Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojans demande analyse HJT RESOLUhttp://forum.zebulon.fr/style_emoti

Bessard

Par Bessard
dans Analyses et éradication malwares

 Partager

Messages recommandés

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

C'est reparti ...

 

Le fichier JWT32 :

 

Fichier jwt32.exe reçu le 2009.03.19 00:07:54 (CET)

Antivirus Version Dernière mise à jour Résultat

a-squared 4.0.0.101 2009.03.18 -

AhnLab-V3 5.0.0.2 2009.03.18 -

AntiVir 7.9.0.120 2009.03.18 TR/Drop.Small.jhl

Authentium 5.1.2.4 2009.03.18 -

Avast 4.8.1335.0 2009.03.18 Win32:Spyware-gen

AVG 8.0.0.237 2009.03.18 -

BitDefender 7.2 2009.03.18 -

CAT-QuickHeal 10.00 2009.03.18 -

ClamAV 0.94.1 2009.03.18 -

Comodo 1066 2009.03.18 -

DrWeb 4.44.0.09170 2009.03.18 -

eSafe 7.0.17.0 2009.03.18 -

eTrust-Vet 31.6.6388 2009.03.09 -

F-Prot 4.4.4.56 2009.03.18 -

F-Secure 8.0.14470.0 2009.03.18 Trojan-Downloader:W32/Agent.JSY

Fortinet 3.117.0.0 2009.03.18 -

GData 19 2009.03.18 Win32:Spyware-gen

Ikarus T3.1.1.48.0 2009.03.18 -

K7AntiVirus 7.10.674 2009.03.17 -

Kaspersky 7.0.0.125 2009.03.18 -

McAfee 5557 2009.03.18 -

McAfee+Artemis 5557 2009.03.18 -

McAfee-GW-Edition 6.7.6 2009.03.18 Trojan.Drop.Small.jhl

Microsoft 1.4502 2009.03.18 -

NOD32 3946 2009.03.18 -

Norman 6.00.06 2009.03.18 -

nProtect 2009.1.8.0 2009.03.18 -

Panda 10.0.0.10 2009.03.18 -

PCTools 4.4.2.0 2009.03.18 -

Prevx1 V2 2009.03.19 Medium Risk Malware Dropper

Rising 21.21.22.00 2009.03.18 -

Sophos 4.39.0 2009.03.18 -

Sunbelt 3.2.1858.2 2009.03.18 -

Symantec 1.4.4.12 2009.03.18 -

TheHacker 6.3.3.0.283 2009.03.16 -

TrendMicro 8.700.0.1004 2009.03.18 -

VBA32 3.12.10.1 2009.03.18 suspected of Embedded.MalwareScope.Zhelatin.Api.accept

ViRobot 2009.3.18.1654 2009.03.18 -

VirusBuster 4.6.5.0 2009.03.18 -

 

Information additionnelle

File size: 30833 bytes

MD5...: c1a5b3dd7ef8f008394f3a80451fa11b

SHA1..: 2828ebb6498a34d361676efd1c70f998a4dd2190

SHA256: 9f0efbce3c30fff2d638ddf0159179e65f4711d481b33342fec2d4609f58ea70

SHA512: bddf8a1f3cdea43ee86d0870e96f548d6606aea0c5227be6569522fe9f6fe208<br>e46c7cc683579781a9e70697e79856a000811ade9e896c207e0b7d9e1d68b806

ssdeep: 384:k1GVhNN6ISrC4CFHzmjT7t2hIsr9qN2MbnHcGdT:k1dDMzCTerSciT<br>

PEiD..: -

TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>VXD Driver (0.1%)

PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1000<br>timedatestamp.....: 0x49ae698d (Wed Mar 04 11:44:13 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x1926 0x1a00 6.99 aa366c8d8b6044ef44a8e7f9f93ae92a<br>.data 0x3000 0x4a84 0x4c00 4.05 9defccdd3ff1588f0a2783c014ef7476<br>.rsrc 0x8000 0x120 0x200 1.87 5364c37e059cd1ab8f56d65e0fb47138<br><br>( 3 imports ) <br>> kernel32.dll: CreateMutexA, GetLastError, GetModuleHandleA, LoadLibraryA, GetProcAddress, Sleep, FreeLibrary, RtlZeroMemory, FindFirstFileA, CreateDirectoryA, MoveFileA, FindNextFileA, FindClose, ExitProcess, RtlMoveMemory, CreateFileA, WriteFile, CloseHandle, TerminateThread, TerminateProcess, GetSystemDirectoryA, GlobalAlloc, GlobalLock, GlobalHandle, GlobalUnlock, GlobalFree, FlushFileBuffers<br>> user32.dll: DialogBoxParamA, LoadIconA, SendMessageA, SetDlgItemTextA, EndDialog, GetClassNameA, GetWindowThreadProcessId, EnumWindows, MessageBoxA<br>> comctl32.dll: InitCommonControls<br><br>( 0 exports ) <br>

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=B9078EF371E305E2787C009893660100F26A5DA5' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=B9078EF371E305E2787C009893660100F26A5DA5</a>

 

 

Le fichier Toolbar :

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.40GHz )

BIOS : BIOS Date: 04/26/05 20:54:36 Ver: 08.00.10

USER : Saldo Daniel ( Administrator )

BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)

Firewall : Norton Internet Security 15.0.0.60 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:68 Go (Free:26 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)

F:\ (Local Disk) - NTFS - Total:45 Go (Free:29 Go)

G:\ (Local Disk) - NTFS - Total:66 Go (Free:39 Go)

H:\ (CD or DVD)

I:\ (CD or DVD)

J:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 19/03/2009| 0:14 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\dinstallhelper.DC295621FCCE456E86BB35F5409239FF.dll

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\global_scripts.js

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\logo.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\logo_over.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\scripts.js

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\scroller.js

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\separator.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\settings.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\settings_over.gif

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\index.76.35

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dealio-14293.log

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dealio-14294.log

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dealio-14297.log

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\installtype.ini

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1008_1012_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1048_952_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1048_952_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_4000_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1212_4000_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1344_2060_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1348_3216_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1356_2888_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1712_1148_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1760_1948_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1760_1948_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_1976_2024_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2012_416_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2132_224_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2148_1672_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2196_2568_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2292_3100_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2328_424_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2344_396_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2404_2408_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2404_2408_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2408_2972_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2436_3260_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2464_2992_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2480_408_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2668_1836_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2728_3736_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2744_2876_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_2956_2540_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3064_3876_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3104_732_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_312_2204_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3168_344_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3168_780_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3212_3220_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3304_3528_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3332_3340_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3372_2344_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3380_600_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3412_2136_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3516_1564_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_352_4028_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3584_2688_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3644_2508_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3656_2500_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_372_864_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_372_864_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3760_488_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3812_1692_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3836_2736_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3896_2576_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3896_3900_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3920_3612_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3940_3512_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3948_4084_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_428_3708_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_432_3544_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_496_2780_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_524_532_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_524_532_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_540_3256_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_580_3540_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_648_676_1.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_648_676_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_752_536_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_868_728_3.html

C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_928_536_3.html

C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio

C:\Program Files\Multi_Media

C:\Program Files\Multi_Media\INSTALL.LOG

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\res

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp\ws-14319.log

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp\ws-14320.log

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127\temp\ws-14321.log

C:\Program Files\Search Settings

C:\Program Files\Search Settings\kb127

C:\Program Files\Search Settings\SearchSettings.exe

C:\Program Files\Search Settings\kb127\res

C:\Program Files\Search Settings\kb127\SearchSettings.dll

C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll

C:\Program Files\Search Settings\kb127\temp

C:\DOCUME~1\SALDOD~1\Favoris\Torrent Portal - BitTorrent Search Index.url

 

-----------\\ Extensions

 

(Saldo Daniel) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

(Saldo Daniel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Saldo Daniel) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(Saldo Daniel) - {b23920f4-4c2f-412b-9450-1d7028d5454e} => torrentreactor.net

(Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

(Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.fr/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.google.com/ie"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66028"

"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SALDOD~1\Application Data\Azureus\torrents\Adobe Premiere Pro v7 0 with Keygen.torrent

C:\DOCUME~1\SALDOD~1\Favoris\Cracks

C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Les cracks, patchs et autres serials....url

C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Serial numbers.url

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 19/03/2009| 0:15 - Option : [1]

 

-----------\\ Fin du rapport a 0:15:48,34

 

 

Bon courage et merci de ton aide

 

Cordialement

 

Bessard

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Désactive TeaTimer dans spybot dès maintenant, ça peut empêcher la désinfection. :P

A faire en passant par les options de Spybot: il faut aller dans le menu "Mode"=> coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" .

 

Ne le réactive pas.

 

-------

 

Relance Toolbar-S&D. Choisis cette fois l'option "suppression" puis valide en appuyant sur "Entrée".

! Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu ici.

 

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

 

 

----------

 

Télécharge OTMoveIt3 par OldTimer.

  • Enregistre ce fichier sur le Bureau.
  • Fais un double clic sur OTMoveIt3.exe pour lancer l'exécution de l'outil. (Note: Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  • Copie les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant toutes puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
    :processes
explorer.exe 
:files
C:\WINDOWS\system32\jwt32.exe
C:\Program Files\spoolsvt.exe
C:\Program Files\spooler.exe
:reg 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxSys"=-
"SearchSettings"=-
"Microsoft appswitch"=-
"Printspooler"=-

:commands
[emptytemp]
[start explorer]


  • Retourne dans la fenêtre de OTMoveIt3, fais un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt3
  • Poste dans ta prochaine réponse le rapport de OTMoveIt3 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Je te communique les 2 rapports ... à noter que j'ai une demande de fichier "SearchSettings.msi" que je ne trouve pas !! c'est quoi ce programme demandé juste aprés que j'ai fini les analyses demandées ?

 

Rapport ToolBar 2 :

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.40GHz )

BIOS : BIOS Date: 04/26/05 20:54:36 Ver: 08.00.10

USER : Saldo Daniel ( Administrator )

BOOT : Normal boot

Antivirus : Norton Internet Security 15.0.0.60 (Activated)

Firewall : Norton Internet Security 15.0.0.60 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:68 Go (Free:26 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)

F:\ (Local Disk) - NTFS - Total:45 Go (Free:29 Go)

G:\ (Local Disk) - NTFS - Total:66 Go (Free:39 Go)

H:\ (CD or DVD)

I:\ (CD or DVD)

J:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 19/03/2009| 0:47 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\dinstallhelper.DC295621FCCE456E86BB35F5409239FF.dll

Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio\kb127

Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio

Supprime! - C:\Program Files\Multi_Media\INSTALL.LOG

Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings\kb127

Supprime! - C:\Program Files\Search Settings\kb127

Supprime! - C:\Program Files\Search Settings\SearchSettings.exe

Supprime! - C:\DOCUME~1\SALDOD~1\Favoris\Torrent Portal - BitTorrent Search Index.url

Supprime! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Dealio

Supprime! - C:\Program Files\Multi_Media

Echec ! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings

Supprime! - C:\Program Files\Search Settings

 

-----------\\ DEUXIEME PASSAGE

 

Echec ! - C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings

 

-----------\\ Extensions

 

(Saldo Daniel) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar

(Saldo Daniel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar

(Saldo Daniel) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

(Saldo Daniel) - {b23920f4-4c2f-412b-9450-1d7028d5454e} => torrentreactor.net

(Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

(Saldo Daniel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.fr/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.google.com/ie"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

"SearchAssistant"="http://www.crawler.com/search/ie.aspx?tb_id=66028"

"CustomizeSearch"="http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SALDOD~1\Favoris\Cracks

C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Les cracks, patchs et autres serials....url

C:\DOCUME~1\SALDOD~1\Favoris\Cracks\Serial numbers.url

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 19/03/2009| 0:15 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 19/03/2009| 0:48 - Option : [2]

 

-----------\\ Fin du rapport a 0:48:55,62

 

 

Rapport OT MoveIT :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\WINDOWS\system32\jwt32.exe moved successfully.

C:\Program Files\spoolsvt.exe moved successfully.

File/Folder C:\Program Files\spooler.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft appswitch deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Printspooler not found.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\etilqs_fktnos5grTx1QuQGgq0W scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\~DFE8F.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\JETDB2D.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_005509

 

Files moved on Reboot...

File C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\etilqs_fktnos5grTx1QuQGgq0W not found!

C:\DOCUME~1\SALDOD~1\LOCALS~1\Temp\~DFE8F.tmp moved successfully.

File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

File C:\WINDOWS\temp\JETDB2D.tmp not found!

File C:\WINDOWS\temp\Perflib_Perfdata_ac8.dat not found!

C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\Saldo Daniel\Local Settings\Application Data\Mozilla\Firefox\Profiles\4q54icgh.default\XUL.mfl moved successfully.

 

 

Voilà voilà !

 

Et maintenant que fais-je ? il est tard ! courage

 

Bessard

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Voici un nouveau script pour OtMOveIt, puisqu'il en reste, ici.

 

:processes
explorer.exe
:files
C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings
:commands
[start explorer]

 

Poste le rapport obtenu après ça stp, ça doit toucher à ton message searchsettings.

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Falkra bonjour,

 

Le soleil est avec nous ... après analyse avec malwrebytes ... plus de trojan .. j'ai retrouvé regedit ... je n'ose le dire trop fort.

Au démarrage et après lancement nouveau script la recherche de search setting.msi c'est renouvelée puis stoppée après 2 ou 3 annulations ..!

Ci dessous le rapport OtMOveIT d'aujourd'hui :

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\DOCUME~1\SALDOD~1\APPLIC~1\Search Settings moved successfully.

========== COMMANDS ==========

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03192009_141011

 

Je vais pouvoir m'attaquer au gestionnaire de tâches, si RSIT veut bien s'ouvrir ... à suivre

Merci pour ton aide efficace

Bien cordialement

 

Bessard

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Effectivement impossible lancer RSIT qui s'arrête au bout de 5 à 6 secondes en me balançant une erreur "AutoIT error Line-1 error: subscript used with non array-variable" OK et se ferme ...!!

 

Que fais-je ?

 

Bessard

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

RSIT ne veut pas se lancer ... Il m'affiche rapidement une erreur "AutoIT error Line-1 error: subscript used with non array-variable" et se ferme ...!!

 

Que faire ?

 

Bessard

Bessard Power Member

Bessard

Posté(e)
  • Auteur
Posté(e)

Falkra bonsoir,

 

Après mise à jour MBAM ... tout est clean .. youpi ! merci. Il me suffit de relancer regedit si ok alors c'est clean !

 

Seul me reste le gestionnaire de taches qui ne veut pas s'ouvrir ... et RSIT qui ne veut pas se lancer !

Et maintenant ce "Search settings Installer 1.2" qui cherche à s'installer, à priori au démarrage ou lorsque je veux me servir d'IE

 

bouh ! que de problèmes ... vais-je m'en sortir ?

Merci de ton aide

 

Bessard

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Regedit n'est pas infecté, là c'est une clé de registre, qui n'est pas forcément liée à une infection.

 

On va régler le gestionnaire de tâches, télécharge ce fichier reg ici :

http://senduit.com/547413

Double clique dessus pour l'ajouter au registre, une confirmation te sera demandée, dis oui.

 

Poste un nouveau rapport HijackThis après ça stp.

 

Supprime ta version de RSIT, peut-être buggée.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...