security alert

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nickW » 18 Aoû 2010, 00:21

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 8: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 9: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 10: Désactivation des programmes de sécurité résidents
Comme le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 11: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 12: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 13: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 14: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede letmoi » 19 Aoû 2010, 19:10

Bonjour,


J'ai un petit soucis lors de l'exécution de OTL à l'étape 4 j'avais bien le fichier fix.txt enregistré mais après l'exécution de l'étape 9 celui-ci et non trouvé.

J'ai parcouru l'intégralité du disque pour sa recherche sans succès.

Nota il y a eu redémarrage du PC à l'étape 7.

Dois-je refaire l'opération de l'étape 4 où tout reprendre en vérifiant que celui-ci est bien présent et faire une sauvegarde au cas où?

Merci
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

Messagede nickW » 20 Aoû 2010, 08:30

Bonjour,

Il faut exécuter OTL avec les paramètres contenus dans le fichier fix.txt


Donc tu dois:

1/ Recommencer l'Étape 4: OTL (de OldTimer), préparation de la correction
Afin de retrouver aisément le fichier fix.txt tu peux l'enregistrer sur le Bureau.

2/ Reprendre le nettoyage à partir de l'Étape 8: Pas de processus de contrôle en temps réel

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede letmoi » 20 Aoû 2010, 09:43

Ci-dessous rapport de rkill

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Error: No service named SSHNAS was found to stop!
Service\Driver key SSHNAS not found.
File C:\WINDOWS\System32\sshnas21.dll not found.
HKU\S-1-5-21-2025429265-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2025429265-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2025429265-115176313-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ZE18MW23GY not found.
SSHNAS removed from NetSvcs value successfully!
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2025429265-115176313-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2025429265-115176313-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Compare Prices with &Dealio\ deleted successfully.
C:\Program Files\Dealio\kb106\res\DealioSearch.html moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E908B145-C847-4e85-B315-07E2E70DECF8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E908B145-C847-4e85-B315-07E2E70DECF8}\ not found.
========== FILES ==========
C:\Program Files\AskBarDis\PopSwatter\History folder moved successfully.
C:\Program Files\AskBarDis\PopSwatter folder moved successfully.
C:\Program Files\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files\AskBarDis\bar\History folder moved successfully.
C:\Program Files\AskBarDis\bar\Cache folder moved successfully.
C:\Program Files\AskBarDis\bar\bin folder moved successfully.
C:\Program Files\AskBarDis\bar folder moved successfully.
C:\Program Files\AskBarDis folder moved successfully.
File\Folder C:\WINDOWS\System32\sshnas21.dll_old not found.
C:\Documents and Settings\Jessica\Application Data\6F867F2947D0670FEB7D6FF995F8CB8A folder moved successfully.
File\Folder C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
C:\Documents and Settings\Jessica\Application Data\Dealio folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jessica
->Temp folder emptied: 433292048 bytes
->Temporary Internet Files folder emptied: 6107742 bytes
->Java cache emptied: 34669949 bytes
->FireFox cache emptied: 94846750 bytes
->Flash cache emptied: 2519093 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 423 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Papa
->Temp folder emptied: 360073 bytes
->Temporary Internet Files folder emptied: 4080056 bytes
->Java cache emptied: 29895 bytes
->FireFox cache emptied: 28923640 bytes
->Flash cache emptied: 7074 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119633 bytes
%systemroot%\System32 .tmp files removed: 1747968 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 754 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64757000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 642,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08202010_101202

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Jessica\Local Settings\Temp\Temporary Internet Files\Content.IE5\UKQFKFCD\%7Bmod_stats,mod_mssvt,mod_actbr,mod_appiw,mod_lt_j,mod_adf,mod_act,mod_act_s,mod_drag,mod_ctrapp,mod_exdom,mod_czi,mod_tczi,mod_iczi,mod_czh,mod_kbrd,mod_scrwh,mod_tfcapp[1].js not found!
File\Folder C:\Documents and Settings\Jessica\Local Settings\Temp\Temporary Internet Files\Content.IE5\66XWFX3G\%7Bmod_mssvt,mod_actbr,mod_appiw,mod_lt_j,mod_act,mod_act_s,mod_drag,mod_ctrapp,mod_exdom,mod_czi,mod_tczi,mod_iczi,mod_czh,mod_kbrd,mod_scrwh,mod_tfcapp,mod_lyrs,mod_lyct[1].js not found!

Registry entries deleted on Reboot...
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

Messagede letmoi » 20 Aoû 2010, 09:46

rapport de Rkill

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Jessica on 24/06/2010 at 16:19:48.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Jessica\Bureau\rkill.scr


Rkill completed on 24/06/2010 at 16:19:52.
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

Messagede letmoi » 20 Aoû 2010, 09:57

Je n'ai pas d'application data\malwarebytes dans document and settings par contre j'ai trouvé une log qui correspond à ce nom sauf que la date est au 22 6 2010 car ma montre n'était pas à jour je l'ai remise à jour hier soir mais je ne sais plus à quelle heure désolé.

Je ne sais pas donc si c'est une ancien fichier.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4432

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

22/06/2010 11:00:36
mbam-log-2010-06-22 (11-00-36).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 143147
Temps écoulé: 9 minute(s), 49 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\sshnas21.dll_old (Trojan.Agent.Gen) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

Messagede letmoi » 20 Aoû 2010, 09:59

ci-dessous rapport de toolbar


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.40GHz )
BIOS : Award Modular BIOS v6.00PG
USER : Jessica ( Administrator )
BOOT : Normal boot
Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:76 Go (Free:7 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 20/08/2010|10:23 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Dealio
C:\Program Files\Dealio\kb106
C:\Program Files\Dealio\kb106\res
C:\Program Files\Dealio\kb106\rules
C:\Program Files\Dealio\kb106\temp
C:\Program Files\Dealio\kb106\res\asm_alert.html
C:\Program Files\Dealio\kb106\res\asm_alert.js
C:\Program Files\Dealio\kb106\res\as_alert.html
C:\Program Files\Dealio\kb106\res\as_alert.js
C:\Program Files\Dealio\kb106\res\as_sidebar.html
C:\Program Files\Dealio\kb106\res\blank.gif
C:\Program Files\Dealio\kb106\res\button_find-similar.gif
C:\Program Files\Dealio\kb106\res\button_find-similar_off.gif
C:\Program Files\Dealio\kb106\res\button_view-item.gif
C:\Program Files\Dealio\kb106\res\button_view-item_off.gif
C:\Program Files\Dealio\kb106\res\buyitnow.gif
C:\Program Files\Dealio\kb106\res\carts.jpg
C:\Program Files\Dealio\kb106\res\carts340.jpg
C:\Program Files\Dealio\kb106\res\corner_bl.gif
C:\Program Files\Dealio\kb106\res\corner_br.gif
C:\Program Files\Dealio\kb106\res\corner_ul.gif
C:\Program Files\Dealio\kb106\res\corner_ur.gif
C:\Program Files\Dealio\kb106\res\deals-endcap.gif
C:\Program Files\Dealio\kb106\res\deals-leftcap.gif
C:\Program Files\Dealio\kb106\res\deal_report.jpg
C:\Program Files\Dealio\kb106\res\ebaylogo.gif
C:\Program Files\Dealio\kb106\res\ebay_bar.gif
C:\Program Files\Dealio\kb106\res\ebay_login.jpg
C:\Program Files\Dealio\kb106\res\eBay_m_alert.html
C:\Program Files\Dealio\kb106\res\eBay_m_alert.js
C:\Program Files\Dealio\kb106\res\eBay_s_alert.html
C:\Program Files\Dealio\kb106\res\eBay_s_alert.js
C:\Program Files\Dealio\kb106\res\endcap.png
C:\Program Files\Dealio\kb106\res\error_404.html
C:\Program Files\Dealio\kb106\res\error_502.html
C:\Program Files\Dealio\kb106\res\err_mainwindow.html
C:\Program Files\Dealio\kb106\res\err_sidebar.html
C:\Program Files\Dealio\kb106\res\err_toolbar.html
C:\Program Files\Dealio\kb106\res\global_scripts.js
C:\Program Files\Dealio\kb106\res\green_button_bg.gif
C:\Program Files\Dealio\kb106\res\green_button_flat.gif
C:\Program Files\Dealio\kb106\res\green_button_raised.gif
C:\Program Files\Dealio\kb106\res\green_button_raised_bg.gif
C:\Program Files\Dealio\kb106\res\header.gif
C:\Program Files\Dealio\kb106\res\header340.gif
C:\Program Files\Dealio\kb106\res\headerbgthin.jpg
C:\Program Files\Dealio\kb106\res\headerbgthin_highlight.gif
C:\Program Files\Dealio\kb106\res\image-frame_large.gif
C:\Program Files\Dealio\kb106\res\image-frame_small.gif
C:\Program Files\Dealio\kb106\res\logo.png
C:\Program Files\Dealio\kb106\res\logo_over.png
C:\Program Files\Dealio\kb106\res\man_sidebar.html
C:\Program Files\Dealio\kb106\res\man_toolbar.html
C:\Program Files\Dealio\kb106\res\man_toolbar.js
C:\Program Files\Dealio\kb106\res\no-image_125.gif
C:\Program Files\Dealio\kb106\res\no-image_large.gif
C:\Program Files\Dealio\kb106\res\no-image_small.gif
C:\Program Files\Dealio\kb106\res\pill_bg.gif
C:\Program Files\Dealio\kb106\res\post-this-deal.gif
C:\Program Files\Dealio\kb106\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb106\res\ps.png
C:\Program Files\Dealio\kb106\res\ps_over.png
C:\Program Files\Dealio\kb106\res\scripts.js
C:\Program Files\Dealio\kb106\res\scroller.js
C:\Program Files\Dealio\kb106\res\search-ebay.gif
C:\Program Files\Dealio\kb106\res\search-google-hover.gif
C:\Program Files\Dealio\kb106\res\search-google.gif
C:\Program Files\Dealio\kb106\res\search_bg_blink.gif
C:\Program Files\Dealio\kb106\res\separator.gif
C:\Program Files\Dealio\kb106\res\settings.gif
C:\Program Files\Dealio\kb106\res\settings_over.gif
C:\Program Files\Dealio\kb106\res\sidebar.html
C:\Program Files\Dealio\kb106\res\steals_bg.gif
C:\Program Files\Dealio\kb106\res\tab_dotd_hover.gif
C:\Program Files\Dealio\kb106\res\toast.css
C:\Program Files\Dealio\kb106\res\toast_ybp1.css
C:\Program Files\Dealio\kb106\res\toolbar_background.gif
C:\Program Files\Dealio\kb106\res\tri_header_small.gif
C:\Program Files\Dealio\kb106\res\xbutton.gif
C:\Program Files\Dealio\kb106\res\xbutton_over.gif
C:\Program Files\Dealio\kb106\rules\index.81.40
C:\Program Files\Dealio\kb106\rules\rules.1.10.76
C:\Program Files\Dealio\kb106\rules\rules.1.109.43
C:\Program Files\Dealio\kb106\rules\rules.1.110.43
C:\Program Files\Dealio\kb106\rules\rules.1.12.52
C:\Program Files\Dealio\kb106\rules\rules.1.13.58
C:\Program Files\Dealio\kb106\rules\rules.1.130.58
C:\Program Files\Dealio\kb106\rules\rules.1.135.50
C:\Program Files\Dealio\kb106\rules\rules.1.153.44
C:\Program Files\Dealio\kb106\rules\rules.1.155.43
C:\Program Files\Dealio\kb106\rules\rules.1.156.49
C:\Program Files\Dealio\kb106\rules\rules.1.16.60
C:\Program Files\Dealio\kb106\rules\rules.1.161.52
C:\Program Files\Dealio\kb106\rules\rules.1.178.66
C:\Program Files\Dealio\kb106\rules\rules.1.184.55
C:\Program Files\Dealio\kb106\rules\rules.1.188.52
C:\Program Files\Dealio\kb106\rules\rules.1.189.45
C:\Program Files\Dealio\kb106\rules\rules.1.196.43
C:\Program Files\Dealio\kb106\rules\rules.1.198.56
C:\Program Files\Dealio\kb106\rules\rules.1.199.43
C:\Program Files\Dealio\kb106\rules\rules.1.200.53
C:\Program Files\Dealio\kb106\rules\rules.1.201.43
C:\Program Files\Dealio\kb106\rules\rules.1.202.43
C:\Program Files\Dealio\kb106\rules\rules.1.203.71
C:\Program Files\Dealio\kb106\rules\rules.1.205.62
C:\Program Files\Dealio\kb106\rules\rules.1.213.71
C:\Program Files\Dealio\kb106\rules\rules.1.214.49
C:\Program Files\Dealio\kb106\rules\rules.1.215.43
C:\Program Files\Dealio\kb106\rules\rules.1.216.67
C:\Program Files\Dealio\kb106\rules\rules.1.217.67
C:\Program Files\Dealio\kb106\rules\rules.1.218.52
C:\Program Files\Dealio\kb106\rules\rules.1.219.43
C:\Program Files\Dealio\kb106\rules\rules.1.220.43
C:\Program Files\Dealio\kb106\rules\rules.1.221.57
C:\Program Files\Dealio\kb106\rules\rules.1.222.43
C:\Program Files\Dealio\kb106\rules\rules.1.223.68
C:\Program Files\Dealio\kb106\rules\rules.1.226.68
C:\Program Files\Dealio\kb106\rules\rules.1.227.43
C:\Program Files\Dealio\kb106\rules\rules.1.228.62
C:\Program Files\Dealio\kb106\rules\rules.1.229.76
C:\Program Files\Dealio\kb106\rules\rules.1.23.63
C:\Program Files\Dealio\kb106\rules\rules.1.239.43
C:\Program Files\Dealio\kb106\rules\rules.1.24.43
C:\Program Files\Dealio\kb106\rules\rules.1.240.43
C:\Program Files\Dealio\kb106\rules\rules.1.241.43
C:\Program Files\Dealio\kb106\rules\rules.1.242.43
C:\Program Files\Dealio\kb106\rules\rules.1.243.77
C:\Program Files\Dealio\kb106\rules\rules.1.244.63
C:\Program Files\Dealio\kb106\rules\rules.1.245.43
C:\Program Files\Dealio\kb106\rules\rules.1.247.43
C:\Program Files\Dealio\kb106\rules\rules.1.248.43
C:\Program Files\Dealio\kb106\rules\rules.1.249.43
C:\Program Files\Dealio\kb106\rules\rules.1.250.43
C:\Program Files\Dealio\kb106\rules\rules.1.251.43
C:\Program Files\Dealio\kb106\rules\rules.1.252.43
C:\Program Files\Dealio\kb106\rules\rules.1.253.43
C:\Program Files\Dealio\kb106\rules\rules.1.254.43
C:\Program Files\Dealio\kb106\rules\rules.1.255.43
C:\Program Files\Dealio\kb106\rules\rules.1.256.43
C:\Program Files\Dealio\kb106\rules\rules.1.257.43
C:\Program Files\Dealio\kb106\rules\rules.1.279.43
C:\Program Files\Dealio\kb106\rules\rules.1.28.58
C:\Program Files\Dealio\kb106\rules\rules.1.282.75
C:\Program Files\Dealio\kb106\rules\rules.1.283.43
C:\Program Files\Dealio\kb106\rules\rules.1.284.43
C:\Program Files\Dealio\kb106\rules\rules.1.289.67
C:\Program Files\Dealio\kb106\rules\rules.1.290.62
C:\Program Files\Dealio\kb106\rules\rules.1.291.61
C:\Program Files\Dealio\kb106\rules\rules.1.296.43
C:\Program Files\Dealio\kb106\rules\rules.1.297.43
C:\Program Files\Dealio\kb106\rules\rules.1.304.43
C:\Program Files\Dealio\kb106\rules\rules.1.307.43
C:\Program Files\Dealio\kb106\rules\rules.1.308.75
C:\Program Files\Dealio\kb106\rules\rules.1.31.47
C:\Program Files\Dealio\kb106\rules\rules.1.310.46
C:\Program Files\Dealio\kb106\rules\rules.1.311.43
C:\Program Files\Dealio\kb106\rules\rules.1.315.43
C:\Program Files\Dealio\kb106\rules\rules.1.316.43
C:\Program Files\Dealio\kb106\rules\rules.1.317.43
C:\Program Files\Dealio\kb106\rules\rules.1.318.43
C:\Program Files\Dealio\kb106\rules\rules.1.319.49
C:\Program Files\Dealio\kb106\rules\rules.1.32.48
C:\Program Files\Dealio\kb106\rules\rules.1.334.44
C:\Program Files\Dealio\kb106\rules\rules.1.335.60
C:\Program Files\Dealio\kb106\rules\rules.1.336.44
C:\Program Files\Dealio\kb106\rules\rules.1.337.44
C:\Program Files\Dealio\kb106\rules\rules.1.338.75
C:\Program Files\Dealio\kb106\rules\rules.1.339.47
C:\Program Files\Dealio\kb106\rules\rules.1.34.43
C:\Program Files\Dealio\kb106\rules\rules.1.340.47
C:\Program Files\Dealio\kb106\rules\rules.1.341.47
C:\Program Files\Dealio\kb106\rules\rules.1.349.50
C:\Program Files\Dealio\kb106\rules\rules.1.35.48
C:\Program Files\Dealio\kb106\rules\rules.1.350.50
C:\Program Files\Dealio\kb106\rules\rules.1.351.51
C:\Program Files\Dealio\kb106\rules\rules.1.352.77
C:\Program Files\Dealio\kb106\rules\rules.1.353.51
C:\Program Files\Dealio\kb106\rules\rules.1.354.51
C:\Program Files\Dealio\kb106\rules\rules.1.357.62
C:\Program Files\Dealio\kb106\rules\rules.1.358.52
C:\Program Files\Dealio\kb106\rules\rules.1.359.52
C:\Program Files\Dealio\kb106\rules\rules.1.360.53
C:\Program Files\Dealio\kb106\rules\rules.1.361.54
C:\Program Files\Dealio\kb106\rules\rules.1.362.68
C:\Program Files\Dealio\kb106\rules\rules.1.363.58
C:\Program Files\Dealio\kb106\rules\rules.1.364.54
C:\Program Files\Dealio\kb106\rules\rules.1.365.53
C:\Program Files\Dealio\kb106\rules\rules.1.367.56
C:\Program Files\Dealio\kb106\rules\rules.1.368.58
C:\Program Files\Dealio\kb106\rules\rules.1.369.55
C:\Program Files\Dealio\kb106\rules\rules.1.370.80
C:\Program Files\Dealio\kb106\rules\rules.1.371.56
C:\Program Files\Dealio\kb106\rules\rules.1.372.57
C:\Program Files\Dealio\kb106\rules\rules.1.373.55
C:\Program Files\Dealio\kb106\rules\rules.1.375.56
C:\Program Files\Dealio\kb106\rules\rules.1.376.57
C:\Program Files\Dealio\kb106\rules\rules.1.377.55
C:\Program Files\Dealio\kb106\rules\rules.1.378.65
C:\Program Files\Dealio\kb106\rules\rules.1.384.58
C:\Program Files\Dealio\kb106\rules\rules.1.386.71
C:\Program Files\Dealio\kb106\rules\rules.1.387.59
C:\Program Files\Dealio\kb106\rules\rules.1.388.59
C:\Program Files\Dealio\kb106\rules\rules.1.389.59
C:\Program Files\Dealio\kb106\rules\rules.1.390.60
C:\Program Files\Dealio\kb106\rules\rules.1.391.78
C:\Program Files\Dealio\kb106\rules\rules.1.392.60
C:\Program Files\Dealio\kb106\rules\rules.1.393.60
C:\Program Files\Dealio\kb106\rules\rules.1.394.60
C:\Program Files\Dealio\kb106\rules\rules.1.396.61
C:\Program Files\Dealio\kb106\rules\rules.1.397.61
C:\Program Files\Dealio\kb106\rules\rules.1.398.60
C:\Program Files\Dealio\kb106\rules\rules.1.399.60
C:\Program Files\Dealio\kb106\rules\rules.1.403.61
C:\Program Files\Dealio\kb106\rules\rules.1.404.63
C:\Program Files\Dealio\kb106\rules\rules.1.405.61
C:\Program Files\Dealio\kb106\rules\rules.1.406.61
C:\Program Files\Dealio\kb106\rules\rules.1.407.76
C:\Program Files\Dealio\kb106\rules\rules.1.408.63
C:\Program Files\Dealio\kb106\rules\rules.1.409.61
C:\Program Files\Dealio\kb106\rules\rules.1.412.62
C:\Program Files\Dealio\kb106\rules\rules.1.413.62
C:\Program Files\Dealio\kb106\rules\rules.1.414.62
C:\Program Files\Dealio\kb106\rules\rules.1.415.62
C:\Program Files\Dealio\kb106\rules\rules.1.416.62
C:\Program Files\Dealio\kb106\rules\rules.1.417.62
C:\Program Files\Dealio\kb106\rules\rules.1.418.62
C:\Program Files\Dealio\kb106\rules\rules.1.419.62
C:\Program Files\Dealio\kb106\rules\rules.1.420.62
C:\Program Files\Dealio\kb106\rules\rules.1.421.62
C:\Program Files\Dealio\kb106\rules\rules.1.423.77
C:\Program Files\Dealio\kb106\rules\rules.1.424.63
C:\Program Files\Dealio\kb106\rules\rules.1.425.63
C:\Program Files\Dealio\kb106\rules\rules.1.426.63
C:\Program Files\Dealio\kb106\rules\rules.1.427.63
C:\Program Files\Dealio\kb106\rules\rules.1.428.65
C:\Program Files\Dealio\kb106\rules\rules.1.429.63
C:\Program Files\Dealio\kb106\rules\rules.1.430.63
C:\Program Files\Dealio\kb106\rules\rules.1.432.65
C:\Program Files\Dealio\kb106\rules\rules.1.433.64
C:\Program Files\Dealio\kb106\rules\rules.1.434.65
C:\Program Files\Dealio\kb106\rules\rules.1.435.64
C:\Program Files\Dealio\kb106\rules\rules.1.436.76
C:\Program Files\Dealio\kb106\rules\rules.1.437.64
C:\Program Files\Dealio\kb106\rules\rules.1.438.71
C:\Program Files\Dealio\kb106\rules\rules.1.439.71
C:\Program Files\Dealio\kb106\rules\rules.1.440.75
C:\Program Files\Dealio\kb106\rules\rules.1.442.73
C:\Program Files\Dealio\kb106\rules\rules.1.443.73
C:\Program Files\Dealio\kb106\rules\rules.1.444.73
C:\Program Files\Dealio\kb106\rules\rules.1.445.68
C:\Program Files\Dealio\kb106\rules\rules.1.446.69
C:\Program Files\Dealio\kb106\rules\rules.1.450.67
C:\Program Files\Dealio\kb106\rules\rules.1.451.67
C:\Program Files\Dealio\kb106\rules\rules.1.452.68
C:\Program Files\Dealio\kb106\rules\rules.1.453.68
C:\Program Files\Dealio\kb106\rules\rules.1.454.69
C:\Program Files\Dealio\kb106\rules\rules.1.456.69
C:\Program Files\Dealio\kb106\rules\rules.1.457.75
C:\Program Files\Dealio\kb106\rules\rules.1.458.70
C:\Program Files\Dealio\kb106\rules\rules.1.459.70
C:\Program Files\Dealio\kb106\rules\rules.1.460.69
C:\Program Files\Dealio\kb106\rules\rules.1.462.74
C:\Program Files\Dealio\kb106\rules\rules.1.463.69
C:\Program Files\Dealio\kb106\rules\rules.1.464.70
C:\Program Files\Dealio\kb106\rules\rules.1.465.68
C:\Program Files\Dealio\kb106\rules\rules.1.468.70
C:\Program Files\Dealio\kb106\rules\rules.1.469.70
C:\Program Files\Dealio\kb106\rules\rules.1.470.70
C:\Program Files\Dealio\kb106\rules\rules.1.471.73
C:\Program Files\Dealio\kb106\rules\rules.1.472.70
C:\Program Files\Dealio\kb106\rules\rules.1.478.74
C:\Program Files\Dealio\kb106\rules\rules.1.479.73
C:\Program Files\Dealio\kb106\rules\rules.1.480.68
C:\Program Files\Dealio\kb106\rules\rules.1.481.71
C:\Program Files\Dealio\kb106\rules\rules.1.482.74
C:\Program Files\Dealio\kb106\rules\rules.1.49.67
C:\Program Files\Dealio\kb106\rules\rules.1.50.43
C:\Program Files\Dealio\kb106\rules\rules.1.500.71
C:\Program Files\Dealio\kb106\rules\rules.1.501.74
C:\Program Files\Dealio\kb106\rules\rules.1.502.71
C:\Program Files\Dealio\kb106\rules\rules.1.51.69
C:\Program Files\Dealio\kb106\rules\rules.1.52.72
C:\Program Files\Dealio\kb106\rules\rules.1.520.76
C:\Program Files\Dealio\kb106\rules\rules.1.521.76
C:\Program Files\Dealio\kb106\rules\rules.1.522.76
C:\Program Files\Dealio\kb106\rules\rules.1.53.51
C:\Program Files\Dealio\kb106\rules\rules.1.531.76
C:\Program Files\Dealio\kb106\rules\rules.1.532.75
C:\Program Files\Dealio\kb106\rules\rules.1.533.77
C:\Program Files\Dealio\kb106\rules\rules.1.534.75
C:\Program Files\Dealio\kb106\rules\rules.1.54.47
C:\Program Files\Dealio\kb106\rules\rules.1.55.81
C:\Program Files\Dealio\kb106\rules\rules.1.56.69
C:\Program Files\Dealio\kb106\rules\rules.1.57.43
C:\Program Files\Dealio\kb106\rules\rules.1.58.47
C:\Program Files\Dealio\kb106\rules\rules.1.591.79
C:\Program Files\Dealio\kb106\rules\rules.1.592.79
C:\Program Files\Dealio\kb106\rules\rules.1.593.76
C:\Program Files\Dealio\kb106\rules\rules.1.594.77
C:\Program Files\Dealio\kb106\rules\rules.1.595.76
C:\Program Files\Dealio\kb106\rules\rules.1.608.78
C:\Program Files\Dealio\kb106\rules\rules.1.610.80
C:\Program Files\Dealio\kb106\rules\rules.1.611.79
C:\Program Files\Dealio\kb106\rules\rules.1.614.79
C:\Program Files\Dealio\kb106\rules\rules.1.617.79
C:\Program Files\Dealio\kb106\rules\rules.1.624.80
C:\Program Files\Dealio\kb106\rules\rules.1.63.57
C:\Program Files\Dealio\kb106\rules\rules.1.640.80
C:\Program Files\Dealio\kb106\rules\rules.1.641.80
C:\Program Files\Dealio\kb106\rules\rules.1.66.47
C:\Program Files\Dealio\kb106\rules\rules.1.70.75
C:\Program Files\Dealio\kb106\rules\rules.1.71.43
C:\Program Files\Dealio\kb106\temp\dealio-14428.log
C:\Program Files\Dealio\kb106\temp\dod_cache.xml
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1108_332_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1108_4048_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1204_1452_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1248_1256_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1312_1316_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1316_1320_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1408_1036_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1408_2352_43.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1668_3168_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_168_1180_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1748_3428_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1764_2860_6.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1764_916_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1784_2108_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1788_1792_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1864_2052_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1924_2712_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_1924_3816_46.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2024_168_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2084_1612_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2120_2080_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2120_2080_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2128_1784_48.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2128_2132_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2140_2420_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2148_2068_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2152_3676_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2152_3676_2.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2208_2204_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2232_2228_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2232_2236_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2232_3288_6.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2232_3288_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2340_2028_14.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2340_2104_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2340_2324_23.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2416_2420_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2424_2260_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2444_4012_20.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2444_404_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2480_2272_31.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2480_2484_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2600_3036_15.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2672_2732_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2672_3700_11.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2672_3708_62.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2676_2832_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2676_3192_13.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2680_2492_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2680_3004_44.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2688_2656_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2708_3068_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2708_3068_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2768_2672_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2768_3796_17.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2888_3220_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2888_3220_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2924_1216_98.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2924_2928_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2948_3232_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2948_3232_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2952_2248_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_2992_2144_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3016_3020_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3016_3020_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3032_3028_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3032_3028_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3044_2328_11.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3060_3064_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3060_3064_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3064_3068_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3076_3080_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3076_3080_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3112_2212_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3112_3640_13.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3148_1392_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3148_1392_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3152_1900_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3176_3244_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3200_3768_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3256_3828_10.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3272_1504_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3272_3488_9.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3284_3948_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3284_3948_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3320_220_45.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3328_144_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3328_1844_10.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3328_1844_9.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3368_336_9.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3368_3520_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3384_2936_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3384_3836_14.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3384_596_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3392_2360_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3392_2360_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3404_3296_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3404_3296_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3432_3436_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3432_460_63.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3440_1164_11.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3440_2388_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3468_3392_25.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3468_3472_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3472_3476_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3472_3704_43.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3472_752_53.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3476_2984_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3524_3416_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3524_3416_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3548_2376_18.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3560_3564_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3572_340_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3572_3724_15.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3576_3412_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3608_1588_23.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3608_3612_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3632_3636_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3636_2024_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3676_3680_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3708_3860_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3708_3860_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3720_3632_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3720_3728_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3720_3728_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3796_1204_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3796_1524_13.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3816_3832_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3816_3832_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3836_3832_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3852_1672_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3888_4012_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_3948_3996_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_4000_3872_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_4020_4024_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_4020_4024_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_404_3508_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_404_3508_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_408_1908_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_408_1908_3.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_424_1088_10.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_424_428_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_460_1116_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_492_4024_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_528_532_1.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_528_532_2.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_540_544_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_604_276_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_604_3820_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_608_4084_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_608_600_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_700_3512_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_700_812_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_732_2512_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_772_4084_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_784_1764_24.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_784_3376_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_828_896_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_944_3708_5.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_964_3960_8.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_964_4060_13.html
C:\Program Files\Dealio\kb106\temp\_toolbar_tmp_964_968_5.html
C:\Program Files\Dealio\kb106\temp\~dt1.tmp
C:\Program Files\Dealio\kb106\temp\~dt2.tmp
C:\Program Files\Dealio\kb106\temp\~dt3.tmp
C:\Program Files\Dealio\kb106\temp\~dt4.tmp
C:\Program Files\Dealio\kb106\temp\~dt5.tmp
C:\Program Files\Dealio\kb106\temp\~dt7.tmp
C:\DOCUME~1\Jessica\Favoris\Torrent Search.url
C:\WINDOWS\iun6002.exe

-----------\\ Extensions

(Jessica) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar
(Jessica) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Jessica) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Jessica) - {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} => imageshack
(Jessica) - {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24} => uploadlibrary
(Jessica) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} => mybabylon_english

(Papa) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user
(Papa) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.babylon.com/home"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://fr.yahoo.com"
"Default_Search_URL"="http://www.google.com/ie"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://fr.yahoo.com"


--------------------\\ Recherche d'autres infections

C:\WINDOWS\Pack.epk

C:\WINDOWS\System32\gesyqqm.dat
C:\WINDOWS\System32\gesyqqm_navfx.dat
C:\WINDOWS\System32\jhbzikf_navtmp.dat
==> EGDACCESS <==




1 - "C:\ToolBar SD\TB_1.txt" - 20/08/2010|10:25 - Option : [1]

-----------\\ Fin du rapport a 10:25:46,15
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

Messagede letmoi » 20 Aoû 2010, 10:00

rapport de otl

OTL logfile created on: 20/08/2010 10:33:39 - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Jessica\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

767,00 Mb Total Physical Memory | 540,00 Mb Available Physical Memory | 70,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,32 Gb Total Space | 7,89 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SANDRA-RR99JKX
Current User Name: Jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/20 09:16:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Bureau\OTL.exe
PRC - [2010/06/11 05:26:42 | 000,255,344 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\HiYo\Bin\HiYo.exe
PRC - [2009/09/22 23:31:56 | 000,856,064 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/14 13:49:48 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/08/10 15:38:10 | 000,081,920 | ---- | M] (Guillemot Corporation S.A.) -- C:\Program Files\Hercules\Deluxe Optical Glass\CamService.exe
PRC - [2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/19 16:19:26 | 000,304,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2006/01/04 01:41:57 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
PRC - [2005/12/14 19:06:00 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005/11/10 14:03:52 | 000,241,775 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
PRC - [2005/11/10 14:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2005/03/17 19:17:36 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/09/21 18:36:08 | 000,106,496 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
PRC - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2010/06/20 09:16:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jessica\Bureau\OTL.exe
MOD - [2006/08/25 17:51:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 00:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2009/09/22 23:31:56 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/01/11 20:25:51 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/21 18:36:08 | 000,106,496 | ---- | M] () [Auto | Running] -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys -- (RT2500USB)
DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/08/06 16:29:46 | 000,094,720 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camfilt2.sys -- (camfilt2)
DRV - [2007/07/17 19:07:42 | 010,371,072 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2005/12/16 14:50:00 | 003,842,560 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/12/10 04:06:00 | 003,536,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/12/07 20:10:54 | 000,150,544 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Xstream.sys -- (WISTechVIDCAP)
DRV - [2005/12/07 20:08:08 | 000,017,552 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\XLoader.sys -- (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys)
DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/22 18:08:46 | 000,081,548 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/09/21 18:18:52 | 000,061,048 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/09/21 18:18:40 | 000,023,640 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2004/09/21 18:18:36 | 000,019,712 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 18:18:02 | 000,028,719 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/09/21 18:18:02 | 000,011,604 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/09/21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2004/08/04 00:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C)
DRV - [2001/08/17 23:05:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCD.sys -- (QCDonner)
DRV - [2001/08/17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 22:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 22:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 22:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 22:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 22:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 22:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 22:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 22:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.4.8
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 08:14:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 08:27:29 | 000,000,000 | ---D | M]

[2009/01/10 19:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Extensions
[2010/08/20 00:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions
[2009/05/22 11:48:55 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/06/21 16:58:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/17 08:14:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/21 16:58:36 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2010/02/26 14:58:43 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/05/22 11:49:07 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\6l76463s.default\searchplugins\winamp-search.xml
[2010/08/20 10:07:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/19 12:35:28 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/21 17:06:59 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/26 14:58:38 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
[2009/09/21 17:06:59 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/09/21 17:06:59 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2009/09/21 17:06:59 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2009/09/21 17:06:59 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2001/08/28 14:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Jessica\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download all videos using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jessica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/03 23:31:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/20 10:22:40 | 000,000,000 | ---D | C] -- C:\ToolBar SD
[2010/08/20 10:12:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/22 12:43:11 | 000,000,000 | ---D | C] -- C:\DOCUME~1\Jessica\Bureau\DANGER VIRUS ANALYSE
[2010/06/21 15:08:06 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/21 15:08:06 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/21 15:08:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/21 15:08:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/21 15:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/06/21 15:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/06/21 11:13:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/21 10:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/20 09:21:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/20 09:21:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/20 09:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/20 09:16:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Jessica\Bureau\OTL.exe
[2010/06/18 20:12:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/17 19:58:11 | 000,000,000 | ---D | C] -- C:\DOCUME~1\Jessica\Bureau\rio
[2010/06/14 11:49:51 | 000,000,000 | ---D | C] -- C:\DOCUME~1\Jessica\Bureau\photo a faire tirer
[2010/06/12 03:19:06 | 000,000,000 | ---D | C] -- C:\Famille 20100705
[2010/06/11 07:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\AccurateRip
[2010/06/11 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2010/06/11 05:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\HiYo
[2010/06/11 05:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HiYo
[2010/06/05 08:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\Nero
[2010/06/05 08:45:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/06/05 08:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Nero
[2010/06/05 08:45:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/05 08:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2010/06/05 08:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/05 08:20:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/05 08:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jessica\Application Data\DeepBurner
[2010/06/05 08:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2009/12/25 18:40:08 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/25 18:40:08 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/08/20 10:29:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/20 10:20:10 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/20 10:19:45 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/20 10:19:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/20 10:19:41 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/20 10:19:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/20 10:18:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/20 10:17:05 | 008,732,672 | ---- | M] () -- C:\Documents and Settings\Jessica\NTUSER.DAT
[2010/08/20 10:16:42 | 000,000,284 | -HS- | M] () -- C:\Documents and Settings\Jessica\ntuser.ini
[2010/08/20 10:06:16 | 000,033,792 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\Tampon.doc
[2010/08/20 10:04:01 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-115176313-682003330-1003UA.job
[2010/06/24 16:14:53 | 000,363,520 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\rkill.scr
[2010/06/24 16:06:48 | 000,343,020 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\ToolBarSD.exe
[2010/06/21 15:08:23 | 000,001,707 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Bureau\Avira AntiVir Control Center.lnk
[2010/06/21 13:43:42 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/21 13:27:16 | 000,017,655 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\centaure.jpg
[2010/06/21 10:09:48 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Jessica\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/06/21 09:41:51 | 000,001,498 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\Calculatrice.lnk
[2010/06/20 12:29:11 | 000,304,122 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\afficheBBQ4 copie.jpg
[2010/06/20 11:42:10 | 000,291,838 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\afficheBBQ3.jpg
[2010/06/20 09:21:48 | 000,000,696 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/06/20 09:16:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Jessica\Bureau\OTL.exe
[2010/06/19 22:45:25 | 000,290,827 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\affichebbq2.jpg
[2010/06/19 21:01:42 | 000,107,360 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\affichefond.jpg
[2010/06/19 20:39:13 | 000,085,861 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\fond marron1.jpg
[2010/06/18 20:54:22 | 000,001,054 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/18 20:54:22 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/18 20:54:22 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2010/06/18 19:30:55 | 000,000,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/18 18:31:25 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/18 15:37:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/17 02:13:46 | 005,591,403 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\rio.MOV
[2010/06/14 12:07:41 | 011,608,392 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\photo a faire tirer.zip
[2010/06/14 11:34:42 | 000,067,616 | ---- | M] () -- C:\Documents and Settings\Jessica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/13 22:49:59 | 000,022,528 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\ma j selection.doc
[2010/06/13 09:58:15 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/06/13 07:28:05 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/13 07:28:05 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/13 07:27:45 | 000,257,456 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 04:04:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-115176313-682003330-1003Core.job
[2010/06/12 03:06:26 | 001,085,622 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/12 03:06:26 | 000,513,412 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/06/12 03:06:26 | 000,444,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/12 03:06:26 | 000,085,752 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/06/12 03:06:26 | 000,072,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/11 05:28:15 | 000,001,932 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Bureau\Free Email Animations!.lnk
[2010/06/11 05:28:15 | 000,001,859 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Bureau\Wallpapers by IncrediMail.lnk
[2010/05/25 19:30:10 | 000,000,072 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/05/25 19:00:07 | 000,000,731 | ---- | M] () -- C:\DOCUME~1\Jessica\Bureau\VLC media player.lnk

========== Files Created - No Company Name ==========

[2010/06/24 16:14:50 | 000,363,520 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\rkill.scr
[2010/06/24 16:06:38 | 000,343,020 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\ToolBarSD.exe
[2010/06/21 15:08:23 | 000,001,707 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Bureau\Avira AntiVir Control Center.lnk
[2010/06/21 13:27:15 | 000,017,655 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\centaure.jpg
[2010/06/21 10:09:48 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Jessica\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/06/21 09:41:51 | 000,001,498 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\Calculatrice.lnk
[2010/06/20 12:29:09 | 000,304,122 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\afficheBBQ4 copie.jpg
[2010/06/20 11:40:32 | 000,291,838 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\afficheBBQ3.jpg
[2010/06/20 09:21:48 | 000,000,696 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/06/19 22:45:21 | 000,290,827 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\affichebbq2.jpg
[2010/06/19 21:01:40 | 000,107,360 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\affichefond.jpg
[2010/06/19 20:39:11 | 000,085,861 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\fond marron1.jpg
[2010/06/18 19:30:55 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/18 15:37:36 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/18 15:37:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/06/17 02:13:37 | 005,591,403 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\rio.MOV
[2010/06/14 12:07:38 | 011,608,392 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\photo a faire tirer.zip
[2010/06/13 22:49:58 | 000,022,528 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\ma j selection.doc
[2010/06/13 07:31:04 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Lecteur Windows Media.lnk
[2010/06/13 07:28:05 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/13 07:28:05 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/11 05:28:15 | 000,001,932 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Bureau\Free Email Animations!.lnk
[2010/06/11 05:28:15 | 000,001,859 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Bureau\Wallpapers by IncrediMail.lnk
[2010/06/09 22:58:30 | 000,033,792 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\Tampon.doc
[2010/05/26 10:17:51 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
[2010/05/25 19:09:43 | 000,000,072 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/05/25 19:00:07 | 000,000,731 | ---- | C] () -- C:\DOCUME~1\Jessica\Bureau\VLC media player.lnk
[2010/02/26 14:57:24 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/26 14:57:24 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/25 18:40:08 | 000,015,478 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2008/09/02 15:58:20 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/04/09 15:01:04 | 000,000,431 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2007/03/09 10:06:05 | 000,001,425 | ---- | C] () -- C:\WINDOWS\dietum.ini
[2007/03/09 10:05:52 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[2007/01/09 12:49:21 | 000,001,331 | ---- | C] () -- C:\WINDOWS\psmplay.ini
[2006/12/25 23:11:38 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006/12/25 23:11:38 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2006/12/14 19:52:18 | 000,000,182 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2006/07/31 21:08:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PDFMAIL.INI
[2006/07/31 15:04:56 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006/07/31 15:04:56 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/07/31 15:04:55 | 000,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006/07/31 14:57:51 | 000,027,279 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/05/20 12:21:32 | 000,013,299 | ---- | C] () -- C:\WINDOWS\System32\drivers\packet.sys
[2006/05/20 12:21:32 | 000,011,604 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2006/05/09 23:57:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\VegaShEx.dll
[2006/05/04 19:52:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\CielComponent.ini
[2006/05/04 19:50:05 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\xxxprogress.dll
[2006/05/03 01:04:18 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/05/03 00:57:23 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Crun500Interface.dll
[2006/05/03 00:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/05/03 00:49:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gcr70fr.INI
[2006/05/03 00:49:11 | 000,000,018 | ---- | C] () -- C:\WINDOWS\gescap.ini
[2006/05/03 00:35:59 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\SAGEPERS.DLL
[2006/04/27 15:40:47 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2006/04/24 14:41:14 | 000,000,571 | ---- | C] () -- C:\WINDOWS\System32\FeMakro.ini
[2006/04/24 14:41:14 | 000,000,497 | ---- | C] () -- C:\WINDOWS\System32\FeAnim.ini
[2006/04/24 14:36:06 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2006/01/11 15:12:53 | 000,002,640 | ---- | C] () -- C:\WINDOWS\Labocode.ini
[2006/01/07 19:15:10 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/04 03:07:07 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/01/04 02:26:30 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/01/04 01:49:17 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/04 01:49:17 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5B77BD6E17.sys
[2006/01/04 01:46:59 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2006/01/04 00:36:18 | 000,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/01/04 00:31:46 | 000,000,849 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/10 04:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 04:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 04:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 04:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 04:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 04:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/10 04:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/12/20 12:08:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 12:03:26 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/01 17:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/04/01 11:58:02 | 000,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002/12/14 23:46:02 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/12/14 23:46:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/12/14 23:46:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/12/14 22:46:04 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/11/15 14:11:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2002/09/19 05:40:16 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2007/11/09 20:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alexandra Ledermann 8
[2006/05/20 12:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/06/05 08:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2006/05/04 19:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2010/06/11 05:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiYo
[2006/07/31 14:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2007/05/18 23:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/04 20:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Anuman Interactive
[2009/08/21 22:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Atari
[2010/06/13 09:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Audacity
[2010/06/05 08:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Canneverbe Limited
[2006/04/28 23:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Comptabilité
[2010/06/05 08:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\DeepBurner
[2006/04/28 23:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\EBP
[2008/11/15 18:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\HiYo
[2006/07/19 12:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\ICAClient
[2010/05/12 01:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\ImgBurn
[2008/06/26 23:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Mindscape
[2007/02/27 21:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Morpheus Software
[2006/06/19 19:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Opera
[2006/07/31 16:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\ScanSoft
[2006/04/24 10:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\Sphinx
[2006/07/31 16:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\SYSTRAN
[2010/02/09 13:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jessica\Application Data\TeamViewer
[2010/08/20 10:20:10 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
<End>
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

Messagede nickW » 20 Aoû 2010, 11:06

Re-

Nouveaux nettoyages:

Au vu de la longueur de la procédure, je te conseille de l'imprimer, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet ni au navigateur, et des redémarrages vont se produire).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.



Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"
Note importante:
Avira Antivir devra rester désactivé jusqu'à l'étape 5



Étape 2: Navilog1 (de IL-MAFIOSO)
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.

Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur le fichier Navilog1.exe présent sur le Bureau.

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir l'option 2 sans mon avis/accord)

L'outil peut annoncer qu'il va effectuer un redémarrage du PC: Appuyer sur une touche comme demandé.
Si le PC ne redémarre pas automatiquement, lancer manuellement le redémarrage, en choisissant la session habituelle.

Attendre jusqu'au message :
*** Scan Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1-100820.txt
Fermer le Bloc-notes.


Étape 3: Toolbar-S&D (de la Team IDN) , option 2: Suppression

Impératif: Fermer toutes les fenêtres de navigateur (Internet Explorer, Firefox, Mozilla, Opera, etc).

Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 2 puis faire Entrée pour supprimer les fichiers responsables de l'infection.

Ne pas fermer la fenêtre pendant la suppression des fichiers!

Lorsque la suppression est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 4: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 7: Résultat
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1-100820.txt)
*- le rapport de Toolbar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport de Malwarebytes' Anti-Malware
Note:
Tu peux accéder à ce rapport en lançant Malwarebytes' Anti-Malware, onglet Rapports/Logs: sélectionner le fichier puis cliquer sur le bouton Ouvrir


Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede letmoi » 20 Aoû 2010, 14:08

Avant de commencer faut-il détruire les anciens fichiers .txt log etc etc afin d'éviter toutes confusions possibles?
Letmoi
letmoi
 
Messages: 35
Inscription: 05 Jan 2010, 16:39

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 45 invités

cron