-14212.log
    C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127\temp\ws-14213.log
    C:\Program Files\Search Settings
    C:\Program Files\Search Settings\kb127
    C:\Program Files\Search Settings\SearchSettings.exe
    C:\Program Files\Search Settings\kb127\res
    C:\Program Files\Search Settings\kb127\SearchSettings.dll
    C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
    C:\Program Files\Search Settings\kb127\temp
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Seekmo

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Autumn_2\Recent\beach life nocd crack.lnk

    1 - "C:\ToolBar SD\TB_1.txt" - dim. 30/11/2008|17:37 - Option : [1]

    -----------\\ Fin du rapport a 17:37:02,51
    0
  16. Utilisateur anonyme
     
    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    ! Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide
    0
  17. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    -----------\\ ToolBar S&D 1.2.5 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
    BIOS : Default System BIOS
    USER : Autumn_2 ( Administrator )
    BOOT : Normal boot
    Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
    Firewall : Norton Internet Worm Protection 2006 (Not Activated)
    C:\ (Local Disk) - NTFS - Total:144 Go (Free:66 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
    Option : [2] ( dim. 30/11/2008|17:43 )

    -----------\\ SUPPRESSION

    Supprime! - C:\WINDOWS\Prefetch\BUILDALOT2.EXE-0E791682.pf
    Supprime! - C:\DOCUME~1\Autumn_2\Cookies\autumn_2@bananalotto[1].txt
    Supprime! - C:\DOCUME~1\Autumn_2\Cookies\autumn_2@www.bananalotto[2].txt
    Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\DealioAU.exe
    Supprime! - C:\Program Files\Dealio\kb127
    Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
    Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
    Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\kb127
    Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Seekmo
    Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio
    Supprime! - C:\Program Files\Dealio
    Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings
    Supprime! - C:\Program Files\Search Settings

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Autumn_2\Recent\beach life nocd crack.lnk

    1 - "C:\ToolBar SD\TB_1.txt" - dim. 30/11/2008|17:37 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - dim. 30/11/2008|17:44 - Option : [2]

    -----------\\ Fin du rapport a 17:44:21,32

    NB: Mon bureau n est pas reapparu.
    Lorsque je veux ouvrir mon gestionnaire de taches, cela me met "Le gestionnaire de taches a ete desactivé par votre administrateur"
    0
  18. Utilisateur anonyme
     
    comment va le pc ?

    refais un scan hijackthis et post le rapport stp
    0
  19. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    Rien n a changé,le fond d ecran est toujours la.Et je ne peux pas ouvrir mon gestionnaire de taches.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:17:35, on 30/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\frmwrk32.exe
    C:\WINDOWS\system32\SpywareRemover.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Autumn_2\Bureau\HiJackThis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71067
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
    O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Around the World in 80 Days
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    0
  20. Utilisateur anonyme
     
    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
  21. Autumn1608 Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   2
     
    ComboFix 08-11-30.01 - Autumn_2 2008-11-30 19:25:35.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1328 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Autumn_2\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Alex\Local Settings\Application Data\yiwmk.dat
    c:\documents and settings\Alex\Local Settings\Application Data\yiwmk.exe
    c:\documents and settings\Alex\Local Settings\Application Data\yiwmk_nav.dat
    c:\documents and settings\Alex\Local Settings\Application Data\yiwmk_navps.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-30 17:35 . 2008-11-30 17:44 <REP> d-------- C:\ToolBar SD
    2008-11-30 17:06 . 2008-11-30 17:19 2,390 --a------ c:\windows\system32\tmp.reg
    2008-11-30 17:05 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
    2008-11-30 17:05 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
    2008-11-30 17:05 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
    2008-11-30 17:05 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe
    2008-11-30 17:05 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
    2008-11-30 17:05 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
    2008-11-30 17:05 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
    2008-11-30 17:05 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
    2008-11-30 17:05 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
    2008-11-30 17:05 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
    2008-11-29 23:22 . 2008-11-27 11:40 32,256 --a------ c:\windows\system32\frmwrk32.exe
    2008-11-29 23:22 . 2008-11-30 19:30 4,785 --a------ c:\windows\system32\warning.gif
    2008-11-29 23:22 . 2008-11-30 19:30 3,104 --a------ c:\windows\system32\ntdll64.exe
    2008-11-29 23:22 . 2008-11-30 19:30 1,349 --a------ c:\windows\system32\ahtn.htm
    2008-11-29 23:22 . 2008-11-29 23:22 1 --a------ c:\windows\system32\uniq.tll
    2008-11-29 23:22 . 2008-11-29 23:22 1 --a------ c:\windows\system32\test.ttt
    2008-11-26 17:06 . 2008-11-26 17:06 410,976 --a------ c:\windows\system32\deploytk.dll
    2008-11-26 10:58 . 2008-11-26 10:58 297,697 --a------ c:\windows\system32\SpywareRemover.exe
    2008-11-24 10:45 . 2008-11-24 10:45 <REP> d-------- c:\windows\Zodiac Tower
    2008-11-24 10:45 . 2008-11-24 10:45 <REP> d-------- c:\program files\Zodiac Tower
    2008-11-24 10:44 . 2008-11-24 12:05 <REP> d-------- c:\program files\Ancient Zodiac Tower
    2008-11-23 18:23 . 2008-11-23 20:44 54,156 --ah----- c:\windows\QTFont.qfn
    2008-11-23 18:23 . 2008-11-23 18:23 1,409 --a------ c:\windows\QTFont.for
    2008-11-23 17:59 . 2008-11-23 18:19 <REP> d-------- c:\documents and settings\Autumn_2\Application Data\SecondLife
    2008-11-23 17:58 . 2008-11-23 18:00 <REP> d-------- c:\program files\SecondLife
    2008-11-23 10:25 . 2008-11-23 10:25 <REP> d-------- c:\program files\Build-Lot2.Town
    2008-11-23 10:25 . 2008-11-23 10:25 <REP> d-------- c:\program files\Build-a-lot 2 Town of the Year
    2008-11-23 00:23 . 2008-11-23 00:23 <REP> d-------- c:\program files\ReflexiveArcade
    2008-11-23 00:16 . 2007-10-02 21:01 56,098,816 --a------ c:\program files\Build A Lot_FULLversion.exe
    2008-11-23 00:15 . 2008-11-23 00:20 <REP> d-------- c:\program files\DragonStone
    2008-11-21 15:31 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
    2008-11-21 15:31 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
    2008-11-19 22:45 . 2008-11-25 11:44 <REP> d-------- c:\documents and settings\All Users\Application Data\HipSoft
    2008-11-19 21:20 . 2008-11-19 21:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
    2008-11-19 21:19 . 2008-11-20 17:33 <REP> d-------- c:\program files\BFG
    2008-11-16 21:01 . 2008-11-16 21:01 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
    2008-11-15 16:22 . 2008-11-15 16:22 <REP> d-------- c:\program files\Secrets Of Olympus
    2008-11-14 07:07 . 2008-11-14 07:07 <REP> d-------- c:\program files\MSXML 4.0
    2008-11-13 10:32 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
    2008-11-13 10:32 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-10 17:47 . 2008-11-10 17:47 <REP> d-------- c:\documents and settings\Autumn_2\Application Data\Ahead
    2008-11-07 23:42 . 2008-11-07 23:42 <REP> d-------- c:\program files\Heroes of Hellas
    2008-11-07 21:59 . 2008-11-07 21:59 13 --a------ c:\windows\popcinfo.dat
    2008-11-07 13:51 . 2008-11-07 13:51 <REP> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
    2008-11-06 11:52 . 2008-11-06 11:52 193 --a------ c:\windows\cncscore.ini
    2008-11-06 11:51 . 2008-11-06 13:54 <REP> d-------- C:\Olltwit
    2008-11-06 11:51 . 2008-11-06 11:51 281,088 --a------ c:\windows\system32\cncs232.dll
    2008-11-06 10:45 . 2008-11-17 23:48 <REP> d-------- c:\program files\Mirror Magic
    2008-11-04 22:27 . 2008-11-04 22:27 15,872 --------- c:\windows\system32\winskfr.dll
    2008-11-03 14:20 . 2008-11-03 14:20 <REP> d-------- C:\CaffeLatte
    2008-11-02 15:52 . 2008-11-02 16:03 <REP> d-------- c:\program files\Téléchargeur de Beach Life
    2008-11-02 15:52 . 2008-11-02 15:52 <REP> d-------- c:\program files\Fichiers communs\BOONTY Shared
    2008-10-29 08:08 . 2008-10-29 08:08 <REP> d--hs---- c:\windows\ftpcache
    2008-10-28 19:43 . 2008-10-28 19:43 <REP> d-------- c:\documents and settings\Autumn_2\Application Data\TuneUp Software
    2008-10-28 12:22 . 2008-10-28 12:22 <REP> d-------- c:\program files\Boonty
    2008-10-28 10:10 . 2008-10-28 10:10 <REP> d-------- c:\documents and settings\All Users\Application Data\SugarGames
    2008-10-24 06:11 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
    2008-10-22 22:05 . 2008-10-22 22:05 <REP> d-------- c:\documents and settings\All Users\Application Data\MythPeople
    2008-10-19 19:45 . 2008-10-19 19:45 <REP> d-------- c:\documents and settings\All Users\Application Data\GameHouse
    2008-10-17 21:03 . 2008-10-17 21:03 4,096 --a------ c:\windows\d3dx.dat
    2008-10-17 11:21 . 2008-10-17 11:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    2008-10-17 09:11 . 2008-10-17 09:11 <REP> d-------- c:\program files\Tumblebugs 2
    2008-10-15 22:54 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
    2008-10-15 22:53 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
    2008-10-15 22:53 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-15 22:53 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-15 22:53 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-15 22:53 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
    2008-10-13 22:44 . 2008-10-13 22:44 <REP> d-------- c:\program files\Around the World in 80 Days
    2008-10-02 22:54 . 2008-10-02 22:54 <REP> d-------- c:\program files\Fichiers communs\Skype

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-30 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
    2008-11-30 16:19 --------- d-----w c:\program files\Google
    2008-11-29 22:20 --------- d-----w c:\program files\eMule
    2008-11-26 16:06 --------- d-----w c:\program files\Java
    2008-11-25 10:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-23 22:27 --------- d-----w c:\program files\Zylom Games
    2008-11-22 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
    2008-11-16 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SecretsOfOlympus
    2008-11-14 06:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
    2008-11-07 12:33 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-11-05 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
    2008-10-31 14:58 --------- d-----w c:\program files\PhotoFiltre Studio
    2008-10-28 11:23 --------- d-----w c:\program files\BoontyGames
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-19 11:49 --------- d-----w c:\program files\Free FLV Converter
    2008-10-17 08:11 --------- d-----w c:\program files\Tumblebugs 2
    2006-03-02 12:00 73,728 -csh--w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
    2008-06-27 13:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008062720080628\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]
    "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-26 297697]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-24 c:\windows\RTHDCPL.exe]
    "Framework Windows"="frmwrk32.exe" [2008-11-27 c:\windows\system32\frmwrk32.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Autumn_2\Menu D‚marrer\Programmes\D‚marrage\Around the World in 80 Days
    Around the World in 80 Days.lnk - c:\program files\Around the World in 80 Days\Around the World in 80 Days.exe [2008-03-01 331776]
    Starfors.Net.lnk - c:\program files\Around the World in 80 Days\starfors.net.html [2008-01-29 1763]
    à„…‰†¡Š†.lnk - c:\program files\Around the World in 80 Days\Uninstall.exe [2008-03-01 69868]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop"= 1 (0x1)
    "NoActiveDesktopChanges"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    --a------ 2007-06-11 10:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
    -ra------ 2007-06-13 07:16 528384 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-04-25 12:34 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    --a------ 2005-05-04 01:43 69632 c:\windows\Alcmtr.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe"
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
    "PCMService"="c:\apps\Powercinema\PCMService.exe"
    "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "WinampAgent"="c:\program files\Winamp\Winampa.exe"
    "au"=c:\program files\Dealio\DealioAU.exe
    "Itch ford four knob"=c:\documents and settings\All Users\Application Data\third lies itch ford\Ante Road.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\APPS\\Powercinema\\PowerCinema.exe"=
    "c:\\APPS\\Powercinema\\PCMService.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\eMule\\eMule.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\mcoinstall.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Ares\\Ares.exe"=
    "c:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"=
    "c:\\Program Files\\SecondLife\\SLVoice.exe"=
    "c:\\Program Files\\SecondLife\\SecondLife.exe"=

    S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys [2008-06-04 34296]
    S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-05-23 83336]
    S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-05-23 15112]
    S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-05-23 108680]
    S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-05-23 100488]
    S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-05-23 98696]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-Splash screen for Avast! - c:\program files\Alwil Software\Avast4\ashAvast.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\Autumn_2\Application Data\Mozilla\Firefox\Profiles\jtlkl8z1.default\
    FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
    FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npclntax_SeekmoSA.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
    FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-30 19:29:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(564)
    c:\windows\system32\Ati2evxx.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
    c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
    c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\oodag.exe
    c:\apps\Powercinema\Kernel\TV\CLSched.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-30 19:34:04 - La machine a redémarré [Autumn_2]
    ComboFix-quarantined-files.txt 2008-11-30 18:34:01
    ComboFix2.txt 2008-06-06 10:49:03

    Avant-CF: 71,456,620,544 octets libres
    Après-CF: 73,861,935,104 octets libres

    253 --- E O F --- 2008-11-14 06:11:55
    0
  • 1
  • 2