Sujet Précédent Sujet Suivant

System Security

Résolu/Fermé
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009 - 14 févr. 2009 à 13:25
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 24 févr. 2009 à 16:07
Bonjour,

pas plus tard qu'avant hier, tout allait bien: j'étais protégée par l'antivirus Avast, puis j'ai été sur un site et, après avoir voulu téléchargé (fichier exécutable) une vidéo, me suis retrouvé avec des tas de fenêtres me disant d'acheter tel ou tel antivirus, de plus mon ordi s'affolait et m'affichait sans cesse "problème de sécurité" avec une petite croix rouge dans la barre des tâches! Ne savant plus quoi faire, j'ai finallement acheté la version complète de System Security qui se proposait. Puis, tout allait bien, il me faisait des scans réguliers, jusqu'à ce matin où il ne démarre plus de scan, et dès que je clique sur l'icône du bureau, il me sort une petite fenêtre avec écrit:

Exception EIncorrectUDB in module 1767467305.exe at 000AB335.
The file is not a database.

Quelqu'un a-t'il une idée de ce que je dois faire? Parce que celà me semble bizarre sur une version complète et payante! Grand merci par avance à vous tous!

M.

28 réponses

  • 1
  • 2
Réponse 1 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
24 févr. 2009 à 09:20
Très bien, ton ordinateur n'est plus infecté !

Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (7).



1) Les barres d'outils

Souvent installées avec d'autres logiciels sans que l'utilisateur y fasse attention, les barres d'outils se multiplient sur les ordinateurs et ont deux résultats : ralentir les ordinateurs et provoquer des bugs des navigateurs.
Je te conseille vivement de désinstaller la (barre d'outil Windows Live).
Pour ça, ferme ton navigateur, puis Menu démarrer --> Panneau de configuration --> ajout/suppression de programmes --> désinstalle la « Windows Live Toolbar ».



2) Sécurise ton ordinateur

• Anti-virus :
Il te faut impérativement un antivirus... Parmi ls gratuits, je te conseille Antivir, qui est considéré comme le meilleur : télécharge le ici.

• Anti-spyware :
* Désinstalle Ad-Aware qui est inutile (pas de protection résidente, un scan médiocre, et une consommation de mémoire permanente malgré tout...)
* Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement (« Updates »), tous les 15 jours environ, et activer toutes les protections (« Enable all protection »)
* En complément, garde MalwareBytes pour son scan de nettoyage performant.

• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox 3 avec deux extensions :
AdBlockPlus pour bloquer les publicités ;
WOT, pour t'avertir des sites web dangereux.

• Java n'est pas à jour, c'est une faille de sécurité.
Il faut d'abord désinstaller l'ancienne version : Ouvre le menu démarrer --> panneau de configuration --> ajout/suppression de programmes --> sélectionne toutes les versions de java présentes et désinstalle les.
Ensuite, télécharge et installe la nouvelle version depuis le site officiel de java : https://java.com/fr/

• Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.



3) Relance Hijackthis (pour la dernière fois), choisis "scan system only" et coche les lignes suivantes qui sont inutiles (j'ai intégré les barres d'outils dans cette liste) :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')

Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, cette ligne devrait apparaitre, tu peux la cocher : O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Coche également toutes les lignes commençant par 016

Ensuite, clique sur "Fix checked"



4) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.



5) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).



6) Pour finir le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés).

• Fais un clic droit sur poste de travail (qui est sur ton Bureau ou dans le menu démarrer), puis propriétés.
• Sélectionne l'onglet restauration du système
• Coche l'option Désactiver la restauration du système sur tous les lecteurs
• Clique sur OK.

Puis refais la manipulation inverse pour réactiver la restauration système.



7) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
Prévention et sécurité sur internet




Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)
1
Réponse 2 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
14 févr. 2009 à 17:54
Bonjour,


Il ne faut JAMAIS télécharger un logiciel issu d'une publicité.
Je pense que System Security est un rogue, c'est à dire un faux logiciel de sécurité qui essaye de t'effrayer pour te faire payer... Si c'est bien le cas, tu t'es fait arnaquer !


On va vérifier ça :

• Télécharge Random's System Information Tool (RSIT) de random/random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur ' continue ' à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaitre. Poste le contenu de log.txt

0
Réponse 3 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
14 févr. 2009 à 17:59
Merci beaucoup Anthony :)

J'ai fait ce que tu m'as demandé, voici le log.txt :


Logfile of random's system information tool 1.05 (written by random/random)
Run by Marjorie at 2009-02-14 17:57:38
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 5 GB (7%) free of 78 GB
Total RAM: 503 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:58:00, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\perce.jpg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Marjorie\Bureau\RSIT.exe
C:\Program Files\trend micro\Marjorie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [1767467305] "C:\Documents and Settings\All Users\Application Data\1960183940\1767467305.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [systeminit.exe] C:\DOCUME~1\Marjorie\LOCALS~1\Temp\systeminit.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Marjorie\LOCALS~1\Temp\perce.jpg.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Marjorie\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 4 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
14 févr. 2009 à 18:04
Re,


Il y a plusieurs infections sur ce rapport (au moins 3)... Au passage, celui-ci est incomplet (pour commencer ça suffira), mais lorsque je t'en demanderai un nouveau, veille à ce qu'il soit au complet ;)

Pour commencer :


1) Ton ordinateur est infecté par un logiciel néfaste issu du site EoRezo --> ne retourne pas sur ce site

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton Bureau
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )




2) Tu as une barre d'outil néfaste (SearchSettings)

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
14 févr. 2009 à 18:15
Re, voici déjà le rapport de Ad-Remover. Je fais le suivant!



------- LOGFILE OF AD-REMOVER 1.1.1.2 | ONLY XP/VISTA -------

Updated by C_XX on 14/02/2009 at 13:40

Start at: 18:11:00 | Sam 14/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: MARJORIE-FA81EE
Current User: Marjorie - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 55

+--------------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\System\ControlSet003\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\tdm.log
C:\WINDOWS\Prefetch\BOONTYBOX.EXE-01F4AF9F.pf
C:\WINDOWS\Prefetch\BOONTYBOXCHECKFILE.EXE-02C7D19A.pf
C:\WINDOWS\Prefetch\BOONTYBOXENGINE.EXE-025B9439.pf
C:\WINDOWS\Prefetch\BOONTYBOXUPGRADE.EXE-036237E1.pf
C:\Documents and Settings\Marjorie\Cookies\marjorie@boonty.122.2o7[1].txt

+--------------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eotraduction
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Documents and Settings\Marjorie\Application Data\EoRezo
C:\Documents and Settings\Marjorie\Application Data\EoRezo\db
C:\Documents and Settings\Marjorie\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Marjorie\Application Data\EoRezo\eoStats
C:\Documents and Settings\Marjorie\Application Data\EoRezo\EoTraduction
C:\Documents and Settings\Marjorie\Application Data\EoRezo\EoTraduction\EoTraductionSkin
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\is-9V429.tmp\EoTraduction by EoRezo
C:\Documents and Settings\Marjorie\Cookies\marjorie@eorezo[2].txt

+--------------------| Infected Poker Softwares Elements Found:

.
C:\Documents and Settings\Marjorie\Cookies\marjorie@partypoker[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

.

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.18 ----

ProfilePath: jx61hblp.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://fr.yahoo.com/

+-[HKEY_USERS\S-1-5-21-1960408961-308236825-725345543-1004\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://fr.yahoo.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://fr.yahoo.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://fr.yahoo.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~6144 Bytes] - "C:\Ad-Report-Scan-14.02.2009.log"
-

End at: 18:12:30 | 14/02/2009
.
+--------------------| E.O.F - 134 Lines
.
0
Réponse 6 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
14 févr. 2009 à 18:23
Et voici le rapport fait avec Tooblar-S&D :


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 07/22/05 10:31:27 Ver: 08.00.10
USER : Marjorie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 080630-1] 4.8.1201 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:5 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 14/02/2009|18:18 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Marjorie\APPLIC~1\Dealio
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resFF
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\bottom.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\chevron_down.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\chevron_up.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\close.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\deskbar.css
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\deskbar.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\dispatch_helper.js
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\ebay_compatible.jpg
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\logo.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\losing.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\lost.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\man_deskbar.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\menu_arrow.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\menu_check.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\no_image.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\prod_img.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\search_chevron.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\spacer.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\textfield_bkg.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\top.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\unknown.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\winning.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resDN\won.gif
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resFF\deal_report.jpg
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\resFF\ebay_login.jpg
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\index.3.67.22
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.109.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.178.66
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.198.56
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.245.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.247.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.279.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.283.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.284.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.289.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.290.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.297.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.315.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.319.49
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.335.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.337.44
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.340.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.360.53
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.386.59
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.388.59
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.391.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.398.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.399.60
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.403.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.404.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.405.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.406.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.407.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.408.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.409.61
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.412.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.413.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.414.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.415.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.416.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.417.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.418.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.419.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.420.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.421.62
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.424.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.427.63
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.432.65
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.49.67
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.51.46
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.52.57
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.53.51
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.54.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.57.43
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\rulesFF\rules.3.58.47
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\dealio-14286.log
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\dealio-14287.log
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\dealio-14288.log
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_deskbar_tmp.html_3544_3548_1.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1020_1696_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1020_2604_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1100_2412_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1248_2468_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_156_352_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1576_2140_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1668_1320_1.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1668_1320_2.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1772_2080_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1820_3988_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2012_1172_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2172_2244_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2188_2240_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2188_232_14.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2208_5896_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2256_892_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2288_3484_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2364_2436_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2364_2564_7.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2384_2536_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2444_5464_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2484_3020_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2488_2624_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2540_2008_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2560_3272_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2560_5740_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2624_2320_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2692_3100_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2968_3392_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_296_3024_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_296_5624_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3172_152_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3172_6088_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3216_3500_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3260_3856_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3612_1.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_3612_2.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3396_2716_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3396_3580_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3432_3496_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3456_1888_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3456_3664_20.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3516_1028_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3516_1032_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3576_3676_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3612_2908_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3676_1740_6.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3676_3476_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3736_996_17.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_376_2564_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3792_4076_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3816_3852_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3856_3988_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3868_3892_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_1836_8.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3880_3536_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3920_2084_6.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3920_4068_9.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3920_5996_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3948_4076_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_2476_21.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_3164_10.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_3920_22.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_4088_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3952_416_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4000_3484_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_2184_20.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_3808_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4036_4000_17.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_416_2672_127.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_416_3764_126.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4240_4264_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4240_4452_4.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4240_4452_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4492_4520_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4492_4668_6.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4620_5284_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4736_4760_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5252_5272_6.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5252_5644_7.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5348_5376_6.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5348_5572_7.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_5660_5684_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6048_6052_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6696_17920_9.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6828_6864_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7568_3456_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7568_4588_11.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_7768_7804_5.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_976_1672_3.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_9988_4752_9.html
C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_9988_5504_3.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\resFF
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\rulesFF
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\resFF\deal_report.jpg
C:\Program Files\Dealio\kb127\resFF\ebay_login.jpg
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\Program Files\Dealio\kb127\rulesFF\index.3.67.22
C:\Program Files\Dealio\kb127\rulesFF\rules.3.109.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.178.66
C:\Program Files\Dealio\kb127\rulesFF\rules.3.198.56
C:\Program Files\Dealio\kb127\rulesFF\rules.3.245.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.247.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.279.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.283.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.284.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.289.67
C:\Program Files\Dealio\kb127\rulesFF\rules.3.290.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.297.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.315.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.319.49
C:\Program Files\Dealio\kb127\rulesFF\rules.3.335.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.337.44
C:\Program Files\Dealio\kb127\rulesFF\rules.3.340.47
C:\Program Files\Dealio\kb127\rulesFF\rules.3.360.53
C:\Program Files\Dealio\kb127\rulesFF\rules.3.386.59
C:\Program Files\Dealio\kb127\rulesFF\rules.3.388.59
C:\Program Files\Dealio\kb127\rulesFF\rules.3.391.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.398.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.399.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.403.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.404.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.405.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.406.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.407.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.408.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.409.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.412.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.413.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.414.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.415.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.416.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.417.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.418.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.419.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.420.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.421.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.424.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.427.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.432.65
C:\Program Files\Dealio\kb127\rulesFF\rules.3.49.67
C:\Program Files\Dealio\kb127\rulesFF\rules.3.51.46
C:\Program Files\Dealio\kb127\rulesFF\rules.3.52.57
C:\Program Files\Dealio\kb127\rulesFF\rules.3.53.51
C:\Program Files\Dealio\kb127\rulesFF\rules.3.54.47
C:\Program Files\Dealio\kb127\rulesFF\rules.3.57.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.58.47
C:\WINDOWS\Prefetch\DEALIO DESKBAR.EXE-0CAD5C64.pf
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\Marjorie\Cookies\marjorie@dealio[1].txt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.xul
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.dtd
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.properties
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealiotoolbarplugin.css
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_large.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_small.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\search_dealio.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioFF.dll
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioProtocol.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.xpt
C:\DOCUME~1\Marjorie\Cookies\marjorie@hotbar[2].txt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127\temp\ws-14286.log
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127\temp\ws-14287.log
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127\temp\ws-14288.log
C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127\temp\ws-14289.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\DOCUME~1\Marjorie\Cookies\marjorie@h.starware[1].txt
C:\DOCUME~1\Marjorie\Cookies\marjorie@try.starware[2].txt
C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar
C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar\ErrorLog.txt
C:\DOCUME~1\Marjorie\APPLIC~1\VMNToolbar
C:\DOCUME~1\Marjorie\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
C:\DOCUME~1\Marjorie\APPLIC~1\VMNToolbar\New York_NY_weather.txt
C:\DOCUME~1\Marjorie\Cookies\marjorie@hosted.zango[1].txt
C:\DOCUME~1\Marjorie\Cookies\marjorie@www.zango[2].txt
C:\DOCUME~1\Marjorie\Cookies\marjorie@7search[1].txt
C:\WINDOWS\iun6002.exe
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\ns61.tmp

-----------\\ Extensions

(Invit‚) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Marjorie) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Marjorie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Marjorie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Marjorie) - {B13721C7-F507-4982-B2E5-502A71474FED} => skype_ff_toolbar_win


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://fr.yahoo.com/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://fr.yahoo.com/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Marjorie\Cookies\marjorie@cuntcrack[2].txt
C:\DOCUME~1\Marjorie\Mes documents\Madonna_Hung_Up_On_Crack.avi
C:\DOCUME~1\Marjorie\Mes documents\Thierry Le Luron\Captures\Nouveau dossier\Madonna_Hung_Up_On_Crack.mp3



1 - "C:\ToolBar SD\TB_1.txt" - 14/02/2009|18:20 - Option : [1]

-----------\\ Fin du rapport a 18:20:18,23


Merci beaucoup de prendre de ton temps pour m'aider :-) !
0
Réponse 7 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
15 févr. 2009 à 03:41
! Déconnecte toi et ferme toutes les applications en cours !

Relance "Ad-remover" et choisis l'option "B" au menu principal

Coche à l'écran de sélection :
Suppression Boonty/BoontyGames
Suppression Eorezo
Suppression Infected Poker Softwares

Puis choisis "S" , le programme va travailler,

Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )



• Relance Toolbar-S&D en double-cliquant sur le raccourci.
• Tape sur "2" puis valide en appuyant sur "Entrée".
• Ne ferme pas la fenêtre lors de la suppression !
• Un rapport sera généré, poste son contenu ici.



Après ça, il devrait y avoir deux infections en moins, mais il en reste encore !
Merci de revenir jusqu'au bout ;)

0
Réponse 8 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
15 févr. 2009 à 11:19
coucou,
Voici le rapport de ad-remover après suppression des programmes ( je crois que ce sont des programmes!! :) ).
Comme il ne me laissait aucun rapport à la fin, j'en ai refait un comme la première fois avec l'option A pour 'scan".
J'espère que c'est bon. J'attaque le suivant! :-)


------- LOGFILE OF AD-REMOVER 1.1.1.2 | ONLY XP/VISTA -------

Updated by C_XX on 14/02/2009 at 13:40

Start at: 11:14:52 | Dim 15/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: MARJORIE-FA81EE
Current User: Marjorie - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 51

+--------------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\System\ControlSet003\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\tdm.log
C:\WINDOWS\Prefetch\BOONTYBOX.EXE-01F4AF9F.pf
C:\WINDOWS\Prefetch\BOONTYBOXCHECKFILE.EXE-02C7D19A.pf
C:\WINDOWS\Prefetch\BOONTYBOXENGINE.EXE-025B9439.pf
C:\WINDOWS\Prefetch\BOONTYBOXUPGRADE.EXE-036237E1.pf
C:\Documents and Settings\Marjorie\Cookies\marjorie@boonty.122.2o7[1].txt

+--------------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eotraduction
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Documents and Settings\Marjorie\Application Data\EoRezo
C:\Documents and Settings\Marjorie\Application Data\EoRezo\db
C:\Documents and Settings\Marjorie\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Marjorie\Application Data\EoRezo\eoStats
C:\Documents and Settings\Marjorie\Application Data\EoRezo\EoTraduction
C:\Documents and Settings\Marjorie\Application Data\EoRezo\EoTraduction\EoTraductionSkin
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\is-9V429.tmp\EoTraduction by EoRezo
C:\Documents and Settings\Marjorie\Cookies\marjorie@eorezo[2].txt

+--------------------| Infected Poker Softwares Elements Found:

.
C:\Documents and Settings\Marjorie\Cookies\marjorie@partypoker[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

.

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.18 ----

ProfilePath: jx61hblp.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://fr.yahoo.com/

+-[HKEY_USERS\S-1-5-21-1960408961-308236825-725345543-1004\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://fr.yahoo.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://fr.yahoo.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://fr.yahoo.com

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~6280 Bytes] - "C:\Ad-Report-Scan-14.02.2009.log"
[~6196 Bytes] - "C:\Ad-Report-Scan-15.02.2009.log"
-

End at: 11:16:20 | 15/02/2009
.
+--------------------| E.O.F - 134 Lines
.
0
Réponse 9 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
15 févr. 2009 à 11:28
Voici le rapport pour Tooblar, j'attends tes prochaines instructions! :-)


-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.00GHz )
BIOS : BIOS Date: 07/22/05 10:31:27 Ver: 08.00.10
USER : Marjorie ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1201 [VPS 080630-1] 4.8.1201 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:5 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/02/2009|11:22 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\WINDOWS\Prefetch\DEALIO DESKBAR.EXE-0CAD5C64.pf
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@dealio[1].txt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@hotbar[2].txt
Supprime! - C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@h.starware[1].txt
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@try.starware[2].txt
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar\ErrorLog.txt
Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\VMNToolbar\COMBOSEARCH.acs
Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\VMNToolbar\New York_NY_weather.txt
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@hosted.zango[1].txt
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@www.zango[2].txt
Supprime! - C:\DOCUME~1\Marjorie\Cookies\marjorie@7search[1].txt
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\DOCUME~1\Marjorie\LOCALS~1\Temp\ns61.tmp
Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\VMNToolbar
Supprime! - C:\DOCUME~1\Marjorie\APPLIC~1\VMNToolbar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Invit‚) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Marjorie) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Marjorie) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Marjorie) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Marjorie) - {B13721C7-F507-4982-B2E5-502A71474FED} => skype_ff_toolbar_win


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://fr.yahoo.com/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Marjorie\Cookies\marjorie@cuntcrack[2].txt
C:\DOCUME~1\Marjorie\Mes documents\Madonna_Hung_Up_On_Crack.avi
C:\DOCUME~1\Marjorie\Mes documents\Thierry Le Luron\Captures\Nouveau dossier\Madonna_Hung_Up_On_Crack.mp3



1 - "C:\ToolBar SD\TB_1.txt" - 14/02/2009|18:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/02/2009|11:26 - Option : [2]

-----------\\ Fin du rapport a 11:26:18,25

0
Réponse 10 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 févr. 2009 à 07:15
La suppression avec AD-Remover n'a pas fonctionné, le rapport de recherche que tu postes là montre encore la présence de tous les programmes néfastes détectés la première fois...


Peux-tu réessayer le nettoyage (option B) ?
N'oublie pas de fermer tous tes programmes avant de le lancer, et tu peux aussi éventuellement désactiver ton antivirus.

0
Réponse 11 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
16 févr. 2009 à 09:10
Bonjour, voici le rapport, je viens de le refaire:


------- LOGFILE OF AD-REMOVER 1.1.1.2 | ONLY XP/VISTA -------

Updated by C_XX on 14/02/2009 at 13:40

Start at: 9:04:35 | Lun 16/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: MARJORIE-FA81EE
Current User: Marjorie - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 54

+--------------------| Boonty/Boonty Games Elements Found:

Service: Boonty Games
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\Software\Classes\boontybox
HKLM\Software\Classes\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl
HKLM\Software\Classes\PandoraBoxCtrl.PandoraBoxCtrl.1
HKLM\Software\Classes\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKLM\System\ControlSet001\Services\Boonty Games
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\CurrentControlSet\Services\Boonty Games
HKLM\System\ControlSet003\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\Boonty\BoontyBox
C:\Program Files\Boonty\Components
C:\Program Files\Boonty\BoontyBox\CsaFiles
C:\Program Files\Boonty\BoontyBox\Data
C:\Program Files\Boonty\BoontyBox\Html
C:\Program Files\Boonty\BoontyBox\Languages
C:\Program Files\Boonty\BoontyBox\Medias
C:\Program Files\Boonty\BoontyBox\Skins
C:\Program Files\Boonty\BoontyBox\Temp
C:\Program Files\Boonty\BoontyBox\CsaFiles\NewShell
C:\Program Files\Boonty\BoontyBox\CsaFiles\OldShell
C:\Program Files\Boonty\BoontyBox\Skins\Classic
C:\Program Files\Boonty\BoontyBox\Skins\Dark
C:\Program Files\Boonty\BoontyBox\Skins\Silver
C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\tdm.log
C:\Documents and Settings\Marjorie\Cookies\marjorie@boonty.122.2o7[1].txt

+--------------------| Eorezo Elements Found:

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eotraduction
.
C:\Program Files\EoRezo
C:\Program Files\EoRezo\EoAdv
C:\Documents and Settings\Marjorie\Application Data\EoRezo
C:\Documents and Settings\Marjorie\Application Data\EoRezo\db
C:\Documents and Settings\Marjorie\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Marjorie\Application Data\EoRezo\eoStats
C:\Documents and Settings\Marjorie\Application Data\EoRezo\EoTraduction
C:\Documents and Settings\Marjorie\Application Data\EoRezo\EoTraduction\EoTraductionSkin
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\is-9V429.tmp\EoTraduction by EoRezo
C:\Documents and Settings\Marjorie\Cookies\marjorie@eorezo[2].txt

+--------------------| Infected Poker Softwares Elements Found:

.
C:\Documents and Settings\Marjorie\Cookies\marjorie@partypoker[2].txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

.

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 2.0.0.18 ----

ProfilePath: jx61hblp.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://fr.yahoo.com/

+-[HKEY_USERS\S-1-5-21-1960408961-308236825-725345543-1004\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.google.com/ie
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://fr.yahoo.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://fr.yahoo.com
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~6280 Bytes] - "C:\Ad-Report-Scan-14.02.2009.log"
[~6332 Bytes] - "C:\Ad-Report-Scan-15.02.2009.log"
[~6038 Bytes] - "C:\Ad-Report-Scan-16.02.2009.log"
-

End at: 9:06:10 | 16/02/2009
.
+--------------------| E.O.F - 130 Lines
.

Pour ce qui est de l'antivirus, j'ai avast. En fait.... je ne sais pas le désactiver :-( Oui, je suis nulle!
Quant à l'autre, inutile de le désactiver il marche pas, alors! :( ... Bon, ce n'est pas grave
puisque tu m'aide :-) J'attends la suite... Bonne journée!
0
Réponse 12 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 févr. 2009 à 21:31
Re,


Là tu as fait une recherche (option A) avec AD-Remover, c'est une suppression (option B) que tu dois faire, comme indiqué ici : http://www.commentcamarche.net/forum/affich 11042626 system security?#6


Pour désactiver Avast : fais un clic-droit sur l'icone près de l'horloge et clique sur « Arrêter la protection résidente »

0
Réponse 13 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
17 févr. 2009 à 01:43
Ah oui, désolée... Voici le rapport après nettoyage:



------- LOGFILE OF AD-REMOVER 1.1.1.2 | ONLY XP/VISTA -------

Updated by C_XX on 14/02/2009 at 13:40

*** LIMITED TO ***

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
Sweetim

******************

Start at: 1:14:02 | Mar 17/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: MARJORIE-FA81EE
Current User: Marjorie - Administrator
Drive(s):
- C:\ (File System: NTFS)
- D:\ (File System: CDFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 54

(!) ---- IE start pages/Tabs reset

+--------------------| Boonty/Boonty Games Elements Deleted :

Service: "Boonty Games"
.
HKCR\boontybox
HKCR\CLSID\{aa760512-9bd8-4b1b-9e7a-dd9bbe3cf119}
HKCR\PandoraBoxCtrl.PandoraBoxCtrl
HKCR\PandoraBoxCtrl.PandoraBoxCtrl.1
HKCR\Typelib\{BB8AC401-701B-4ED1-96BB-B84A0FCF5874}
HKCU\Software\Boonty
HKLM\Software\Boonty
HKLM\System\ControlSet002\Services\Boonty Games
HKLM\System\ControlSet003\Services\Boonty Games
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C23587D9-1415-4042-9B3D-43118A4334C7}_is1
.
C:\WINDOWS\System32\PandoraCtrl.dll
C:\WINDOWS\System32\PandoraCtrl2.dll
C:\Program Files\Boonty
C:\Program Files\BoontyGames
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\All Users\Menudm~1\Progra~1\BoontyGames
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\tdm.log
C:\Documents and Settings\Marjorie\Cookies\marjorie@boonty.122.2o7[1].txt

+--------------------| Eorezo Elements Deleted :

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eotraduction
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Program Files\EoRezo
C:\Documents and Settings\Marjorie\Application Data\EoRezo
C:\DOCUME~1\Marjorie\LOCALS~1\Temp\is-9V429.tmp\EoTraduction by EoRezo
C:\Documents and Settings\Marjorie\Cookies\marjorie@eorezo[2].txt

+--------------------| Infected Poker Softwares Elements Deleted :

.
C:\Documents and Settings\Marjorie\Cookies\marjorie@partypoker[2].txt

+--------------------| Sweetim Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :

---- Mozilla FireFox Version 2.0.0.18 ----

ProfilePath: jx61hblp.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p="
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1960408961-308236825-725345543-1004\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~4568 Bytes] - "C:\Ad-Report-Clean-17.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\17.02.2009 - Prefs.js

End at: 1:21:19 | 17/02/2009
.
+--------------------| E.O.F - 101 Lines
.

Pour ce qui est de l'anti virus, je l'ai cherché dans la barre des taches, je l'ai même pas trouvé, alors...
c'est dire comme il se surpasse pour la protection de mon ordi! X'D
J'attends de te lire à nouveau.
0
Réponse 14 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
17 févr. 2009 à 04:12
Pour AD-Remover, c'est bon ;)
Mais il y a encore pas mal de choses à supprimer...



Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

• Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
• Puis redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : Redémarre ton ordinateur, puis tapote sur la touche F8 (F5 sur certains PC) juste avant l’apparition du logo Windows. Un menu va apparaître, tu devra choisir de démarrer en mode sans échec. Ouvre ensuite ta session habituelle (si nécessaire) et ne t'inquiète pas si les couleurs et la taille des icônes changent par rapport à d'habitude.

• Puis, ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script et laisse toi guider.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Le rapport SDFix s'ouvrira alors à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.



Ensuite :

• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes

• Poste le rapport de scan après la suppression ici




• Enfin, poste un nouveau rapport RSIT entier dans un message à part stp




0
Réponse 15 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
17 févr. 2009 à 18:15
Voici pour le rapport SDFX:


[b]SDFix: Version 1.240 [/b]
Run by Marjorie on 17/02/2009 at 14:37

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\msxml71.dll - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 14:48:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"="C:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe:*:Disabled:msn"
"C:\\Program Files\\Freeciv-2.1.5-gtk2\\civserver.exe"="C:\\Program Files\\Freeciv-2.1.5-gtk2\\civserver.exe:*:Enabled:civserver"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 18 Feb 2004 61,440 ...H. --- "C:\Program Files\MSN\msnupdate!@#@.exe"
Wed 21 Jan 2004 292,864 ...H. --- "C:\Program Files\MSN\txsrvc.dll"
Wed 21 Jan 2004 302,080 ...H. --- "C:\Program Files\MSN\unicows.dll"
Mon 20 Aug 2007 88 ..SHR --- "C:\WINDOWS\system32\A644747463.sys"
Mon 20 Aug 2007 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 11 Aug 2007 817,664 ...H. --- "C:\WINDOWS\system32\wodfamoh.dll"
Tue 31 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 30 Jan 2009 9,934,392 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Wed 28 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 4 Mar 2006 4,348 A..H. --- "C:\Documents and Settings\Marjorie\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Tue 2 May 2006 20 A..H. --- "C:\Documents and Settings\Marjorie\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 5 Mar 2006 488 A.SH. --- "C:\Documents and Settings\Marjorie\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sat 4 Mar 2006 4,348 A..H. --- "C:\Documents and Settings\Marjorie\Mes documents\Mes images\Mes s‚lections\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 17 Apr 2006 20 A..H. --- "C:\Documents and Settings\Marjorie\Mes documents\Mes images\Mes s‚lections\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 5 Mar 2006 488 A.SH. --- "C:\Documents and Settings\Marjorie\Mes documents\Mes images\Mes s‚lections\Ma musique\Sauvegarde de la licence\drmv2key.bak"

[b]Finished![/b]


Voici pour le rapport Anti-Malware:


Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1769
Windows 5.1.2600 Service Pack 3

17/02/2009 18:13:08
mbam-log-2009-02-17 (18-13-08).txt

Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 208013
Temps écoulé: 1 hour(s), 6 minute(s), 1 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
C:\WINDOWS\system32\2DHG7c33.exe (Trojan.Obvod) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1767467305 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systeminit.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\2DHG7c33.exe (Trojan.Obvod) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1960183940\1767467305.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marjorie\Bureau\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2DHG7c33.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 16 / 28
Mijanou05 Messages postés 17 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 28 mai 2009
17 févr. 2009 à 18:18
Et voici un nouveau rapport RSIT:


Logfile of random's system information tool 1.05 (written by random/random)
Run by Marjorie at 2009-02-17 18:16:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 6 GB (7%) free of 78 GB
Total RAM: 503 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:17, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Marjorie\Bureau\RSIT.exe
C:\Program Files\trend micro\Marjorie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 17 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 févr. 2009 à 01:30
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.


On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

Dans ton cas, il s'agit d'Avast (fais un clic-droit sur l'icone près de l'horloge et clique sur « Arrêter la protection résidente »)

==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------


Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp


0
Réponse 18 / 28
mijanou05
19 févr. 2009 à 18:54
Eh bien, concernant Avast, il se trouve qu'il est perimé et que l'on me demande de racheté une clé de licence, ce n'est pas encore fait! J'ai donc dans la barre de tâche une croix rouge et lorsque je clique dessus, il m'apparaît cette fenêtre:

http://img15.imageshack.us/img15/741/antiviruspk3.jpg


Voilà, je préfère t'en parler, et j'espère que je ne te donne pas trop de fil à retordre ...
Je préfère attendre ta réponse avant de continuer quoi que ce soit.
0
Réponse 19 / 28
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
20 févr. 2009 à 06:46
Tu utilises la version payante d'Avast ?

Dans tous les cas, cet antivirus est médiocre, j'avais l'intention de te demander d'en changer (mais il vaut mieux attendre la fin de la désinfection pour ça)


Quoi qu'il arrive, tu peux le désactiver le temps d'utiliser Combofix, et on verra après comment le remplacer si tu es d'accord.


0
Réponse 20 / 28
mijanou05
20 févr. 2009 à 12:39
Oui, je suis tout-à-fait d'accord, cet a0nti-virus ne vaut rien, je l'ai carrément supprimé de l'ordi! :) Voilà, comme ça c'est fait! Ah oui, voici le rapport de C-fix. J'attends de te lire à nouveau.


ComboFix 09-02-19.01 - Marjorie 2009-02-20 12:24:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.503.190 [GMT 1:00]
Lancé depuis: c:\documents and settings\Marjorie\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marjorie\Application Data\inst.exe
c:\documents and settings\Marjorie\Menu Démarrer\Programmes\System Security
c:\documents and settings\Marjorie\Menu Démarrer\Programmes\System Security\System Security.lnk

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-20 au 2009-02-20 ))))))))))))))))))))))))))))))))))))
.

2009-02-17 17:00 . 2009-02-17 17:00 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-17 17:00 . 2009-02-17 17:00 <REP> d-------- c:\documents and settings\Marjorie\Application Data\Malwarebytes
2009-02-17 17:00 . 2009-02-17 17:00 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-17 17:00 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-17 17:00 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-17 14:36 . 2009-02-17 14:36 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-17 14:32 . 2009-02-17 14:32 <REP> d-------- c:\windows\ERUNT
2009-02-17 13:51 . 2009-02-17 14:53 <REP> d-------- C:\SDFix
2009-02-17 13:36 . 2009-02-17 13:36 <REP> d-------- c:\program files\MessenPass
2009-02-17 13:36 . 2009-02-17 13:36 39,424 --a------ c:\windows\zipinst.exe
2009-02-17 01:22 . 2009-02-17 01:22 244 --ah----- C:\sqmnoopt05.sqm
2009-02-17 01:22 . 2009-02-17 01:22 232 --ah----- C:\sqmdata05.sqm
2009-02-17 01:14 . 2009-02-17 01:14 244 --ah----- C:\sqmnoopt04.sqm
2009-02-17 01:14 . 2009-02-17 01:14 232 --ah----- C:\sqmdata04.sqm
2009-02-16 09:16 . 2009-02-16 09:16 244 --ah----- C:\sqmnoopt03.sqm
2009-02-16 09:16 . 2009-02-16 09:16 232 --ah----- C:\sqmdata03.sqm
2009-02-14 19:09 . 2009-02-14 19:09 244 --ah----- C:\sqmnoopt02.sqm
2009-02-14 19:09 . 2009-02-14 19:09 232 --ah----- C:\sqmdata02.sqm
2009-02-14 18:17 . 2009-02-17 01:07 <REP> d-------- C:\ToolBar SD
2009-02-14 18:08 . 2009-02-17 01:12 <REP> d-------- c:\program files\Ad-remover
2009-02-14 17:57 . 2009-02-14 17:58 <REP> d-------- C:\rsit
2009-02-14 17:57 . 2009-02-17 18:16 <REP> d-------- c:\program files\trend micro
2009-02-13 23:52 . 2009-02-13 23:52 244 --ah----- C:\sqmnoopt01.sqm
2009-02-13 23:52 . 2009-02-13 23:52 244 --ah----- C:\sqmnoopt00.sqm
2009-02-13 23:52 . 2009-02-13 23:52 232 --ah----- C:\sqmdata01.sqm
2009-02-13 23:52 . 2009-02-13 23:52 232 --ah----- C:\sqmdata00.sqm
2009-02-12 00:39 . 2009-02-12 00:39 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Search Settings
2009-02-12 00:39 . 2009-02-12 00:39 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\Dealio
2009-02-12 00:39 . 2009-02-12 00:39 <REP> dr------- c:\documents and settings\NetworkService\Favoris
2009-02-12 00:03 . 2009-02-17 18:13 <REP> d-------- c:\documents and settings\All Users\Application Data\1960183940
2009-02-12 00:03 . 2009-02-12 00:03 0 --a------ c:\documents and settings\All Users\Application Data\123478687123.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 11:17 --------- d-----w c:\documents and settings\Marjorie\Application Data\MSN6
2009-02-16 00:42 --------- d-----w c:\program files\eMule
2009-02-13 22:52 --------- d-----w c:\program files\Messenger Plus! Live
2009-02-13 20:52 --------- d-----w c:\program files\Google
2009-02-11 23:39 --------- d-----w c:\program files\MSN Messenger
2009-01-18 21:45 3,532 ----a-w C:\drmHeader.bin
2008-12-26 12:11 61,224 ----a-w c:\documents and settings\Marjorie\GoToAssistDownloadHelper.exe
2008-12-26 12:11 --------- d-----w c:\program files\Citrix
2008-08-31 22:12 0 ----a-w c:\program files\temp01
2007-07-30 17:13 47,360 ----a-w c:\documents and settings\Marjorie\Application Data\pcouffin.sys
2007-03-17 00:41 87,608 ----a-w c:\documents and settings\Marjorie\Application Data\ezpinst.exe
2007-02-24 14:55 94,080 ----a-w c:\documents and settings\Marjorie\Application Data\ezplay.sys
2004-10-01 14:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2009-02-17 00:33 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-02-17 00:33 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-02-17 00:33 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-02-17 00:33 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-02-17 00:33 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2007-08-20 22:25 88 --sh--r c:\windows\system32\A644747463.sys
2007-08-20 22:25 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-26 22:39 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008092720080928\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AAWTray"="c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 88024]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\Marjorie\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2008-09-23 4708864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Google Updater.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Marjorie^Menu Démarrer^Programmes^Démarrage^BoontyBox 01net.lnk]
path=c:\documents and settings\Marjorie\Menu Démarrer\Programmes\Démarrage\BoontyBox 01net.lnk
backup=c:\windows\pss\BoontyBox 01net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]
--a------ 2007-08-08 14:53 88024 c:\program files\Lavasoft\Ad-Aware 2007\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX5000 Series]
--a------ 2006-02-14 05:00 131072 c:\windows\system32\spool\drivers\w32x86\3\E_FATIBVE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2006-10-06 12:13 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2006-10-06 12:11 98304 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 13:42 267064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-07-08 04:48 50688 c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-10-06 12:10 94208 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:24 286720 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 20:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 17:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn.exe"=
"c:\\Program Files\\Freeciv-2.1.5-gtk2\\civserver.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9186:TCP"= 9186:TCP:BitComet 9186 TCP
"9186:UDP"= 9186:UDP:BitComet 9186 UDP

R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-10-18 16896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Start.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

2009-02-17 c:\windows\Tasks\At1.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-16 c:\windows\Tasks\At10.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At11.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-13 c:\windows\Tasks\At12.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-15 c:\windows\Tasks\At13.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-15 c:\windows\Tasks\At14.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-17 c:\windows\Tasks\At15.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-17 c:\windows\Tasks\At16.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-15 c:\windows\Tasks\At17.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-17 c:\windows\Tasks\At18.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-19 c:\windows\Tasks\At19.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-18 c:\windows\Tasks\At2.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-19 c:\windows\Tasks\At20.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-18 c:\windows\Tasks\At21.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-15 c:\windows\Tasks\At22.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-19 c:\windows\Tasks\At23.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-19 c:\windows\Tasks\At24.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-18 c:\windows\Tasks\At3.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At4.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At5.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At6.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At7.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At8.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-11 c:\windows\Tasks\At9.job
- c:\windows\system32\2DHG7c33.exe []

2009-02-20 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\documents and settings\Marjorie\Application Data\Mozilla\Firefox\Profiles\jx61hblp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-divx&p=
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 12:28:53
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\docume~1\Marjorie\LOCALS~1\Temp\~DF9504.tmp 16384 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,0f,1e,31,37,a1,
6a,73,41,e2,63,26,f1,3f,c8,ff,68,c3,3a,27,47,36,1a,8d,13,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,83,74,a9,ca,30,
46,6e,88,6a,9c,d6,61,af,45,84,18,a2,10,96,45,88,5c,08,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1b,df,3f,7c,82,
d2,43,11,ff,7c,85,e0,43,d4,0e,fe,b7,0f,82,76,57,47,a3,96,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,70,46,c7,44,f8,
c6,75,18,86,8c,21,01,be,91,eb,e7,79,c5,fb,27,3d,63,16,e1,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,92,8f,79,a0,12,
68,ce,b2,f5,1d,4d,73,a8,13,5c,05,a5,4b,a0,71,04,2d,7b,1a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,b7,2e,3d,9b,f6,
34,b5,37,df,20,58,62,78,6b,cf,c8,e3,0c,ef,6b,cc,da,35,55,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,f4,68,70,5b,68,
f0,62,85,fb,a7,78,e6,12,2f,9a,ea,07,c2,55,4a,74,07,26,0b,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,0a,44,85,69,
99,e4,7e,01,3a,48,fc,e8,04,4a,f1,ca,2a,cc,1a,4c,05,af,08,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,ba,5c,29,8f,3e,
6f,7d,0d,f6,0f,4e,58,98,5b,89,c9,9f,3f,9b,5f,ab,4f,f9,1d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b6,09,5d,ba,de,
30,97,32,3d,ce,ea,26,2d,45,aa,78,e7,ea,21,ac,d1,04,08,52,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,2e,1c,2c,79,ff,
4d,ca,b6,2a,b7,cc,b5,b9,7f,41,e7,5c,a9,cc,62,3d,59,9f,e7,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,f3,92,36,a7,16,
62,ba,4e,6c,43,2d,1e,aa,22,2f,9c,d0,02,20,2a,01,6f,05,be,6c,43,2d,1e,aa,22,\
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Heure de fin: 2009-02-20 12:32:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-20 11:32:23

Avant-CF: 6 211 592 192 octets libres
Après-CF: 6,428,372,992 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

332 --- E O F --- 2009-02-11 06:19:19
0

Discussions similaires

Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse