Sujet Précédent Sujet Suivant

Comment se débarrasser de trojan zlob ou gen

francky60 -  
 francky60 -
Bonjour,
Pouvez vous m'aider a supprimer un trojan zlob ou trojan gen. Mon antivirus Avast là détecté, je l'ai mis en quarantaine mais, cela ne change rien. Et de plus je suis novice en informatique
Merci d'avance

45 réponses

Réponse 1 / 45
toto666 Messages postés 331 Statut Membre 14
 
Bonjour a toi francky60!

1)Nettoyage de ton système:

Télécharger et installer CCleaner
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

Suit moi ce tutoriel stp crée par ruru21 !
https://forums.cnetfrance.fr

2)Télécharger et installer Malwarebytes anti-malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
5)fermer toutes les autres applications.
6)Vérifier si tout est coché et clic « Supprimer la sélection ».

7)Un rapport s'ouvre copier-coller dans la réponse
Suit cette procédure merci
0
Réponse 2 / 45
neor Messages postés 1119 Statut Membre 30
 
bonjour

Télécharge HijackThis (outils de dignostic) ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
francky60
 
Merci de répondre aussi rapidement
voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:40, on 13/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Micro Application\MediaDICO\MediaDICO.EXE
C:\Program Files\Micro Application\MediaDICO\Rac.EXE
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pack Sécurité TELE2 Internet.lnk = C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\HP_Propriétaire\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - https://www.afternic.com/domains/errorsafe.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0
Réponse 3 / 45
neor Messages postés 1119 Statut Membre 30
 
Pour searchsettings

--------------------rechercher--------------------------

Important! Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif)

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
francky60
 
En résumé je désactive Avast mais c'est quoi mon antispyware résident. quent a spybot normalement il est désinstaller depuis environ 3 mois
que dois je faire
Merci,
0
Réponse 4 / 45
francky60
 
re,
j'ai juste arreter Avast
voici le rappor:
-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 09/30/05 18:13:56 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:57 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 13/12/2008|12:16 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@jobcrawler[1].txt
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\dinstallhelper.84936BCD4B5741AEB218F551E8CD2E1E.dll
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\xeros.exe
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\dealio-14225.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\dealio-14226.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4928_4424_3.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5896_3332_106.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5896_4508_104.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5896_4668_93.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5896_5804_107.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5896_5964_25.html
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5896_720_105.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp\ws-14224.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp\ws-14225.log
C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127\temp\ws-14226.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\Program Files\Fichiers communs\WhenU
C:\WINDOWS\iun6002.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\ICD1.tmp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.tele2.fr/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy_nav.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy_navps.dat
C:\WINDOWS\System32\ovebqcug.dat
C:\WINDOWS\System32\ovebqcug_nav.dat
C:\WINDOWS\System32\ovebqcug_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\HP_PRO~1\APPLIC~1\WinButler

1 - "C:\ToolBar SD\TB_1.txt" - 13/12/2008|12:19 - Option : [1]

-----------\\ Fin du rapport a 12:19:45,12
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 45
francky60
 
bonjour pppa,

j'ai rien compris a ta réponse
tu peux être plus claire stp
que dois je faire au juste
0
Réponse 6 / 45
neor Messages postés 1119 Statut Membre 30
 
--------------nettoyage----------------------------
ferme internet explorer
Relance Toolbar-S&D

Important! Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif)

en double-cliquant sur le raccourci.
Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, tu peux réouvrir internet explorer et poster le rapport ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
Réponse 7 / 45
francky60
 
voici le rapport:

-----------\\ ToolBar S&D 1.2.6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 09/30/05 18:13:56 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:57 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [2] ( 13/12/2008|13:26 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\HP_PRO~1\Cookies\hp_propriétaire@jobcrawler[1].txt
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\dinstallhelper.84936BCD4B5741AEB218F551E8CD2E1E.dll
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\kb127
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio\xeros.exe
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\ICD1.tmp
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\HP_PRO~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
Supprime! - C:\Program Files\Fichiers communs\WhenU

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.tele2.fr/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy.exe
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy_nav.dat
C:\DOCUME~1\HP_PRO~1\LOCALS~1\APPLIC~1\acsgy_navps.dat
C:\WINDOWS\System32\ovebqcug.dat
C:\WINDOWS\System32\ovebqcug_nav.dat
C:\WINDOWS\System32\ovebqcug_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\HP_PRO~1\APPLIC~1\WinButler

1 - "C:\ToolBar SD\TB_1.txt" - 13/12/2008|12:19 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 13/12/2008|13:28 - Option : [2]

-----------\\ Fin du rapport a 13:28:30,07
0
Réponse 8 / 45
neor Messages postés 1119 Statut Membre 30
 
---------------recherche----------------------

Télécharge Navilog1 sur ton bureau :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

!! Déconnecte toi,désactive tes défenses( anti-virus,anti-spyware ) et ferme bien toutes tes applications le temps de la manipe !!

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valide .
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé, le bloc-note va s'ouvrir.
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite .

(Le rapport est en outre sauvegardé à la racine du disque "C\:fixnavi.txt" )

TUTO (aide) : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901
0
Réponse 9 / 45
francky60
 
voici:
Search Navipromo version 3.7.0 commencé le 13/12/2008 à 13:43:25,65

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 09/30/05 18:13:56 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Not Activated)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:57 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

Recherche executé en mode normal

*** Recherche Programmes installés ***

Instant Access

*** Recherche dossiers dans "C:\WINDOWS" ***

*** Recherche dossiers dans "C:\Program Files" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" ***

*** Recherche dossiers dans "C:\Documents and Settings\HP_Propriétaire\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\acsgy.dat
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\acsgy.exe
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\acsgy_nav.dat
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\acsgy_navps.dat

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

*** Recherche fichiers ***

C:\WINDOWS\tmlpcert2007 trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"acsgy"="\"c:\\documents and settings\\hp_propri‚taire\\local settings\\application data\\acsgy.exe\" acsgy"

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :

ovebqcug.dat trouvé !
ovebqcug_nav.dat trouvé !
ovebqcug_navps.dat trouvé !

* Dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" :

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

A307AF9E91882CAA.job trouvé ! Infection Lop possible non traitée par cet outil !

*** Analyse terminée le 13/12/2008 à 13:52:09,07 ***
0
Réponse 10 / 45
neor Messages postés 1119 Statut Membre 30
 
----------------nettoyage-------------------------

Relance Navilog
# Sur le menu, choisis Désinfection automatique l'option 2
# Le fix va se mettre à travailler... sois patient!
# Cliques simplement sur OK si des fenêtres apparaissent.

Un rapport va être généré >> Envoi le

>>> Si ton bureau ne réapparait pas après le fix ce n'est rien ! <<<
Fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaitre ton bureau.
0
Réponse 11 / 45
francky60
 
voici:
Clean Navipromo version 3.7.0 commencé le 13/12/2008 à 14:10:05,37

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : BIOS Date: 09/30/05 18:13:56 Ver: 08.00.10
USER : HP_Propriétaire ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 081212-0] 4.8.1296 (Not Activated)

C:\ (Local Disk) - NTFS - Total:143 Go (Free:57 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

*** Suppression des fichiers trouvés avec Catchme ***

** 2ème passage avec résultats Catchme **

* Dans "C:\WINDOWS\system32" *

C:\WINDOWS\prefetch\acsgy*.pf trouvé !
Copie C:\WINDOWS\prefetch\acsgy*.pf réalisée avec succès !
C:\WINDOWS\prefetch\acsgy*.pf supprimé !

* Dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

acsgy.exe trouvé !
Copie acsgy.exe réalisée avec succès !
acsgy.exe supprimé !

acsgy.dat trouvé !
Copie acsgy.dat réalisée avec succès !
acsgy.dat supprimé !

acsgy_nav.dat trouvé !
Copie acsgy_nav.dat réalisée avec succès !
acsgy_nav.dat supprimé !

acsgy_navps.dat trouvé !
Copie acsgy_navps.dat réalisée avec succès !
acsgy_navps.dat supprimé !

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *

* Suppression dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

*** Suppression dossiers dans "C:\WINDOWS" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\HP_Propriétaire\menudm~1\progra~1" ***

*** Suppression fichiers ***

C:\WINDOWS\tmlpcert2007 supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\HP_Propri‚taire\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\WINDOWS\system32" *

ovebqcug.dat trouvé !
Copie ovebqcug.dat réalisée avec succès !
ovebqcug.dat supprimé !

ovebqcug_nav.dat trouvé !
Copie ovebqcug_nav.dat réalisée avec succès !
ovebqcug_nav.dat supprimé !

ovebqcug_navps.dat trouvé !
Copie ovebqcug_navps.dat réalisée avec succès !
ovebqcug_navps.dat supprimé !

* Dans "C:\Documents and Settings\HP_Propriétaire\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

A307AF9E91882CAA.job trouvé ! Infection Lop possible non traitée par cet outil !

*** Nettoyage terminé le 13/12/2008 à 14:14:43,82 ***
0
Réponse 12 / 45
neor Messages postés 1119 Statut Membre 30
 
Lance Malwarebyte's https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ).

--> Laisses le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

http://site-naheulbeuk.com/
0
Réponse 13 / 45
francky60
 
ce fut long
voici le rapport

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1456
Windows 5.1.2600 Service Pack 3

13/12/2008 15:32:06
mbam-log-2008-12-13 (15-32-06).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 200409
Temps écoulé: 56 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Perfect Defender 2009 (Rogue.PerfectDefender) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Perfect Defender 2009\pd.dll (Rogue.PerfectDefender) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 14 / 45
neor Messages postés 1119 Statut Membre 30
 
Télécharge OTMoveIt3 de OldTimer
http://oldtimer.geekstogo.com/OTMoveIt3.exe

* Enregistre-le sur ton bureau
* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) : 

:processes
explorer.exe

:files
C:\Documents and Settings\HP_Propriétaire\Application Data\WinButler
 
:commands
[emptytemp]
[Reboot]


* Clique sur le bouton rouge Moveit! pour lancer le nettoyage
* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
* Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...
0
Réponse 15 / 45
francky60
 
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\HP_Propriétaire\Application Data\WinButler not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_c48.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF9DD5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_160611
0
Réponse 16 / 45
francky60
 
voila

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\HP_Propriétaire\Application Data\WinButler not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\Perflib_Perfdata_c48.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF9DD5.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12132008_160611
0
Réponse 17 / 45
francky60
 
C'est fini ???
si oui, que dois je faire de tout les logiciels que j'ai télécharger et installé sur mon pc
certain sont détécté malveillant par avast
que faire

merci de me répondre neor
0
Réponse 18 / 45
neor Messages postés 1119 Statut Membre 30
 
repost un hijackthis stp
0
Réponse 19 / 45
francky60
 
bonjour neor,

voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:45, on 14/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
C:\Program Files\Tele2\Common\FSMA32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Tele2\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Tele2\Common\FCH32.EXE
C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tele2\Common\FAMEH32.EXE
C:\Program Files\Tele2\FSPC\fspc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Tele2\Common\FSM32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tele2\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Saitek\Software\ProfilerU.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tele2.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tele2\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tele2\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tele2\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Smax4] "C:\Documents and Settings\HP_Propriétaire\Application Data\Google\kjzna1562565.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Pack Sécurité TELE2 Internet.lnk = C:\Program Files\Tele2\backweb\2338637\Program\fspex.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Tele2\FSPC\fspcmsie.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pack Sécurité TELE2 Internet (BackWeb Plug-in - 2338637) - F-Secure Corp. - C:\PROGRA~1\Tele2\backweb\2338637\Program\SERVIC~1.EXE
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Tele2\backweb\2338637\program\fsbwsys.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tele2\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
0
Réponse 20 / 45
neor Messages postés 1119 Statut Membre 30
 
* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)
* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) : 

:processes
explorer.exe

:files
C:\Documents and Settings\HP_Propriétaire\Application Data\Microsoft\Windows\tuwll.exe
C:\Documents and Settings\HP_Propriétaire\Application Data\WinButler 

:commands
[emptytemp]
[Reboot]


* Clique sur le bouton rouge Moveit! pour lancer le nettoyage
* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)
--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
* Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

désinstalle completement norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
0

Discussions similaires

Supprimer son compte Temu
liwei -
Mel -

8 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Mon antivirus detecte un Trojan Gen.2
Utilisateur anonyme -
Fish66 -

25 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses