Rapport

la semoule -
Sloubi76 Messages postés 1410 Statut Membre - 8 déc. 2008 à 06:27

Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:17, on 06/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HomePlayer\HomePlayer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ZA243HFE\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini60.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: (no name) - {01ADBD8E-78E8-421F-83E7-126B630C0B11} - C:\WINDOWS\system32\nnnNhfcD.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\hggDTLEX.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {bef895fc-8b82-50f9-0dd4-9e0e17a5470b} - {b0745a71-e0e9-4dd0-9f05-28b8cf598feb} - C:\WINDOWS\system32\ladfpb.dll (file missing)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: HomePlayer.lnk = C:\Program Files\HomePlayer\HomePlayer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\HP_Propriétaire\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ladfpb.dll
O20 - Winlogon Notify: hggDTLEX - hggDTLEX.dll (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Afficher la suite

A voir également:

Rapport
Plan rapport de stage - Guide
Rapport de crash windows - Guide
Impression rapport de stage ✓ - Forum Word
Modifier rapport d'échelle pdf xchange viewer ✓ - Forum PDF
Acheter un rapport de stage - Forum Programmation

9 réponses

Réponse 1 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt avec des explications c'est mieux...

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Sloubi76 Messages postés 1410 Statut Membre 136

jlpjlp

Je t'envoie les explications en MP

la semoule Messages postés 7 Statut Membre > Sloubi76 Messages postés 1410 Statut Membre

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1467
Windows 5.1.2600 Service Pack 2

07/12/2008 06:06:39
mbam-log-2008-12-07 (06-06-26).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 121469
Temps écoulé: 5 hour(s), 23 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 57

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggdtlex (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0745a71-e0e9-4dd0-9f05-28b8cf598feb} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b0745a71-e0e9-4dd0-9f05-28b8cf598feb} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uauuuia (Adware.Navipromo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\nnnnhfcd -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\hggDTLEX.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ladfpb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\tswbabjb.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bjbabwst.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vcxtpswn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nwsptxcv.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\uauuuia_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\uauuuia_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\uauuuia.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\uauuuia.exe (Adware.Navipromo.H) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP226\A0108525.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP227\A0109525.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0109558.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110561.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110562.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110563.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110564.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110565.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110566.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110567.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110568.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP228\A0110569.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\byxuUnkl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\fccAtRhi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\frdpfigr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\geBUOIba.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gebxvvVo.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\gEwtrSKB.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\hgGYQHYr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifdaxvV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifghIba.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\irmiifye.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkijGyW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jkkLEwxu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\labmvfyd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ladfpb.VIR (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lJAQkkkl.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lJaXnKBU.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlJAPgDs.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mljJCUli.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mxeymj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\nnnNhfcD.VIR (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oPIbYsTj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oPiiiIxw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnmKEur.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\opnnlklJ.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pMDvwUmj.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rxswun.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\sSmmJayW.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tUljjIXP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uRLBRlIC.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uRLDurqR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\urQIxyAT.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvUMFuuR.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wvuVLdee.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xxyVOgge.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.

la semoule Messages postés 7 Statut Membre

-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - Award BIOS v6.00PG
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:68 Go (Free:9 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 07/12/2008|11:46 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\NERO13895\Toolbar.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\NERO14961\Toolbar.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\NERO14967\Toolbar.exe
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\dealio-14219.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2948_3232_3.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3528_980_3.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3636_1460_3.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3636_1620_6.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_648_3404_1.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@dealio[2].txt
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp\ws-14217.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp\ws-14219.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp\ws-14220.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://google.mini60.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\DcfhNnnn.ini
C:\WINDOWS\system32\DcfhNnnn.ini2
[b]==> VUNDO <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 07/12/2008|11:47 - Option : [1]

-----------\\ Fin du rapport a 11:47:02,39

la semoule Messages postés 7 Statut Membre

ComboFix 08-12-06.06 - HP_Propriétaire 2008-12-07 12:24:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.168 [GMT 1:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_PRO~1\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\HP_PRO~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\mahigvwb.ini
c:\windows\system32\wdgydvau.ini
c:\windows\Tasks\qohwyocu.job
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 ))))))))))))))))))))))))))))))))))))
.

2008-12-07 12:18 . 2008-12-07 12:18 <REP> d-------- C:\_OTMoveIt
2008-12-07 11:45 . 2008-12-07 11:54 <REP> d-------- C:\ToolBar SD
2008-12-07 09:53 . 2008-12-07 10:01 <REP> d-------- c:\program files\Navilog1
2008-12-06 21:17 . 2008-12-07 12:02 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-06 21:17 . 2008-12-06 21:17 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2008-12-06 21:17 . 2008-12-06 21:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-06 21:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-06 21:17 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-06 16:37 . 2008-12-06 16:37 <REP> d-------- c:\program files\AxBx
2008-11-26 21:10 . 2008-11-26 21:10 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2008-11-26 21:10 . 2008-12-04 18:39 538 --a------ c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat
2008-11-26 21:02 . 2008-11-26 21:04 <REP> d-------- c:\program files\Microsoft Works
2008-11-26 20:48 . 2008-11-26 20:48 <REP> d-------- c:\program files\BWorks
2008-11-26 20:28 . 2008-11-26 20:28 <REP> d-------- c:\program files\Antadis
2008-11-21 20:38 . 2008-11-26 20:54 <REP> d-------- c:\program files\MonProduit
2008-11-21 20:38 . 2008-11-30 16:09 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\CVitae
2008-11-19 18:50 . 2008-11-19 18:50 33 --a------ c:\windows\natiumoffice.properties
2008-11-19 17:37 . 2008-11-19 17:37 <REP> d-------- C:\FlySuite
2008-11-19 17:37 . 2008-11-19 22:25 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\FlySuite
2008-11-13 01:04 . 2008-11-14 05:23 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-13 00:53 . 2008-11-13 01:03 <REP> d-------- c:\documents and settings\Administrateur.HP.000\Modèles
2008-11-13 00:53 . 2008-11-13 01:03 <REP> d-------- c:\documents and settings\Administrateur.HP.000\Mes documents
2008-11-13 00:53 . 2008-11-13 01:03 <REP> d-------- c:\documents and settings\Administrateur.HP.000\Favoris
2008-11-13 00:53 . 2008-11-13 01:03 <REP> d---s---- c:\documents and settings\Administrateur.HP.000
2008-11-12 17:12 . 2008-11-12 17:12 0 --a----t- c:\windows\[u]0/u05640_.tmp
2008-11-09 09:07 . 2008-11-09 09:07 268 --ah----- C:\sqmdata05.sqm
2008-11-09 09:07 . 2008-11-09 09:07 244 --ah----- C:\sqmnoopt05.sqm
2008-11-09 08:33 . 2008-11-09 08:33 268 --ah----- C:\sqmdata04.sqm
2008-11-09 08:33 . 2008-11-09 08:33 244 --ah----- C:\sqmnoopt04.sqm
2008-11-08 22:38 . 2008-11-08 22:38 268 --ah----- C:\sqmdata03.sqm
2008-11-08 22:38 . 2008-11-08 22:38 244 --ah----- C:\sqmnoopt03.sqm
2008-11-08 22:22 . 2008-11-08 22:22 0 --a----t- c:\windows\[u]0/u05637_.tmp
2008-11-08 22:13 . 2008-11-08 22:13 268 --ah----- C:\sqmdata02.sqm
2008-11-08 22:13 . 2008-11-08 22:13 244 --ah----- C:\sqmnoopt02.sqm
2008-11-08 22:09 . 2008-11-08 22:09 <REP> d-------- c:\program files\Avira
2008-11-08 22:09 . 2008-11-08 22:09 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-08 18:22 . 2008-11-09 01:54 <REP> d-------- c:\documents and settings\Administrateur.HP\Modèles
2008-11-08 18:22 . 2008-11-09 01:54 <REP> d-------- c:\documents and settings\Administrateur.HP\Mes documents
2008-11-08 18:22 . 2008-11-09 01:54 <REP> d-------- c:\documents and settings\Administrateur.HP\Favoris
2008-11-08 18:22 . 2008-11-09 01:54 <REP> d---s---- c:\documents and settings\Administrateur.HP
2008-11-08 18:19 . 2008-11-08 18:19 268 --ah----- C:\sqmdata01.sqm
2008-11-08 18:19 . 2008-11-08 18:19 244 --ah----- C:\sqmnoopt01.sqm
2008-11-08 18:15 . 2008-11-08 18:15 268 --ah----- C:\sqmdata00.sqm
2008-11-08 18:15 . 2008-11-08 18:15 244 --ah----- C:\sqmnoopt00.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 16:57 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\Azureus
2008-12-04 17:52 --------- d-----w c:\program files\eMule
2008-11-28 21:48 --------- d-----w c:\program files\Azureus
2008-11-26 19:34 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 08:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-09 08:11 --------- d-----w c:\program files\Alwil Software
2008-11-09 00:55 --------- d-----w c:\program files\K-Lite Codec Pack
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-21 15:43 --------- d-----w c:\program files\K!TV
2008-10-17 14:06 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\U3
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\netapi32(8).dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\netapi32(7).dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\netapi32(6).dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\netapi32(5).dll
2008-10-15 16:59 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k(2)(3).sys
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-06-25 01:45 245,760 ----a-w c:\program files\Uninstall Ask Toolbar.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-14 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 339968]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-04-26 75776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-01 98304]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-09-30 57344]

c:\windows\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
AutoTBar.exe [2003-09-30 57344]

c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\
HomePlayer.lnk - c:\program files\HomePlayer\HomePlayer.exe [2007-11-06 294912]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ladfpb.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-06-19 576680]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8ade351-4547-11dd-8d18-0013d32da982}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8ade352-4547-11dd-8d18-0013d32da982}]
\Shell\Auto\command - K:\sxs.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{01ADBD8E-78E8-421F-83E7-126B630C0B11} - c:\windows\system32\nnnNhfcD.dll
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-PS2 - c:\windows\system32\ps2.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.mini60.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
mWindow Title =

c:\windows\Downloaded Program Files\FlyLoader.dll - O16 -: {48DF87EE-F2DE-11D8-BE7F-302050C10811}
hxxp://www.flysuite.com/flyword/loaderword_win_fr.cab

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_1_1.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 12:26:57
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2008-12-07 12:28:23
ComboFix-quarantined-files.txt 2008-12-07 11:27:44

Avant-CF: 10 591 809 536 octets libres
Après-CF: 12,899,991,552 octets libres

196 --- E O F --- 2008-11-12 15:52:32

Réponse 2 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Réponse 3 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok comme tu as déjà fais malwarebyte je change, (tu as bien tout viré ce qui a été trouvé par malwarebyte? sinon refais et vire tout, puis vire ce qui est en quarantaine)

_________________

ensuite:

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

________________

ensuite comme tu as aussi une infection vundo

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
C:\WINDOWS\system32\DcfhNnnn.ini
C:\WINDOWS\system32\DcfhNnnn.ini2

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

la semoule Messages postés 7 Statut Membre

Réponse 4 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ensuite comme tu as aussi une infection vundo

télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
C:\WINDOWS\system32\DcfhNnnn.ini
C:\WINDOWS\system32\DcfhNnnn.ini2

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________________

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

la semoule Messages postés 7 Statut Membre

========== FILES ==========
File/Folder C:\WINDOWS\system32\DcfhNnnn.ini not found.
File/Folder C:\WINDOWS\system32\DcfhNnnn.ini2 not found.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_122047

Sloubi76 Messages postés 1410 Statut Membre 136 > la semoule Messages postés 7 Statut Membre

La semoule,

envoie un nouveau rapport Hitjack

la semoule Messages postés 7 Statut Membre > Sloubi76 Messages postés 1410 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:53:38, on 07/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HomePlayer\HomePlayer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini60.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: HomePlayer.lnk = C:\Program Files\HomePlayer\HomePlayer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {48DF87EE-F2DE-11D8-BE7F-302050C10811} (FlyLoader Class) - http://www.flysuite.com/flyword/loaderword_win_fr.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ladfpb.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

la semoule Messages postés 7 Statut Membre > Sloubi76 Messages postés 1410 Statut Membre

c'est quoi un tutoriel complet

Sloubi76 Messages postés 1410 Statut Membre 136 > la semoule Messages postés 7 Statut Membre

Il s'agit d'une aide à l'utilisation qui présente l'outil.

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Sloubi76 Messages postés 1410 Statut Membre 136

jlp,

rapport combo post 10

Réponse 6 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

:) j'avais pas vu

vire le fichier:
Uninstall Ask Toolbar.dll

en allant dans poste de travail puis
c:\program files\Uninstall Ask Toolbar.dll

____________________

Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

Sloubi76 Messages postés 1410 Statut Membre 136

jlp,

Ne t'inquiète pas si le temps de réponse est long, la machine ne veut pas redémarrer en mode normale.
Seul le mode sans échec est disponible.

@ +

Réponse 7 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

depuis quand vous ne pouvez aller qu'en mode sans echec? depuis la desinfection?

Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

Sloubi76 Messages postés 1410 Statut Membre 136

Jlp,

Je fais l'intermédiaire,
le mode normal semble impossible suite à chaque mise à jour de Windows, c'est pour cela que ces MAJ ne sont réalisées qu'épisodiquement.
Su tu dispose d'une piste.

à +

Réponse 8 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

le windows est légal?

si pas legal il faut désactiver les mises a jour

Sloubi76 Messages postés 1410 Statut Membre 136

Jlp,

Oui le windows est légal,

@ +

Réponse 9 / 9

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok

Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

puis

reparer windows:
https://www.pcastuces.com/pratique/windows/xp/default.htm

puis remettre un rapport hijakhcits et dire les soucis

Sloubi76 Messages postés 1410 Statut Membre 136

Jlp,

Le message est transmis

@ +

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport

écrire un rapport de travail

impossible d'afficher le tableau dynamique sur un rapport existant

Problém affichage du tableau croisé dynamique

Theme de rapport de stage option comptabilité

Rapport

9 réponses

Votre réponse

Discussions similaires

Newsletters