Warning! Dangerous Spyware

Question

Bonjour,

J'ai depuis hier soir un fond d'ecran warning spyware detected on your computer...
En cherchant sur ce forum,j'ai vu que c'etait un virus que vous connaissez...
Pourriez-vous s'il vous plait m'aider a m'en debarrasser...
Je suis sous Windows XP, antivirus : antivir...
Je vous en remercie d'avance...
Bizzzzz
Stef

MorkaC · Answer

Bonjour,

Passe un scan complet de Malwarebytes anti-malware sur ton pc. En mode sans échec, c'est encore mieux (F8 avant le démarrage de Windaube).
A+

Autumn1608 · Answer

Voila le rapport : 



Malwarebytes' Anti-Malware 1.14
Version de la base de données: 826

16:33:57 30/11/2008
mbam-log-11-30-2008 (16-33-57).txt

Type de recherche: Examen rapide
Eléments examinés: 51723
Temps écoulé: 25 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Infected (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Program Files\RealAV\Suspicious (Rogue.RealAV) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\RealAV\RealAV.exe (Rogue.RealAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\Alex\Bureau\realav.exe (Rogue.RealAV) -> Quarantined and deleted successfully.

Autumn1608 · Answer

J'avais fait un examen complet mais le rapport ne s est pas enregistré.
Et comme il a duré 5 heures,j ai prefere refaire juste un rapide.
De toute facon il avait trouvé les memes choses.

MorkaC · Answer

Et ça va mieux après ou pas. Car il a effectivement trouvé quelque chose. Qu'en est-il?

furio · Answer

salut,commence par sa
- Télécharge HijackThis v2.0.2 sur ton Bureau.

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.

Autumn1608 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52:35, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Autumn_2\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71067
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Around the World in 80 Days
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Autumn_2\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Autumn1608 · Answer

Pour MorkaC : Non le virus est toujours là.

stevex92 · Answer

salut !
bon courage
malgré de super conseil hier, je ne suis pas parvenu à m'en debarasser !!!
j'ai meme planté tout le pc en voulant faire une reconfig sortie d'usine !!
et la j'ai racheté un nouveau pc !

Utilisateur anonyme · Answer

Salut,

je prend la suite:

# Télécharge ceci: (merci a S!RI pour ce petit programme). 

http://siri.urz.free.fr/Fix/SmitfraudFix.exe 

Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1, 
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php 
il va générer un rapport : copie/colle le sur le poste stp

Autumn1608 · Answer

SmitFraudFix v2.379

Rapport fait à 17:06:07,54, dim. 30/11/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Autumn_2


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Autumn_2\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Autumn_2\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Autumn_2\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.68.193.110
DNS Server Search Order: 212.68.193.196

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS2\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

# Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
---------------------------------------------------------------------------- 
# Relance le programme Smitfraud : 
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

Autumn1608 · Answer

SmitFraudFix v2.379

Rapport fait à 17:18:59,96, dim. 30/11/2008
Executé à partir de C:\Documents and Settings\Autumn_2\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS2\Services\Tcpip\..\{39756311-FF58-46C3-AA7C-8717C3F7D6B9}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 


* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

Autumn1608 · Answer

-----------\  ToolBar S&D 1.2.5   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
   BIOS : Default System BIOS
   USER : Autumn_2 ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
   Firewall  : Norton Internet Worm Protection 2006 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:144 Go (Free:66 Go)
   D:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
   Option : [1] ( dim. 30/11/2008|17:35 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\WINDOWS\Prefetch\BUILDALOT2.EXE-0E791682.pf
   C:\DOCUME~1\Autumn_2\Cookies\autumn_2@bananalotto[1].txt
   C:\DOCUME~1\Autumn_2\Cookies\autumn_2@www.bananalotto[2].txt
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ules
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\alerts.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\alerts_over.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\alerts_rec.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\alerts_rec_over.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\chevron-small.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\DealioSearch.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\deals-leftcap.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\deal_report.jpg
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\ebay_login.jpg
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\err_mainwindow.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\err_toolbar.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\global_scripts.js
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\headerbgthin.jpg
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\highlight-bg.png
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\logo.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\logo_over.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\man_toolbar.css
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\man_toolbar.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\man_toolbar.js
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\man_toolbarl.js
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\post-this-deal.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\post-this-deal_over.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\scripts.js
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\scroller.js
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\search-chevron.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\search-chevron_over.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\search_bg_blink.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\separator.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\settings.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\settings_over.gif
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127es\yahoo-search.png
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ules\index.76.35
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.10.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.109.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.110.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.12.52
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.13.58
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.130.58
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.135.50
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.153.44
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.155.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.156.49
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.16.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.161.52
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.178.66
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.184.55
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.188.52
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.189.45
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.196.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.198.56
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.199.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.200.53
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.201.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.202.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.203.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.205.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.213.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.214.49
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.215.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.216.67
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.217.67
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.218.52
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.219.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.220.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.221.57
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.222.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.223.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.226.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.227.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.228.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.229.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.23.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.239.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.24.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.240.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.241.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.242.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.243.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.244.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.245.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.247.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.248.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.249.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.250.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.251.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.252.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.253.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.254.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.255.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.256.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.257.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.279.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.28.58
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.282.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.283.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.284.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.289.67
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.290.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.291.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.296.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.297.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.304.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.307.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.308.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.31.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.310.46
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.311.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.315.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.316.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.317.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.318.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.319.49
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.32.48
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.334.44
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.335.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.336.44
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.337.44
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.338.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.339.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.34.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.340.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.341.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.349.50
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.35.48
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.350.50
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.351.51
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.352.54
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.353.51
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.354.51
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.357.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.358.52
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.359.52
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.360.53
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.361.54
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.362.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.363.58
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.364.54
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.365.53
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.367.56
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.368.58
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.369.55
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.370.56
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.371.56
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.372.57
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.373.55
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.375.56
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.376.57
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.377.55
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.378.65
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.384.58
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.386.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.387.59
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.388.59
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.389.59
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.390.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.391.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.392.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.393.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.394.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.396.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.397.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.398.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.399.60
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.403.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.404.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.405.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.406.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.407.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.408.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.409.61
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.412.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.413.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.414.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.415.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.416.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.417.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.418.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.419.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.420.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.421.62
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.423.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.424.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.425.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.426.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.427.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.428.65
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.429.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.430.63
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.432.65
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.433.64
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.434.65
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.435.64
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.436.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.437.64
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.438.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.439.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.440.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.442.73
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.443.73
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.444.73
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.445.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.446.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.450.67
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.451.67
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.452.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.453.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.454.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.456.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.457.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.458.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.459.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.460.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.462.74
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.463.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.464.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.465.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.468.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.469.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.470.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.471.73
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.472.70
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.478.74
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.479.73
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.480.68
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.481.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.482.74
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.49.67
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.50.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.500.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.501.74
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.502.71
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.51.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.52.72
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.520.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.521.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.522.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.53.51
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.531.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.532.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.534.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.54.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.55.45
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.56.69
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.57.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.58.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.593.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.595.76
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.63.57
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.66.47
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.70.75
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127ulesules.1.71.43
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\dealio-14212.log
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\dealio-14213.log
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\dod_cache.xml
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1112_2244_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1300_2880_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1500_3816_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1716_132_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_1880_1300_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_220_1824_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2244_2288_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_244_2060_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2708_2744_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_2864_3016_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3360_3832_4.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3360_3832_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3396_3884_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_3952_4004_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_4328_4456_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_4752_4244_5.html
   C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127	emp\_toolbar_tmp_5500_4480_5.html
   C:\Program Files\Dealio
   C:\Program Files\Dealio\DealioAU.exe
   C:\Program Files\Dealio\kb127
   C:\Program Files\Dealio\SearchSettingsKit.exe
   C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
   C:\Program Files\Dealio\kb127\Dealio.dll
   C:\Program Files\Dealio\kb127\DealioRes409.dll
   C:\Program Files\Dealio\kb127es
   C:\Program Files\Dealio\kb127esDN
   C:\Program Files\Dealio\kb127ules
   C:\Program Files\Dealio\kb127	emp
   C:\Program Files\Dealio\kb127es\alerts.gif
   C:\Program Files\Dealio\kb127es\alerts_over.gif
   C:\Program Files\Dealio\kb127es\alerts_rec.gif
   C:\Program Files\Dealio\kb127es\alerts_rec_over.gif
   C:\Program Files\Dealio\kb127es\chevron-small.gif
   C:\Program Files\Dealio\kb127es\DealioSearch.html
   C:\Program Files\Dealio\kb127es\deals-leftcap.gif
   C:\Program Files\Dealio\kb127es\deal_report.jpg
   C:\Program Files\Dealio\kb127es\ebay_login.jpg
   C:\Program Files\Dealio\kb127es\err_mainwindow.html
   C:\Program Files\Dealio\kb127es\err_toolbar.html
   C:\Program Files\Dealio\kb127es\global_scripts.js
   C:\Program Files\Dealio\kb127es\headerbgthin.jpg
   C:\Program Files\Dealio\kb127es\highlight-bg.png
   C:\Program Files\Dealio\kb127es\logo.gif
   C:\Program Files\Dealio\kb127es\logo_over.gif
   C:\Program Files\Dealio\kb127es\man_toolbar.css
   C:\Program Files\Dealio\kb127es\man_toolbar.html
   C:\Program Files\Dealio\kb127es\man_toolbar.js
   C:\Program Files\Dealio\kb127es\man_toolbarl.js
   C:\Program Files\Dealio\kb127es\post-this-deal.gif
   C:\Program Files\Dealio\kb127es\post-this-deal_over.gif
   C:\Program Files\Dealio\kb127es\scripts.js
   C:\Program Files\Dealio\kb127es\scroller.js
   C:\Program Files\Dealio\kb127es\search-chevron.gif
   C:\Program Files\Dealio\kb127es\search-chevron_over.gif
   C:\Program Files\Dealio\kb127es\search_bg_blink.gif
   C:\Program Files\Dealio\kb127es\separator.gif
   C:\Program Files\Dealio\kb127es\settings.gif
   C:\Program Files\Dealio\kb127es\settings_over.gif
   C:\Program Files\Dealio\kb127es\yahoo-search.png
   C:\Program Files\Dealio\kb127esDN\bottom.gif
   C:\Program Files\Dealio\kb127esDN\chevron_down.gif
   C:\Program Files\Dealio\kb127esDN\chevron_up.gif
   C:\Program Files\Dealio\kb127esDN\close.gif
   C:\Program Files\Dealio\kb127esDN\deskbar.css
   C:\Program Files\Dealio\kb127esDN\deskbar.js
   C:\Program Files\Dealio\kb127esDN\dispatch_helper.js
   C:\Program Files\Dealio\kb127esDN\ebay_compatible.jpg
   C:\Program Files\Dealio\kb127esDN\logo.gif
   C:\Program Files\Dealio\kb127esDN\logo_chevron_bkg.gif
   C:\Program Files\Dealio\kb127esDN\losing.gif
   C:\Program Files\Dealio\kb127esDN\lost.gif
   C:\Program Files\Dealio\kb127esDN\man_deskbar.html
   C:\Program Files\Dealio\kb127esDN\menu_arrow.gif
   C:\Program Files\Dealio\kb127esDN\menu_check.gif
   C:\Program Files\Dealio\kb127esDN
o_image.gif
   C:\Program Files\Dealio\kb127esDN\prod_img.gif
   C:\Program Files\Dealio\kb127esDN\search_chevron.gif
   C:\Program Files\Dealio\kb127esDN\spacer.gif
   C:\Program Files\Dealio\kb127esDN	extfield_bkg.gif
   C:\Program Files\Dealio\kb127esDN	op.gif
   C:\Program Files\Dealio\kb127esDN\unknown.gif
   C:\Program Files\Dealio\kb127esDN\winning.gif
   C:\Program Files\Dealio\kb127esDN\won.gif
   C:\Program Files\Dealio\kb127ules\index.76.35
   C:\Program Files\Dealio\kb127ulesules.1.10.76
   C:\Program Files\Dealio\kb127ulesules.1.109.43
   C:\Program Files\Dealio\kb127ulesules.1.110.43
   C:\Program Files\Dealio\kb127ulesules.1.12.52
   C:\Program Files\Dealio\kb127ulesules.1.13.58
   C:\Program Files\Dealio\kb127ulesules.1.130.58
   C:\Program Files\Dealio\kb127ulesules.1.135.50
   C:\Program Files\Dealio\kb127ulesules.1.153.44
   C:\Program Files\Dealio\kb127ulesules.1.155.43
   C:\Program Files\Dealio\kb127ulesules.1.156.49
   C:\Program Files\Dealio\kb127ulesules.1.16.60
   C:\Program Files\Dealio\kb127ulesules.1.161.52
   C:\Program Files\Dealio\kb127ulesules.1.178.66
   C:\Program Files\Dealio\kb127ulesules.1.184.55
   C:\Program Files\Dealio\kb127ulesules.1.188.52
   C:\Program Files\Dealio\kb127ulesules.1.189.45
   C:\Program Files\Dealio\kb127ulesules.1.196.43
   C:\Program Files\Dealio\kb127ulesules.1.198.56
   C:\Program Files\Dealio\kb127ulesules.1.199.43
   C:\Program Files\Dealio\kb127ulesules.1.200.53
   C:\Program Files\Dealio\kb127ulesules.1.201.43
   C:\Program Files\Dealio\kb127ulesules.1.202.43
   C:\Program Files\Dealio\kb127ulesules.1.203.71
   C:\Program Files\Dealio\kb127ulesules.1.205.62
   C:\Program Files\Dealio\kb127ulesules.1.213.71
   C:\Program Files\Dealio\kb127ulesules.1.214.49
   C:\Program Files\Dealio\kb127ulesules.1.215.43
   C:\Program Files\Dealio\kb127ulesules.1.216.67
   C:\Program Files\Dealio\kb127ulesules.1.217.67
   C:\Program Files\Dealio\kb127ulesules.1.218.52
   C:\Program Files\Dealio\kb127ulesules.1.219.43
   C:\Program Files\Dealio\kb127ulesules.1.220.43
   C:\Program Files\Dealio\kb127ulesules.1.221.57
   C:\Program Files\Dealio\kb127ulesules.1.222.43
   C:\Program Files\Dealio\kb127ulesules.1.223.68
   C:\Program Files\Dealio\kb127ulesules.1.226.68
   C:\Program Files\Dealio\kb127ulesules.1.227.43
   C:\Program Files\Dealio\kb127ulesules.1.228.62
   C:\Program Files\Dealio\kb127ulesules.1.229.76
   C:\Program Files\Dealio\kb127ulesules.1.23.63
   C:\Program Files\Dealio\kb127ulesules.1.239.43
   C:\Program Files\Dealio\kb127ulesules.1.24.43
   C:\Program Files\Dealio\kb127ulesules.1.240.43
   C:\Program Files\Dealio\kb127ulesules.1.241.43
   C:\Program Files\Dealio\kb127ulesules.1.242.43
   C:\Program Files\Dealio\kb127ulesules.1.243.43
   C:\Program Files\Dealio\kb127ulesules.1.244.63
   C:\Program Files\Dealio\kb127ulesules.1.245.43
   C:\Program Files\Dealio\kb127ulesules.1.247.43
   C:\Program Files\Dealio\kb127ulesules.1.248.43
   C:\Program Files\Dealio\kb127ulesules.1.249.43
   C:\Program Files\Dealio\kb127ulesules.1.250.43
   C:\Program Files\Dealio\kb127ulesules.1.251.43
   C:\Program Files\Dealio\kb127ulesules.1.252.43
   C:\Program Files\Dealio\kb127ulesules.1.253.43
   C:\Program Files\Dealio\kb127ulesules.1.254.43
   C:\Program Files\Dealio\kb127ulesules.1.255.43
   C:\Program Files\Dealio\kb127ulesules.1.256.43
   C:\Program Files\Dealio\kb127ulesules.1.257.43
   C:\Program Files\Dealio\kb127ulesules.1.279.43
   C:\Program Files\Dealio\kb127ulesules.1.28.58
   C:\Program Files\Dealio\kb127ulesules.1.282.75
   C:\Program Files\Dealio\kb127ulesules.1.283.43
   C:\Program Files\Dealio\kb127ulesules.1.284.43
   C:\Program Files\Dealio\kb127ulesules.1.289.67
   C:\Program Files\Dealio\kb127ulesules.1.290.62
   C:\Program Files\Dealio\kb127ulesules.1.291.61
   C:\Program Files\Dealio\kb127ulesules.1.296.43
   C:\Program Files\Dealio\kb127ulesules.1.297.43
   C:\Program Files\Dealio\kb127ulesules.1.304.43
   C:\Program Files\Dealio\kb127ulesules.1.307.43
   C:\Program Files\Dealio\kb127ulesules.1.308.75
   C:\Program Files\Dealio\kb127ulesules.1.31.47
   C:\Program Files\Dealio\kb127ulesules.1.310.46
   C:\Program Files\Dealio\kb127ulesules.1.311.43
   C:\Program Files\Dealio\kb127ulesules.1.315.43
   C:\Program Files\Dealio\kb127ulesules.1.316.43
   C:\Program Files\Dealio\kb127ulesules.1.317.43
   C:\Program Files\Dealio\kb127ulesules.1.318.43
   C:\Program Files\Dealio\kb127ulesules.1.319.49
   C:\Program Files\Dealio\kb127ulesules.1.32.48
   C:\Program Files\Dealio\kb127ulesules.1.334.44
   C:\Program Files\Dealio\kb127ulesules.1.335.60
   C:\Program Files\Dealio\kb127ulesules.1.336.44
   C:\Program Files\Dealio\kb127ulesules.1.337.44
   C:\Program Files\Dealio\kb127ulesules.1.338.75
   C:\Program Files\Dealio\kb127ulesules.1.339.47
   C:\Program Files\Dealio\kb127ulesules.1.34.43
   C:\Program Files\Dealio\kb127ulesules.1.340.47
   C:\Program Files\Dealio\kb127ulesules.1.341.47
   C:\Program Files\Dealio\kb127ulesules.1.349.50
   C:\Program Files\Dealio\kb127ulesules.1.35.48
   C:\Program Files\Dealio\kb127ulesules.1.350.50
   C:\Program Files\Dealio\kb127ulesules.1.351.51
   C:\Program Files\Dealio\kb127ulesules.1.352.54
   C:\Program Files\Dealio\kb127ulesules.1.353.51
   C:\Program Files\Dealio\kb127ulesules.1.354.51
   C:\Program Files\Dealio\kb127ulesules.1.357.62
   C:\Program Files\Dealio\kb127ulesules.1.358.52
   C:\Program Files\Dealio\kb127ulesules.1.359.52
   C:\Program Files\Dealio\kb127ulesules.1.360.53
   C:\Program Files\Dealio\kb127ulesules.1.361.54
   C:\Program Files\Dealio\kb127ulesules.1.362.68
   C:\Program Files\Dealio\kb127ulesules.1.363.58
   C:\Program Files\Dealio\kb127ulesules.1.364.54
   C:\Program Files\Dealio\kb127ulesules.1.365.53
   C:\Program Files\Dealio\kb127ulesules.1.367.56
   C:\Program Files\Dealio\kb127ulesules.1.368.58
   C:\Program Files\Dealio\kb127ulesules.1.369.55
   C:\Program Files\Dealio\kb127ulesules.1.370.56
   C:\Program Files\Dealio\kb127ulesules.1.371.56
   C:\Program Files\Dealio\kb127ulesules.1.372.57
   C:\Program Files\Dealio\kb127ulesules.1.373.55
   C:\Program Files\Dealio\kb127ulesules.1.375.56
   C:\Program Files\Dealio\kb127ulesules.1.376.57
   C:\Program Files\Dealio\kb127ulesules.1.377.55
   C:\Program Files\Dealio\kb127ulesules.1.378.65
   C:\Program Files\Dealio\kb127ulesules.1.384.58
   C:\Program Files\Dealio\kb127ulesules.1.386.71
   C:\Program Files\Dealio\kb127ulesules.1.387.59
   C:\Program Files\Dealio\kb127ulesules.1.388.59
   C:\Program Files\Dealio\kb127ulesules.1.389.59
   C:\Program Files\Dealio\kb127ulesules.1.390.60
   C:\Program Files\Dealio\kb127ulesules.1.391.60
   C:\Program Files\Dealio\kb127ulesules.1.392.60
   C:\Program Files\Dealio\kb127ulesules.1.393.60
   C:\Program Files\Dealio\kb127ulesules.1.394.60
   C:\Program Files\Dealio\kb127ulesules.1.396.61
   C:\Program Files\Dealio\kb127ulesules.1.397.61
   C:\Program Files\Dealio\kb127ulesules.1.398.60
   C:\Program Files\Dealio\kb127ulesules.1.399.60
   C:\Program Files\Dealio\kb127ulesules.1.403.61
   C:\Program Files\Dealio\kb127ulesules.1.404.63
   C:\Program Files\Dealio\kb127ulesules.1.405.61
   C:\Program Files\Dealio\kb127ulesules.1.406.61
   C:\Program Files\Dealio\kb127ulesules.1.407.76
   C:\Program Files\Dealio\kb127ulesules.1.408.63
   C:\Program Files\Dealio\kb127ulesules.1.409.61
   C:\Program Files\Dealio\kb127ulesules.1.412.62
   C:\Program Files\Dealio\kb127ulesules.1.413.62
   C:\Program Files\Dealio\kb127ulesules.1.414.62
   C:\Program Files\Dealio\kb127ulesules.1.415.62
   C:\Program Files\Dealio\kb127ulesules.1.416.62
   C:\Program Files\Dealio\kb127ulesules.1.417.62
   C:\Program Files\Dealio\kb127ulesules.1.418.62
   C:\Program Files\Dealio\kb127ulesules.1.419.62
   C:\Program Files\Dealio\kb127ulesules.1.420.62
   C:\Program Files\Dealio\kb127ulesules.1.421.62
   C:\Program Files\Dealio\kb127ulesules.1.423.63
   C:\Program Files\Dealio\kb127ulesules.1.424.63
   C:\Program Files\Dealio\kb127ulesules.1.425.63
   C:\Program Files\Dealio\kb127ulesules.1.426.63
   C:\Program Files\Dealio\kb127ulesules.1.427.63
   C:\Program Files\Dealio\kb127ulesules.1.428.65
   C:\Program Files\Dealio\kb127ulesules.1.429.63
   C:\Program Files\Dealio\kb127ulesules.1.430.63
   C:\Program Files\Dealio\kb127ulesules.1.432.65
   C:\Program Files\Dealio\kb127ulesules.1.433.64
   C:\Program Files\Dealio\kb127ulesules.1.434.65
   C:\Program Files\Dealio\kb127ulesules.1.435.64
   C:\Program Files\Dealio\kb127ulesules.1.436.76
   C:\Program Files\Dealio\kb127ulesules.1.437.64
   C:\Program Files\Dealio\kb127ulesules.1.438.71
   C:\Program Files\Dealio\kb127ulesules.1.439.71
   C:\Program Files\Dealio\kb127ulesules.1.440.75
   C:\Program Files\Dealio\kb127ulesules.1.442.73
   C:\Program Files\Dealio\kb127ulesules.1.443.73
   C:\Program Files\Dealio\kb127ulesules.1.444.73
   C:\Program Files\Dealio\kb127ulesules.1.445.68
   C:\Program Files\Dealio\kb127ulesules.1.446.69
   C:\Program Files\Dealio\kb127ulesules.1.450.67
   C:\Program Files\Dealio\kb127ulesules.1.451.67
   C:\Program Files\Dealio\kb127ulesules.1.452.68
   C:\Program Files\Dealio\kb127ulesules.1.453.68
   C:\Program Files\Dealio\kb127ulesules.1.454.69
   C:\Program Files\Dealio\kb127ulesules.1.456.69
   C:\Program Files\Dealio\kb127ulesules.1.457.75
   C:\Program Files\Dealio\kb127ulesules.1.458.70
   C:\Program Files\Dealio\kb127ulesules.1.459.70
   C:\Program Files\Dealio\kb127ulesules.1.460.69
   C:\Program Files\Dealio\kb127ulesules.1.462.74
   C:\Program Files\Dealio\kb127ulesules.1.463.69
   C:\Program Files\Dealio\kb127ulesules.1.464.70
   C:\Program Files\Dealio\kb127ulesules.1.465.68
   C:\Program Files\Dealio\kb127ulesules.1.468.70
   C:\Program Files\Dealio\kb127ulesules.1.469.70
   C:\Program Files\Dealio\kb127ulesules.1.470.70
   C:\Program Files\Dealio\kb127ulesules.1.471.73
   C:\Program Files\Dealio\kb127ulesules.1.472.70
   C:\Program Files\Dealio\kb127ulesules.1.478.74
   C:\Program Files\Dealio\kb127ulesules.1.479.73
   C:\Program Files\Dealio\kb127ulesules.1.480.68
   C:\Program Files\Dealio\kb127ulesules.1.481.71
   C:\Program Files\Dealio\kb127ulesules.1.482.74
   C:\Program Files\Dealio\kb127ulesules.1.49.67
   C:\Program Files\Dealio\kb127ulesules.1.50.43
   C:\Program Files\Dealio\kb127ulesules.1.500.71
   C:\Program Files\Dealio\kb127ulesules.1.501.74
   C:\Program Files\Dealio\kb127ulesules.1.502.71
   C:\Program Files\Dealio\kb127ulesules.1.51.69
   C:\Program Files\Dealio\kb127ulesules.1.52.72
   C:\Program Files\Dealio\kb127ulesules.1.520.76
   C:\Program Files\Dealio\kb127ulesules.1.521.76
   C:\Program Files\Dealio\kb127ulesules.1.522.76
   C:\Program Files\Dealio\kb127ulesules.1.53.51
   C:\Program Files\Dealio\kb127ulesules.1.531.76
   C:\Program Files\Dealio\kb127ulesules.1.532.75
   C:\Program Files\Dealio\kb127ulesules.1.534.75
   C:\Program Files\Dealio\kb127ulesules.1.54.47
   C:\Program Files\Dealio\kb127ulesules.1.55.45
   C:\Program Files\Dealio\kb127ulesules.1.56.69
   C:\Program Files\Dealio\kb127ulesules.1.57.43
   C:\Program Files\Dealio\kb127ulesules.1.58.47
   C:\Program Files\Dealio\kb127ulesules.1.593.76
   C:\Program Files\Dealio\kb127ulesules.1.595.76
   C:\Program Files\Dealio\kb127ulesules.1.63.57
   C:\Program Files\Dealio\kb127ulesules.1.66.47
   C:\Program Files\Dealio\kb127ulesules.1.70.75
   C:\Program Files\Dealio\kb127ulesules.1.71.43
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
   C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127es
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127	emp
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127	emp\ws-14210.log
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127	emp\ws-14211.log
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127	emp\ws-14212.log
   C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127	emp\ws-14213.log
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb127
   C:\Program Files\Search Settings\SearchSettings.exe
   C:\Program Files\Search Settings\kb127es
   C:\Program Files\Search Settings\kb127\SearchSettings.dll
   C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
   C:\Program Files\Search Settings\kb127	emp
   C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Seekmo

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\Autumn_2\Recent\beach life nocd crack.lnk



   1 - "C:\ToolBar SD\TB_1.txt" - dim. 30/11/2008|17:37 - Option : [1]

   -----------\  Fin du rapport a 17:37:02,51

Utilisateur anonyme · Answer

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée". 
! Ne ferme pas la fenêtre lors de la suppression ! 
Un rapport sera généré, poste son contenu ici. 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches. 
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..." 
Tape explorer puis valide

Autumn1608 · Answer

-----------\  ToolBar S&D 1.2.5   XP/Vista

   Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free :               Intel(R) Pentium(R) 4 CPU 3.00GHz )
   BIOS : Default System BIOS
   USER : Autumn_2 ( Administrator )
   BOOT : Normal boot
   Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
   Firewall  : Norton Internet Worm Protection 2006 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:144 Go (Free:66 Go)
   D:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
   Option : [2] ( dim. 30/11/2008|17:43 )

   -----------\ SUPPRESSION

   Supprime! - C:\WINDOWS\Prefetch\BUILDALOT2.EXE-0E791682.pf
   Supprime! - C:\DOCUME~1\Autumn_2\Cookies\autumn_2@bananalotto[1].txt
   Supprime! - C:\DOCUME~1\Autumn_2\Cookies\autumn_2@www.bananalotto[2].txt
   Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio\kb127
   Supprime! - C:\Program Files\Dealio\DealioAU.exe
   Supprime! - C:\Program Files\Dealio\kb127
   Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
   Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
   Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Seekmo
   Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Dealio
   Supprime! - C:\Program Files\Dealio
   Supprime! - C:\DOCUME~1\Autumn_2\APPLIC~1\Search Settings
   Supprime! - C:\Program Files\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\windows\system32\blank.htm"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\Autumn_2\Recent\beach life nocd crack.lnk



   1 - "C:\ToolBar SD\TB_1.txt" - dim. 30/11/2008|17:37 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - dim. 30/11/2008|17:44 - Option : [2]

   -----------\  Fin du rapport a 17:44:21,32



NB: Mon bureau n est pas reapparu.
Lorsque je veux ouvrir mon gestionnaire de taches, cela me met "Le gestionnaire de taches a ete desactivé par votre administrateur"

Utilisateur anonyme · Answer

comment va le pc ?

refais un scan hijackthis et post le rapport stp

Autumn1608 · Answer

Rien n a changé,le fond d ecran est toujours la.Et je ne peux pas ouvrir mon gestionnaire de taches.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:35, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\SpywareRemover.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Autumn_2\Bureau\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71067
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Around the World in 80 Days
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Utilisateur anonyme · Answer

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 




-> Double clique sur combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Autumn1608 · Answer

ComboFix 08-11-30.01 - Autumn_2 2008-11-30 19:25:35.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1328 [GMT 1:00] Lancé depuis: c:\documents and settings\Autumn_2\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Alex\Local Settings\Application Data\yiwmk.dat c:\documents and settings\Alex\Local Settings\Application Data\yiwmk.exe c:\documents and settings\Alex\Local Settings\Application Data\yiwmk_nav.dat c:\documents and settings\Alex\Local Settings\Application Data\yiwmk_navps.dat . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Service_Boonty Games ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 )))))))))))))))))))))))))))))))))))) . 2008-11-30 17:35 . 2008-11-30 17:44 d-------- C:\ToolBar SD 2008-11-30 17:06 . 2008-11-30 17:19 2,390 --a------ c:\windows\system32 mp.reg 2008-11-30 17:05 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe 2008-11-30 17:05 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe 2008-11-30 17:05 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe 2008-11-30 17:05 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\o4Patch.exe 2008-11-30 17:05 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe 2008-11-30 17:05 . 2008-11-29 17:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe 2008-11-30 17:05 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe 2008-11-30 17:05 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe 2008-11-30 17:05 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe 2008-11-30 17:05 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe 2008-11-29 23:22 . 2008-11-27 11:40 32,256 --a------ c:\windows\system32\frmwrk32.exe 2008-11-29 23:22 . 2008-11-30 19:30 4,785 --a------ c:\windows\system32\warning.gif 2008-11-29 23:22 . 2008-11-30 19:30 3,104 --a------ c:\windows\system32 tdll64.exe 2008-11-29 23:22 . 2008-11-30 19:30 1,349 --a------ c:\windows\system32\ahtn.htm 2008-11-29 23:22 . 2008-11-29 23:22 1 --a------ c:\windows\system32\uniq.tll 2008-11-29 23:22 . 2008-11-29 23:22 1 --a------ c:\windows\system32 est.ttt 2008-11-26 17:06 . 2008-11-26 17:06 410,976 --a------ c:\windows\system32\deploytk.dll 2008-11-26 10:58 . 2008-11-26 10:58 297,697 --a------ c:\windows\system32\SpywareRemover.exe 2008-11-24 10:45 . 2008-11-24 10:45 d-------- c:\windows\Zodiac Tower 2008-11-24 10:45 . 2008-11-24 10:45 d-------- c:\program files\Zodiac Tower 2008-11-24 10:44 . 2008-11-24 12:05 d-------- c:\program files\Ancient Zodiac Tower 2008-11-23 18:23 . 2008-11-23 20:44 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-23 18:23 . 2008-11-23 18:23 1,409 --a------ c:\windows\QTFont.for 2008-11-23 17:59 . 2008-11-23 18:19 d-------- c:\documents and settings\Autumn_2\Application Data\SecondLife 2008-11-23 17:58 . 2008-11-23 18:00 d-------- c:\program files\SecondLife 2008-11-23 10:25 . 2008-11-23 10:25 d-------- c:\program files\Build-Lot2.Town 2008-11-23 10:25 . 2008-11-23 10:25 d-------- c:\program files\Build-a-lot 2 Town of the Year 2008-11-23 00:23 . 2008-11-23 00:23 d-------- c:\program files\ReflexiveArcade 2008-11-23 00:16 . 2007-10-02 21:01 56,098,816 --a------ c:\program files\Build A Lot_FULLversion.exe 2008-11-23 00:15 . 2008-11-23 00:20 d-------- c:\program files\DragonStone 2008-11-21 15:31 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll 2008-11-21 15:31 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll 2008-11-19 22:45 . 2008-11-25 11:44 d-------- c:\documents and settings\All Users\Application Data\HipSoft 2008-11-19 21:20 . 2008-11-19 21:20 d-------- c:\documents and settings\All Users\Application Data\Trymedia 2008-11-19 21:19 . 2008-11-20 17:33 d-------- c:\program files\BFG 2008-11-16 21:01 . 2008-11-16 21:01 d-------- c:\documents and settings\All Users\Application Data\PlayPond 2008-11-15 16:22 . 2008-11-15 16:22 d-------- c:\program files\Secrets Of Olympus 2008-11-14 07:07 . 2008-11-14 07:07 d-------- c:\program files\MSXML 4.0 2008-11-13 10:32 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2008-11-13 10:32 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-10 17:47 . 2008-11-10 17:47 d-------- c:\documents and settings\Autumn_2\Application Data\Ahead 2008-11-07 23:42 . 2008-11-07 23:42 d-------- c:\program files\Heroes of Hellas 2008-11-07 21:59 . 2008-11-07 21:59 13 --a------ c:\windows\popcinfo.dat 2008-11-07 13:51 . 2008-11-07 13:51 d-------- c:\documents and settings\All Users\Application Data 7-89-o9-3r-4t-r9 2008-11-06 11:52 . 2008-11-06 11:52 193 --a------ c:\windows\cncscore.ini 2008-11-06 11:51 . 2008-11-06 13:54 d-------- C:\Olltwit 2008-11-06 11:51 . 2008-11-06 11:51 281,088 --a------ c:\windows\system32\cncs232.dll 2008-11-06 10:45 . 2008-11-17 23:48 d-------- c:\program files\Mirror Magic 2008-11-04 22:27 . 2008-11-04 22:27 15,872 --------- c:\windows\system32\winskfr.dll 2008-11-03 14:20 . 2008-11-03 14:20 d-------- C:\CaffeLatte 2008-11-02 15:52 . 2008-11-02 16:03 d-------- c:\program files\Téléchargeur de Beach Life 2008-11-02 15:52 . 2008-11-02 15:52 d-------- c:\program files\Fichiers communs\BOONTY Shared 2008-10-29 08:08 . 2008-10-29 08:08 d--hs---- c:\windows\ftpcache 2008-10-28 19:43 . 2008-10-28 19:43 d-------- c:\documents and settings\Autumn_2\Application Data\TuneUp Software 2008-10-28 12:22 . 2008-10-28 12:22 d-------- c:\program files\Boonty 2008-10-28 10:10 . 2008-10-28 10:10 d-------- c:\documents and settings\All Users\Application Data\SugarGames 2008-10-24 06:11 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache etapi32.dll 2008-10-22 22:05 . 2008-10-22 22:05 d-------- c:\documents and settings\All Users\Application Data\MythPeople 2008-10-19 19:45 . 2008-10-19 19:45 d-------- c:\documents and settings\All Users\Application Data\GameHouse 2008-10-17 21:03 . 2008-10-17 21:03 4,096 --a------ c:\windows\d3dx.dat 2008-10-17 11:21 . 2008-10-17 11:21 d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2008-10-17 09:11 . 2008-10-17 09:11 d-------- c:\program files\Tumblebugs 2 2008-10-15 22:54 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys 2008-10-15 22:53 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache toskrnl.exe 2008-10-15 22:53 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache tkrnlmp.exe 2008-10-15 22:53 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache tkrnlpa.exe 2008-10-15 22:53 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache tkrpamp.exe 2008-10-15 22:53 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys 2008-10-13 22:44 . 2008-10-13 22:44 d-------- c:\program files\Around the World in 80 Days 2008-10-02 22:54 . 2008-10-02 22:54 d-------- c:\program files\Fichiers communs\Skype . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-11-30 16:19 --------- d-----w c:\program files\Google 2008-11-29 22:20 --------- d-----w c:\program files\eMule 2008-11-26 16:06 --------- d-----w c:\program files\Java 2008-11-25 10:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-23 22:27 --------- d-----w c:\program files\Zylom Games 2008-11-22 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-11-16 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SecretsOfOlympus 2008-11-14 06:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-11-07 12:33 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-11-05 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst 2008-10-31 14:58 --------- d-----w c:\program files\PhotoFiltre Studio 2008-10-28 11:23 --------- d-----w c:\program files\BoontyGames 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-19 11:49 --------- d-----w c:\program files\Free FLV Converter 2008-10-17 08:11 --------- d-----w c:\program files\Tumblebugs 2 2006-03-02 12:00 73,728 -csh--w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe 2008-06-27 13:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008062720080628\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-26 297697] "RTHDCPL"="RTHDCPL.EXE" [2006-08-24 c:\windows\RTHDCPL.exe] "Framework Windows"="frmwrk32.exe" [2008-11-27 c:\windows\system32\frmwrk32.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Autumn_2\Menu D‚marrer\Programmes\D‚marrage\Around the World in 80 Days Around the World in 80 Days.lnk - c:\program files\Around the World in 80 Days\Around the World in 80 Days.exe [2008-03-01 331776] Starfors.Net.lnk - c:\program files\Around the World in 80 Days\starfors.net.html [2008-01-29 1763] à„…‰†¡Š†.lnk - c:\program files\Around the World in 80 Days\Uninstall.exe [2008-03-01 69868] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-11 10:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader eader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-06-13 07:16 528384 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-25 12:34 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-04 01:43 69632 c:\windows\Alcmtr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" "PCMService"="c:\apps\Powercinema\PCMService.exe" "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "WinampAgent"="c:\program files\Winamp\Winampa.exe" "au"=c:\program files\Dealio\DealioAU.exe "Itch ford four knob"=c:\documents and settings\All Users\Application Data hird lies itch ford\Ante Road.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "c:\APPS\Powercinema\PowerCinema.exe"= "c:\APPS\Powercinema\PCMService.exe"= "c:\Program Files\Messenger\msmsgs.exe"= "c:\Program Files\eMule\eMule.exe"= "c:\WINDOWS\system32\LEXPPS.EXE"= "c:\Program Files\Mozilla Firefox\firefox.exe"= "c:\WINDOWS\system32\mcoinstall.exe"= "c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "c:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "c:\Program Files\Windows Live\Messenger\livecall.exe"= "c:\Program Files\Ares\Ares.exe"= "c:\CaffeLatte\CafeClient\CafeProtocol.exe"= "c:\Program Files\SecondLife\SLVoice.exe"= "c:\Program Files\SecondLife\SecondLife.exe"= S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys [2008-06-04 34296] S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-05-23 83336] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-05-23 15112] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-05-23 108680] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-05-23 100488] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-05-23 98696] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . - - - - ORPHELINS SUPPRIMES - - - - MSConfigStartUp-Splash screen for Avast! - c:\program files\Alwil Software\Avast4\ashAvast.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\documents and settings\Autumn_2\Application Data\Mozilla\Firefox\Profiles\jtlkl8z1.default\ FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer pzylomgamesplayer.dll FF -: plugin - c:\program files\Google\Google Updater\2.4.1368.5602 pCIDetect13.dll FF -: plugin - c:\program files\Java\jre6\bin ew_plugin pdeploytk.dll FF -: plugin - c:\program files\Java\jre6\bin ew_plugin pjp2.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins pclntax_SeekmoSA.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins pdeploytk.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins pmozax.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins pzylomgamesplayer.dll FF -: plugin - c:\program files\Yahoo!\Common pyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 19:29:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(564) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\apps\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\oodag.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-11-30 19:34:04 - La machine a redémarré [Autumn_2] ComboFix-quarantined-files.txt 2008-11-30 18:34:01 ComboFix2.txt 2008-06-06 10:49:03 Avant-CF: 71,456,620,544 octets libres Après-CF: 73,861,935,104 octets libres 253 --- E O F --- 2008-11-14 06:11:55

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
c:\windows\system32	mp.reg 
c:\windows\system32\SrchSTS.exe 
c:\windows\system32\VACFix.exe 
c:\windows\system32\o4Patch.exe 
c:\windows\system32\IEDFix.exe 
c:\windows\system32\IEDFix.C.exe 
c:\windows\system32\404Fix.exe 
c:\windows\system32\Process.exe 
c:\windows\system32\dumphive.exe 
c:\windows\system32\WS2Fix.exe 
c:\windows\system32\frmwrk32.exe 
c:\windows\system32\warning.gif 

Folder:: 
c:\program files\Fichiers communs\BOONTY Shared 
c:\program files\Boonty 
C:\ToolBar SD

Registry:: 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Framework Windows"=-



Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci : 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Autumn1608 · Answer

Il n'y a pas eu de redemarrage.

Rapport Combofix :

ComboFix 08-11-30.01 - Autumn_2 2008-11-30 20:26:51.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1196 [GMT 1:00]
Lancé depuis: c:\documents and settings\Autumn_2\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Autumn_2\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\warning.gif
c:\windows\system32\WS2Fix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Boonty
c:\program files\Fichiers communs\BOONTY Shared
c:\program files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\ToolBar SD
c:\toolbar sd\AutrInf.cmd
c:\toolbar sd\Back.cmd
c:\toolbar sd\Backup-TB\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio Deskbar.lnk
c:\toolbar sd\Backup-TB\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Help.url
c:\toolbar sd\Backup-TB\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Seekmo Customer Support Center.lnk
c:\toolbar sd\Backup-TB\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Uninstall.lnk
c:\toolbar sd\Backup-TB\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\What is Dealio.url
c:\toolbar sd\Backup-TB\DOCUME~1\Autumn_2\Cookies\autumn_2@bananalotto[1].txt
c:\toolbar sd\Backup-TB\DOCUME~1\Autumn_2\Cookies\autumn_2@www.bananalotto[2].txt
c:\toolbar sd\Backup-TB\Program Files\Dealio\Dealio Deskbar.exe
c:\toolbar sd\Backup-TB\Program Files\Dealio\Dealio.dll
c:\toolbar sd\Backup-TB\Program Files\Dealio\DealioAU.exe
c:\toolbar sd\Backup-TB\Program Files\Dealio\DealioRes409.dll
c:\toolbar sd\Backup-TB\Program Files\Dealio\SearchSettingsKit.exe
c:\toolbar sd\Backup-TB\Program Files\Search Settings\SearchSettings.dll
c:\toolbar sd\Backup-TB\Program Files\Search Settings\SearchSettings.exe
c:\toolbar sd\Backup-TB\Program Files\Search Settings\SearchSettingsRes409.dll
c:\toolbar sd\Backup-TB\Reg\HKCU_Run.reg
c:\toolbar sd\Backup-TB\Reg\HKLM_BHO.reg
c:\toolbar sd\Backup-TB\Reg\HKLM_Classes.reg
c:\toolbar sd\Backup-TB\Reg\HKLM_Run.reg
c:\toolbar sd\Backup-TB\Reg\HKLM_ToolBar.reg
c:\toolbar sd\Backup-TB\Reg\HKLM_Uninstall.reg
c:\toolbar sd\Backup-TB\WINDOWS\Prefetch\BUILDALOT2.EXE-0E791682.pf
c:\toolbar sd\Backup-TB\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
c:\toolbar sd\Changelog ToolBar.txt
c:\toolbar sd\Crack.txt
c:\toolbar sd\DemP.cmd
c:\toolbar sd\DirectFix.cmd
c:\toolbar sd\Discl_en.vbs
c:\toolbar sd\Discl_fr.vbs
c:\toolbar sd\Discl_sp.vbs
c:\toolbar sd\Doss.tbsd
c:\toolbar sd\Fich.cmd
c:\toolbar sd\FixExt.cmd
c:\toolbar sd\iNv.exe
c:\toolbar sd\Kill.cmd
c:\toolbar sd\Langues.cmd
c:\toolbar sd\Orph.egd
c:\toolbar sd\OsV.exe
c:\toolbar sd\paths.bat
c:\toolbar sd\pv.exe
c:\toolbar sd\Rech.cmd
c:\toolbar sd\RegP2.txt
c:\toolbar sd\RegP3.txt
c:\toolbar sd\RegP4.txt
c:\toolbar sd\RegP5.txt
c:\toolbar sd\RegPCU.txt
c:\toolbar sd\RegPLM.txt
c:\toolbar sd\RegTBSD.reg
c:\toolbar sd\Rkeys.txt
c:\toolbar sd\RKit.lsd
c:\toolbar sd\RoGUeS.lsd
c:\toolbar sd\RunTool.txt
c:\toolbar sd\sed.exe
c:\toolbar sd\setpath.exe
c:\toolbar sd\TB_1.txt
c:\toolbar sd\TB_2.txt
c:\toolbar sd\ToolBarSD.cmd
c:\toolbar sd\ToolBarSD.ico
c:\toolbar sd\Uninstal.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\frmwrk32.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\warning.gif
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-30 ))))))))))))))))))))))))))))))))))))
.

2008-11-30 17:05 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-29 23:22 . 2008-11-30 20:00 3,104 --a------ c:\windows\system32\ntdll64.exe
2008-11-29 23:22 . 2008-11-30 20:00 1,349 --a------ c:\windows\system32\ahtn.htm
2008-11-29 23:22 . 2008-11-29 23:22 1 --a------ c:\windows\system32\uniq.tll
2008-11-29 23:22 . 2008-11-29 23:22 1 --a------ c:\windows\system32\test.ttt
2008-11-26 17:06 . 2008-11-26 17:06 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-26 10:58 . 2008-11-26 10:58 297,697 --a------ c:\windows\system32\SpywareRemover.exe
2008-11-24 10:45 . 2008-11-24 10:45 <REP> d-------- c:\windows\Zodiac Tower
2008-11-24 10:45 . 2008-11-24 10:45 <REP> d-------- c:\program files\Zodiac Tower
2008-11-24 10:44 . 2008-11-24 12:05 <REP> d-------- c:\program files\Ancient Zodiac Tower
2008-11-23 18:23 . 2008-11-23 20:44 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-23 18:23 . 2008-11-23 18:23 1,409 --a------ c:\windows\QTFont.for
2008-11-23 17:59 . 2008-11-23 18:19 <REP> d-------- c:\documents and settings\Autumn_2\Application Data\SecondLife
2008-11-23 17:58 . 2008-11-23 18:00 <REP> d-------- c:\program files\SecondLife
2008-11-23 10:25 . 2008-11-23 10:25 <REP> d-------- c:\program files\Build-Lot2.Town
2008-11-23 10:25 . 2008-11-23 10:25 <REP> d-------- c:\program files\Build-a-lot 2 Town of the Year
2008-11-23 00:23 . 2008-11-23 00:23 <REP> d-------- c:\program files\ReflexiveArcade
2008-11-23 00:16 . 2007-10-02 21:01 56,098,816 --a------ c:\program files\Build A Lot_FULLversion.exe
2008-11-23 00:15 . 2008-11-23 00:20 <REP> d-------- c:\program files\DragonStone
2008-11-21 15:31 . 2008-04-14 04:33 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-21 15:31 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-19 22:45 . 2008-11-25 11:44 <REP> d-------- c:\documents and settings\All Users\Application Data\HipSoft
2008-11-19 21:20 . 2008-11-19 21:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-11-19 21:19 . 2008-11-20 17:33 <REP> d-------- c:\program files\BFG
2008-11-16 21:01 . 2008-11-16 21:01 <REP> d-------- c:\documents and settings\All Users\Application Data\PlayPond
2008-11-15 16:22 . 2008-11-15 16:22 <REP> d-------- c:\program files\Secrets Of Olympus
2008-11-14 07:07 . 2008-11-14 07:07 <REP> d-------- c:\program files\MSXML 4.0
2008-11-13 10:32 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 10:32 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 17:47 . 2008-11-10 17:47 <REP> d-------- c:\documents and settings\Autumn_2\Application Data\Ahead
2008-11-07 23:42 . 2008-11-07 23:42 <REP> d-------- c:\program files\Heroes of Hellas
2008-11-07 21:59 . 2008-11-07 21:59 13 --a------ c:\windows\popcinfo.dat
2008-11-07 13:51 . 2008-11-07 13:51 <REP> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-11-06 11:52 . 2008-11-06 11:52 193 --a------ c:\windows\cncscore.ini
2008-11-06 11:51 . 2008-11-06 13:54 <REP> d-------- C:\Olltwit
2008-11-06 11:51 . 2008-11-06 11:51 281,088 --a------ c:\windows\system32\cncs232.dll
2008-11-06 10:45 . 2008-11-17 23:48 <REP> d-------- c:\program files\Mirror Magic
2008-11-04 22:27 . 2008-11-04 22:27 15,872 --------- c:\windows\system32\winskfr.dll
2008-11-03 14:20 . 2008-11-03 14:20 <REP> d-------- C:\CaffeLatte
2008-11-02 15:52 . 2008-11-02 16:03 <REP> d-------- c:\program files\Téléchargeur de Beach Life
2008-10-29 08:08 . 2008-10-29 08:08 <REP> d--hs---- c:\windows\ftpcache
2008-10-28 19:43 . 2008-10-28 19:43 <REP> d-------- c:\documents and settings\Autumn_2\Application Data\TuneUp Software
2008-10-28 10:10 . 2008-10-28 10:10 <REP> d-------- c:\documents and settings\All Users\Application Data\SugarGames
2008-10-24 06:11 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-22 22:05 . 2008-10-22 22:05 <REP> d-------- c:\documents and settings\All Users\Application Data\MythPeople
2008-10-19 19:45 . 2008-10-19 19:45 <REP> d-------- c:\documents and settings\All Users\Application Data\GameHouse
2008-10-17 21:03 . 2008-10-17 21:03 4,096 --a------ c:\windows\d3dx.dat
2008-10-17 11:21 . 2008-10-17 11:21 <REP> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-10-17 09:11 . 2008-10-17 09:11 <REP> d-------- c:\program files\Tumblebugs 2
2008-10-15 22:54 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 22:53 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 22:53 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 22:53 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 22:53 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 22:53 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-13 22:44 . 2008-10-13 22:44 <REP> d-------- c:\program files\Around the World in 80 Days
2008-10-02 22:54 . 2008-10-02 22:54 <REP> d-------- c:\program files\Fichiers communs\Skype

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-30 17:41 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-11-30 16:19 --------- d-----w c:\program files\Google
2008-11-29 22:20 --------- d-----w c:\program files\eMule
2008-11-26 16:06 --------- d-----w c:\program files\Java
2008-11-25 10:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 22:27 --------- d-----w c:\program files\Zylom Games
2008-11-22 19:02 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-16 21:52 --------- d-----w c:\documents and settings\All Users\Application Data\SecretsOfOlympus
2008-11-14 06:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-07 12:33 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-05 21:00 --------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2008-10-31 14:58 --------- d-----w c:\program files\PhotoFiltre Studio
2008-10-28 11:23 --------- d-----w c:\program files\BoontyGames
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-19 11:49 --------- d-----w c:\program files\Free FLV Converter
2008-10-17 08:11 --------- d-----w c:\program files\Tumblebugs 2
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-14 21:34 270,336 ----a-w c:\windows\system32\TubeFinder.exe
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-29 09:30 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-25 10:08 374,272 ----a-w c:\windows\system32\mss32.dll
2008-08-25 10:06 372,736 ----a-w c:\windows\system32\IJL15.DLL
2008-08-14 13:23 2,147,328 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 13:23 2,025,984 ----a-w c:\windows\system32\ntkrnlpa.exe
2006-03-02 12:00 73,728 -csh--w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2008-06-27 13:50 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008062720080628\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-25 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SpywareCleaner"="c:\windows\system32\SpywareRemover.exe" [2008-11-26 297697]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-24 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Autumn_2\Menu D‚marrer\Programmes\D‚marrage\Around the World in 80 Days
Around the World in 80 Days.lnk - c:\program files\Around the World in 80 Days\Around the World in 80 Days.exe [2008-03-01 331776]
Starfors.Net.lnk - c:\program files\Around the World in 80 Days\starfors.net.html [2008-01-29 1763]
à„…‰†¡Š†.lnk - c:\program files\Around the World in 80 Days\Uninstall.exe [2008-03-01 69868]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:33 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 06:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 07:16 528384 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-04-25 12:34 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-04 01:43 69632 c:\windows\Alcmtr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe"
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
"PCMService"="c:\apps\Powercinema\PCMService.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"WinampAgent"="c:\program files\Winamp\Winampa.exe"
"au"=c:\program files\Dealio\DealioAU.exe
"Itch ford four knob"=c:\documents and settings\All Users\Application Data\third lies itch ford\Ante Road.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\APPS\\Powercinema\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\CaffeLatte\\CafeClient\\CafeProtocol.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=

S3 MBAMCatchMe;MBAMCatchMe;\??\c:\windows\system32\drivers\mbamcatchme.sys [2008-06-04 34296]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [2008-05-23 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [2008-05-23 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [2008-05-23 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [2008-05-23 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [2008-05-23 98696]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Framework Windows - frmwrk32.exe

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-30 20:28:35
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-11-30 20:30:20
ComboFix-quarantined-files.txt 2008-11-30 19:29:14
ComboFix2.txt 2008-11-30 18:34:05
ComboFix3.txt 2008-06-06 10:49:03

Avant-CF: 73.833.684.992 octets libres
Après-CF: 73,781,526,528 octets libres

304 --- E O F --- 2008-11-14 06:11:55

Autumn1608 · Answer

Rapport Hijack : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:56, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Autumn_2\Bureau\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=71067
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareCleaner] C:\WINDOWS\system32\SpywareRemover.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Around the World in 80 Days
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Alex\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

Utilisateur anonyme · Answer

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier :c:\windows\system32
tdll64.exe 

Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 

Sauvegarde le rapport avec le bloc-note. 

Copie le dans ta réponse.

Autumn1608 · Answer

Antivirus 	Version 	Dernière mise à jour 	Résultat

AhnLab-V3 	2008.11.27.4 	2008.11.27 	-
AntiVir 	7.9.0.35 	2008.11.27 	-
Authentium 	5.1.0.4 	2008.11.27 	-
Avast 	        4.8.1281.0 	2008.11.27 	-
AVG 	        8.0.0.199 	2008.11.27 	-
BitDefender 	7.2 	        2008.11.27 	-
CAT-QuickHeal 	10.00 	        2008.11.27 	-
ClamAV 	        0.94.1 	        2008.11.27 	-
DrWeb 	        4.44.0.09170 	2008.11.27 	-
eSafe 	        7.0.17.0 	2008.11.27 	Suspicious File
eTrust-Vet 	31.6.6233 	2008.11.27 	-
Ewido 	        4.0 	        2008.11.27 	-
F-Prot 	        4.4.4.56 	2008.11.27 	-
F-Secure 	8.0.14332.0 	2008.11.27 	-
Fortinet 	3.117.0.0 	2008.11.27 	-
GData 	        19 	        2008.11.27 	-
Ikarus 	        T3.1.1.45.0 	2008.11.27 	-
K7AntiVirus 	7.10.536 	2008.11.27 	-
Kaspersky 	7.0.0.125 	2008.11.27 	-
McAfee 	        5447 	        2008.11.27 	-
McAfee+Artemis 	5447 	        2008.11.27 	-
Microsoft 	1.4104 	        2008.11.27 	-
NOD32 	        3646 	        2008.11.27 	-
Norman 	        5.80.02 	2008.11.27 	-
Panda 	        9.0.0.4 	2008.11.27 	Suspicious file
PCTools 	4.4.2.0 	2008.11.27 	-
Prevx1 	        V2 	        2008.11.27 	-
Rising 	        21.05.32.00 	2008.11.27 	-
SecureWeb-Gateway 	6.7.6 	2008.11.27 	-
Sophos 	        4.35.0 	        2008.11.27 	-
Sunbelt 	3.1.1832.2 	2008.11.27 	-
Symantec 	10 	        2008.11.27 	-
TheHacker 	6.3.1.1.165 	2008.11.27 	-
TrendMicro 	8.700.0.1004 	2008.11.27 	TROJ_DLOADER.IRQ
VBA32 	        3.12.8.9 	2008.11.27 	-
ViRobot 	2008.11.27.1489 	2008.11.27 	-
VirusBuster 	4.5.11.0 	2008.11.27 	-

Information additionnelle
File size: 3104 bytes
MD5...: 7799f5780bbf17c8eaf92204058c7b4b
SHA1..: 024e68c46eabce36af98ef46a52e0caaae69aa54
SHA256: f6189c67e8285c14619fc427a74d5e8cc86ef60b6ea8c1e1c02cd6c32bc34ddc
SHA512: bde7d4b371a8e42b033bf6911e4e127d2102a8fc9b7b633899add7b39cd3190e
b3864f33625a884c3dfb6978ff36a08de6c50939ede048aabef9e71cbd1699f3
ssdeep: 24:etGScskkti01fyCQcmUXjaJ0Siqx8RwyC68oOX0CbXLpCoEAYccPbJpB7:6tk
kpfESEZawySoOW9
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.3%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x401219
timedatestamp.....: 0x492dbb6f (Wed Nov 26 21:11:11 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x398 0x398 5.72 3302f7aab115619b045b4ae0dab4c00d
.bss 0x2000 0x4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x3000 0x98 0x98 0.47 7090eeb671c7375de6577d7efb3a11ad
.idata 0x4000 0x1e4 0x1e4 3.27 61805270d4dee9b4937c0ed03b4a9304

( 3 imports )
> KERNEL32.dll: GetCommandLineA, GetModuleHandleA, RtlUnwind
> USER32.DLL: DefWindowProcA
> CRTDLL.DLL: __GetMainArgs, exit, raise, signal, strchr

( 0 exports )
CWSandbox info: http://research.sunbelt-software.com/...

Warning! Dangerous Spyware

25 réponses

Votre réponse

Discussions similaires

Newsletters