Sujet Précédent Sujet Suivant

Avast, spybo et internet h-s!!!

poupi -  
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
j'ai ouvert une archive et depuis je n'arrive plus a utiliser avast spybot et internet ne fonctionne plus on me dit que je ne suis connectee a aucun reseau.
j'ai suivi la trame donnee ici par papyber
j'ai un autre pc portable qui lui fonctionne j'ai donc telecharger sur mon usb le logiciel ELIBAGLA
je l'ai transfere sur mon pc infecte et j'ai pu le le lancer
ensuite j'ai telecharge combofix et je l'ai lance aussi et ca n 'a rien donne
j'ai desinstalle avast et spybot et j'ai reinstalle avast avec un scan au demarrage ca ne donne rien spybot je ne peux pas l'installer il a apparement besoin d'y avoir une connexion internet que je n'ai pas!!
j'ai egalement utilise les logiciels fsbl et hijack ca ne donne rien ce dernier a l'air de deconner un peu ou j'y comprends rien!!
je ne sais vraiment pas quoi faire quand j essaie de configurer une connexion on me dit que je ne suis connectee a aucun reseau et la map est completement vide alors que d'habitude tous les reseaux dispos s affichent
merci de m aider car je suis tres tres embetee
A voir également:

14 réponses

Réponse 1 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Hello,

Télécharge toolscleaner sur ton Bureau:

* Clique droit sur ToolsCleaner2.exe puis sélectionne "Exécuter en tant qu'administrateur". Ensuite, laisse le bien travailler sans rien toucher.
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de ton disque dur (C:\) -->colle le dans ta réponse.

Ensuite:

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

-Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches) dans deux messages différents.
0
poupi
 
voici le rapport de random log txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by sandra at 2009-06-25 01:06:47
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 34 GB (30%) free of 114 GB
Total RAM: 1791 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{DAE0298A-619B-4B16-8A53-8ADFDDFEC538}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
recfree Toolbar - C:\Program Files\recfree\tbrec0.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\BitComet\tools\BitCometBHO_1.2.1.2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-04-16 3167584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-18 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2009-05-31 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-03-30 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-02-18 2436160]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-03-30 245760]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-04-16 3167584]
{15c93148-34fe-47e6-88e5-37607a3002f3} - recfree Toolbar - C:\Program Files\recfree\tbrec0.dll [2008-09-15 1784856]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2009-05-31 2094616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"=C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe [2007-05-04 1662976]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-03-16 421888]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"au"=C:\Program Files\Dealio\DealioAU.exe [2008-04-16 591200]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-04-16 985440]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2009-06-24 583048]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SiteVacuum"=C:\Program Files\EasySearch\SiteVacuumClient.exe [2009-06-21 471117]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2006-04-16 798720]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"unilex09"=C:\Program Files\Micro Application\La grande Encyclopédie 2009\tft.exe [2008-06-03 61440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-02 203928]
"Acer Tour Reminder"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edffe32d-2c79-11de-92bd-001d920163af}]
shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2729979-8db6-11dc-ba9d-001d923fb621}]
shell\AutoRun\command - F:\setupSNK.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-25 01:06:47 ----D---- C:\rsit
2009-06-25 00:53:06 ----A---- C:\TCleaner.txt
2009-06-24 21:53:29 ----D---- C:\Program Files\Trend Micro
2009-06-24 20:07:45 ----A---- C:\Windows\system32\aswBoot.exe
2009-06-24 19:07:54 ----SHD---- C:\$RECYCLE.BIN
2009-06-24 18:53:39 ----A---- C:\Windows\zip.exe
2009-06-24 18:53:39 ----A---- C:\Windows\SWXCACLS.exe
2009-06-24 18:53:39 ----A---- C:\Windows\SWSC.exe
2009-06-24 18:53:39 ----A---- C:\Windows\SWREG.exe
2009-06-24 18:53:39 ----A---- C:\Windows\sed.exe
2009-06-24 18:53:39 ----A---- C:\Windows\PEV.exe
2009-06-24 18:53:39 ----A---- C:\Windows\NIRCMD.exe
2009-06-24 18:53:39 ----A---- C:\Windows\grep.exe
2009-06-24 18:53:14 ----D---- C:\Windows\ERDNT
2009-06-21 03:03:15 ----SHD---- C:\Windows\system32\%APPDATA%
2009-06-20 06:22:04 ----D---- C:\Windows\BDOSCAN8
2009-06-19 02:20:06 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-13 05:54:02 ----A---- C:\Windows\system32\EncDec.dll
2009-06-13 05:54:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-10 20:18:12 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 20:18:06 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-03 19:01:27 ----D---- C:\Program Files\Apple Software Update
2009-06-03 18:59:10 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-03 18:58:37 ----D---- C:\Program Files\iPod
2009-06-03 18:58:31 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 18:58:31 ----D---- C:\Program Files\iTunes
2009-06-03 18:55:26 ----D---- C:\Program Files\QuickTime
2009-05-29 13:36:16 ----A---- C:\Windows\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2009-06-25 01:06:11 ----D---- C:\Windows\Temp
2009-06-24 23:27:58 ----A---- C:\Windows\ntbtlog.txt
2009-06-24 21:53:29 ----RD---- C:\Program Files
2009-06-24 20:08:08 ----D---- C:\Windows\system32\drivers
2009-06-24 20:08:06 ----D---- C:\Windows\System32
2009-06-24 19:33:39 ----SHD---- C:\System Volume Information
2009-06-24 19:33:30 ----SHD---- C:\Windows\Installer
2009-06-24 19:27:52 ----D---- C:\Windows\winsxs
2009-06-24 19:16:15 ----D---- C:\Windows\system32\fr-FR
2009-06-24 19:08:04 ----D---- C:\Windows
2009-06-24 19:08:04 ----A---- C:\Windows\system.ini
2009-06-24 19:04:04 ----D---- C:\Windows\AppPatch
2009-06-24 19:04:03 ----D---- C:\Program Files\Common Files
2009-06-24 19:03:34 ----SD---- C:\Users\sandra\AppData\Roaming\Microsoft
2009-06-24 18:52:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-21 06:40:45 ----D---- C:\Program Files\EA GAMES
2009-06-21 02:19:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-21 02:19:16 ----D---- C:\Windows\inf
2009-06-21 01:49:33 ----D---- C:\Windows\Prefetch
2009-06-21 01:48:17 ----D---- C:\Program Files\EasySearch
2009-06-21 01:43:53 ----D---- C:\Windows\system32\Tasks
2009-06-21 01:43:35 ----D---- C:\Users\sandra\AppData\Roaming\uTorrent
2009-06-20 20:32:38 ----D---- C:\Users\sandra\AppData\Roaming\dvdcss
2009-06-20 06:28:07 ----D---- C:\ProgramData\eMule
2009-06-20 06:28:07 ----D---- C:\Program Files\eMule
2009-06-20 06:22:07 ----SD---- C:\Windows\Downloaded Program Files
2009-06-19 02:20:15 ----D---- C:\Program Files\DivX
2009-06-15 19:55:39 ----D---- C:\Windows\system32\catroot2
2009-06-14 03:17:55 ----D---- C:\Windows\Microsoft.NET
2009-06-14 03:17:35 ----RSD---- C:\Windows\assembly
2009-06-14 03:09:28 ----D---- C:\Windows\ehome
2009-06-14 03:02:17 ----D---- C:\ProgramData\Microsoft Help
2009-06-13 05:52:46 ----D---- C:\Windows\system32\catroot
2009-06-11 03:07:34 ----D---- C:\Program Files\Microsoft Works
2009-06-03 18:59:10 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-03 18:58:36 ----D---- C:\Program Files\Common Files\Apple
2009-06-03 18:58:31 ----HD---- C:\ProgramData
2009-06-01 18:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-31 17:44:01 ----D---- C:\Program Files\free-downloads.net

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-02-20 95760]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-24 6144]
R3 RT73;D-Link USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\Dr71WU.sys [2008-02-14 256000]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]
S3 a0zslx6a;a0zslx6a; C:\Windows\system32\drivers\a0zslx6a.sys []
S3 adh3tyav;adh3tyav; C:\Windows\system32\drivers\adh3tyav.sys []
S3 catchme;catchme; \??\C:\Users\sandra\AppData\Local\Temp\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-03-15 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-02-18 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\ALO SOFT\ALO CD BURNER\NMSAccessU.exe [2007-10-12 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-09 143360]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2009-06-24 583048]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2009-06-24 554352]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-18 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

je t'envoie le dernier dans un autre msg

merci
0
poupi
 
coucou

voici le message info txt


et voici le rapport de info bloc notes


Logfile of random's system information tool 1.06 (written by random/random)
Run by sandra at 2009-06-25 01:06:47
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 34 GB (30%) free of 114 GB
Total RAM: 1791 MB (42% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{DAE0298A-619B-4B16-8A53-8ADFDDFEC538}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15c93148-34fe-47e6-88e5-37607a3002f3}]
recfree Toolbar - C:\Program Files\recfree\tbrec0.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\BitComet\tools\BitCometBHO_1.2.1.2.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
EoBho Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll [2008-04-16 3167584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-02-18 2436160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2009-05-31 2094616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-03-30 245760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-02-06 151552]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-02-18 2436160]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL [2008-03-30 245760]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll [2008-04-16 3167584]
{15c93148-34fe-47e6-88e5-37607a3002f3} - recfree Toolbar - C:\Program Files\recfree\tbrec0.dll [2008-09-15 1784856]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre1.dll [2009-05-31 2094616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-03-01 4390912]
"Acer Empowering Technology Monitor"=C:\Acer\Empowering Technology\SysMonitor.exe [2007-01-24 319488]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-02-07 464168]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-02-15 151552]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"D-Link D-Link Wireless G DWA-110"=C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe [2007-05-04 1662976]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-03-16 421888]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"au"=C:\Program Files\Dealio\DealioAU.exe [2008-04-16 591200]
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-04-16 985440]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2009-06-24 583048]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SiteVacuum"=C:\Program Files\EasySearch\SiteVacuumClient.exe [2009-06-21 471117]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2006-04-16 798720]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"unilex09"=C:\Program Files\Micro Application\La grande Encyclopédie 2009\tft.exe [2008-06-03 61440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-02 203928]
"Acer Tour Reminder"= []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edffe32d-2c79-11de-92bd-001d920163af}]
shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2729979-8db6-11dc-ba9d-001d923fb621}]
shell\AutoRun\command - F:\setupSNK.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-25 01:06:47 ----D---- C:\rsit
2009-06-25 00:53:06 ----A---- C:\TCleaner.txt
2009-06-24 21:53:29 ----D---- C:\Program Files\Trend Micro
2009-06-24 20:07:45 ----A---- C:\Windows\system32\aswBoot.exe
2009-06-24 19:07:54 ----SHD---- C:\$RECYCLE.BIN
2009-06-24 18:53:39 ----A---- C:\Windows\zip.exe
2009-06-24 18:53:39 ----A---- C:\Windows\SWXCACLS.exe
2009-06-24 18:53:39 ----A---- C:\Windows\SWSC.exe
2009-06-24 18:53:39 ----A---- C:\Windows\SWREG.exe
2009-06-24 18:53:39 ----A---- C:\Windows\sed.exe
2009-06-24 18:53:39 ----A---- C:\Windows\PEV.exe
2009-06-24 18:53:39 ----A---- C:\Windows\NIRCMD.exe
2009-06-24 18:53:39 ----A---- C:\Windows\grep.exe
2009-06-24 18:53:14 ----D---- C:\Windows\ERDNT
2009-06-21 03:03:15 ----SHD---- C:\Windows\system32\%APPDATA%
2009-06-20 06:22:04 ----D---- C:\Windows\BDOSCAN8
2009-06-19 02:20:06 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-13 05:54:02 ----A---- C:\Windows\system32\EncDec.dll
2009-06-13 05:54:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-10 20:18:12 ----A---- C:\Windows\system32\localspl.dll
2009-06-10 20:18:06 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-03 19:01:27 ----D---- C:\Program Files\Apple Software Update
2009-06-03 18:59:10 ----A---- C:\Windows\system32\GEARAspi.dll
2009-06-03 18:58:37 ----D---- C:\Program Files\iPod
2009-06-03 18:58:31 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 18:58:31 ----D---- C:\Program Files\iTunes
2009-06-03 18:55:26 ----D---- C:\Program Files\QuickTime
2009-05-29 13:36:16 ----A---- C:\Windows\system32\usbaaplrc.dll

======List of files/folders modified in the last 1 months======

2009-06-25 01:06:11 ----D---- C:\Windows\Temp
2009-06-24 23:27:58 ----A---- C:\Windows\ntbtlog.txt
2009-06-24 21:53:29 ----RD---- C:\Program Files
2009-06-24 20:08:08 ----D---- C:\Windows\system32\drivers
2009-06-24 20:08:06 ----D---- C:\Windows\System32
2009-06-24 19:33:39 ----SHD---- C:\System Volume Information
2009-06-24 19:33:30 ----SHD---- C:\Windows\Installer
2009-06-24 19:27:52 ----D---- C:\Windows\winsxs
2009-06-24 19:16:15 ----D---- C:\Windows\system32\fr-FR
2009-06-24 19:08:04 ----D---- C:\Windows
2009-06-24 19:08:04 ----A---- C:\Windows\system.ini
2009-06-24 19:04:04 ----D---- C:\Windows\AppPatch
2009-06-24 19:04:03 ----D---- C:\Program Files\Common Files
2009-06-24 19:03:34 ----SD---- C:\Users\sandra\AppData\Roaming\Microsoft
2009-06-24 18:52:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-21 06:40:45 ----D---- C:\Program Files\EA GAMES
2009-06-21 02:19:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-21 02:19:16 ----D---- C:\Windows\inf
2009-06-21 01:49:33 ----D---- C:\Windows\Prefetch
2009-06-21 01:48:17 ----D---- C:\Program Files\EasySearch
2009-06-21 01:43:53 ----D---- C:\Windows\system32\Tasks
2009-06-21 01:43:35 ----D---- C:\Users\sandra\AppData\Roaming\uTorrent
2009-06-20 20:32:38 ----D---- C:\Users\sandra\AppData\Roaming\dvdcss
2009-06-20 06:28:07 ----D---- C:\ProgramData\eMule
2009-06-20 06:28:07 ----D---- C:\Program Files\eMule
2009-06-20 06:22:07 ----SD---- C:\Windows\Downloaded Program Files
2009-06-19 02:20:15 ----D---- C:\Program Files\DivX
2009-06-15 19:55:39 ----D---- C:\Windows\system32\catroot2
2009-06-14 03:17:55 ----D---- C:\Windows\Microsoft.NET
2009-06-14 03:17:35 ----RSD---- C:\Windows\assembly
2009-06-14 03:09:28 ----D---- C:\Windows\ehome
2009-06-14 03:02:17 ----D---- C:\ProgramData\Microsoft Help
2009-06-13 05:52:46 ----D---- C:\Windows\system32\catroot
2009-06-11 03:07:34 ----D---- C:\Program Files\Microsoft Works
2009-06-03 18:59:10 ----DC---- C:\Windows\system32\DRVSTORE
2009-06-03 18:58:36 ----D---- C:\Program Files\Common Files\Apple
2009-06-03 18:58:31 ----HD---- C:\ProgramData
2009-06-01 18:51:12 ----A---- C:\Windows\system32\mrt.exe
2009-05-31 17:44:01 ----D---- C:\Program Files\free-downloads.net

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys [2009-02-20 95760]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-01 1744928]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-04-24 6144]
R3 RT73;D-Link USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\Dr71WU.sys [2008-02-14 256000]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2008-12-09 311808]
S3 a0zslx6a;a0zslx6a; C:\Windows\system32\drivers\a0zslx6a.sys []
S3 adh3tyav;adh3tyav; C:\Windows\system32\drivers\adh3tyav.sys []
S3 catchme;catchme; \??\C:\Users\sandra\AppData\Local\Temp\catchme.sys []
S3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-03-15 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\Windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\Windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2008-02-18 47360]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-26 4385792]
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-12-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-02-07 457512]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-01-31 53248]
R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMSAccessU;NMSAccessU; C:\Program Files\ALO SOFT\ALO CD BURNER\NMSAccessU.exe [2007-10-12 71096]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-04-09 143360]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 CLTNetCnService;Symantec Lic NetConnect service; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2009-06-24 583048]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2009-06-24 554352]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-18 138168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
0
poupi
 
voila tout ce que j'ai pu faire j'espere que tu pourras m'aider car je suis pas calee en informatique

merci
0
poupi
 
COUCOU

voici le rapport hijackdis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:41, on 25/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\EasySearch\SiteVacuumClient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files\recfree\tbrec0.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files\recfree\tbrec0.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\BitComet\tools\BitCometBHO_1.2.1.2.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O3 - Toolbar: recfree Toolbar - {15c93148-34fe-47e6-88e5-37607a3002f3} - C:\Program Files\recfree\tbrec0.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless G DWA-110] C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SiteVacuum] C:\Program Files\EasySearch\SiteVacuumClient.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [unilex09] C:\Program Files\Micro Application\La grande Encyclopédie 2009\tft.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/hardwaredetection_3_1_2_0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\ALO SOFT\ALO CD BURNER\NMSAccessU.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
poupi
 
Bonjour

voici le premier rapport


############################## [ UsbFix V3.033 ]

# User : sandra (Administrateurs) # PCDEBUREAU
# Update on 15/06/09 by C_XX
# Start at: 14:29:27 | 25/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18372
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 111,7 Go (33,2 Go free) [ACER] # NTFS
# D:\ # Disque fixe local # 111,43 Go (12,33 Go free) [DATA] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# K:\ # Disque CD-ROM

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ALO SOFT\ALO CD BURNER\NMSAccessU.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe

################## [ Fichiers # Dossiers infectieux ]

Supprimé ! C:\regxpcom.exe

################## [ Registre # Clés Run infectieuses ]

# HKLM\software\microsoft\security center "UacDisableNotify" # -> Reset sucessfully !

################## [ Registre # Mountpoints2 ]

Supprimé ! HKCU\...\Explorer\MountPoints2\{edffe32d-2c79-11de-92bd-001d920163af}\Shell\AutoRun\Command

################## [ Listing des fichiers présent ]

[24/04/2007 14:54|--a------|3379] - C:\-20070424.log
[19/07/2008 02:33|--a------|6129] - C:\0x0409.ini
[25/06/2009 04:50|--a------|7330] - C:\Ad-Report-SCAN.log
[22/02/2008 04:38|--a------|45704] - C:\APIHook.log
[18/09/2006 23:43|--a------|24] - C:\autoexec.bat
[19/01/2008 09:45|-rahs----|333203] - C:\bootmgr
[24/04/2007 22:59|-ra-s----|8192] - C:\BOOTSECT.BAK
[18/09/2006 23:43|--a------|10] - C:\config.sys
[17/02/2008 22:14|-rahs----|0] - C:\IO.SYS
[29/11/2006 17:35|--a------|512] - C:\MDR.iss
[22/02/2009 06:55|--a------|172] - C:\mits.tmp
[22/02/2009 06:55|--a------|230] - C:\MITsWizard.tmp
[17/02/2008 22:14|-rahs----|0] - C:\MSDOS.SYS
[?|?|?] - C:\pagefile.sys
[24/04/2007 14:49|--a------|420] - C:\RHDSetup.log
[19/07/2008 02:33|--a------|2059] - C:\Setup.INI
[19/07/2008 02:33|--a------|128625] - C:\setup.isn
[24/04/2007 15:07|--a------|178] - C:\setup.log
[25/06/2009 00:53|--a------|2242] - C:\TCleaner.txt
[25/03/2009 03:44|--a------|11] - C:\trace.ini
[21/05/2009 00:48|--a------|594] - C:\updatedatfix.log
[25/06/2009 14:30|--a------|4521] - C:\UsbFix.txt
[25/06/2009 04:14|--a------|8098] - C:\UsbFixrapport a envoyer.txt
[29/12/2003 22:08|--a------|4648] - D:\=[ Krystal ]=.nfo
[06/06/2009 00:52|--a------|734140416] - D:\Confessions.Of.A.Shopaholic.FRENCH.DVDRip.XviD.SURViVAL.avi
[11/06/2009 03:57|--a------|543358976] - D:\Film Assembler et Entretenir son PC.avi
[31/05/2009 23:27|--a------|2975007358] - D:\Genesis - Discography.rar
[05/02/2005 14:04|--a------|1368] - D:\IMPORTANT A SUIVRE.txt
[10/06/2009 08:40|--a------|735062016] - D:\J.Irai.Dormir.A.Hollywood.FRENCH.DVDRip.XviD.ZANBiC.avi
[20/09/2004 21:14|--a------|2921] - D:\orion.nfo
[17/05/2009 07:35|--a------|367549182] - D:\Ugly.Betty.S03E22.HDTV.XviD-XOR.avi
[23/05/2009 04:07|--a------|366507862] - D:\Ugly.Betty.S03E23.HDTV.XviD-NoTV.avi
[23/05/2009 03:22|--a------|367274494] - D:\Ugly.Betty.S03E24.HDTV.XviD-NoTV.avi
[04/06/2009 07:11|--a------|729450496] - D:\Up.2009.FRENCH.TS.MD.XviD-KoNG.avi
[28/10/2008 22:07|--a------|2555885] - D:\USB_Driver_64.zip
[28/05/2009 16:18|--a------|838188558] - D:\VER-Richard III.(Ian Mckellen-Annette Bening-Jim Broadbent-Robert Downey Jr).avi

################## [ Vaccination ]

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.033 ! ]

je t'envoie lautre tt de suite
0
Réponse 2 / 14
poupi
 
coucou

tout d'abord merci pour ta reponse et ton aide
j'ai donc telecharger toolscleaner et voici le rapport de celui ci:

[ Rapport ToolsCleaner version 2.3.6 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\sandra\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé !
C:\Users\sandra\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: trouvé !
C:\Users\sandra\Desktop\HijackThis.lnk: trouvé !
C:\Users\sandra\Documents\fsbl.exe: trouvé !
C:\Users\sandra\Documents\EliBaglA.exe: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\sandra\AppData\Roaming\Microsoft\Windows\Recent\HijackThis.lnk: supprimé !
C:\Users\sandra\Desktop\HijackThis.lnk: supprimé !
C:\Users\sandra\Documents\fsbl.exe: supprimé !
C:\Users\sandra\Documents\EliBaglA.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Users\sandra\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !
C:\Users\sandra\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: supprimé !

je t'envoie dans deux autres messages les rapports de random systeme info

merci
0
Réponse 3 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
1/
Désactive l'UAC le temps de la désinfection:

* Va dans "Démarrer" puis Panneau de configuration.
* Double Clique sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
* Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
* Valide par OK et redémarrez .

2/Poste moi un rapport hijackthis stp:

Télécharge hijackthis et poste moi le rapport dans ta prochaine réponse.
Comment générer un rapport. (merci à Balltrap 34 pour la démo)

3/
*Télécharge et installe UsbFix de C_XX & Chiquitine29.

*Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir.

*Double clique sur le raccourci UsbFix présent sur ton bureau.

*Choisi l'option 1 ( Recherche )

*Laisse travailler l'outil.

*Ensuite poste le rapport UsbFix.txt qui apparaîtra dans ton prochain message.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

4/
• Télécharge Ad-remover sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes applications en cours !

• Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

• Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
• Au menu principal choisis l'option "S" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé sous C:\Ad-report-scan.log )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Aides en images (Recherche) : http://pagesperso-orange.fr/NosTools/ADR-2-FR.html

J'attends tes 3 rapports @+
0
Réponse 4 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Re,

Quand tu me postes plusieurs rapports, pourras tu me les mettre dans des messages différents s'il te plaît?

1/
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir

* Double clique sur le raccourci UsbFix présent sur ton bureau.

* choisi l'option 2 ( Suppression )

* Ton bureau disparaîtra et le pc redémarrera .

* Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

* Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau dans ton prochain message .

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

2/

• Relance Ad-remover,
• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé sous C:\Ad-report-clean.log )

J'attends les 2 rapports.

@+
0
poupi
 
voici le deuxieme rapport

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 14:37:10, 25/06/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PCDEBUREAU | Utilisateur actuel: sandra
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité
Administrateur: sandra
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
/!\ NON SUPPRIMÉ - HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
/!\ NON SUPPRIMÉ - HKCR\EoRezoBHO.EoBho
/!\ NON SUPPRIMÉ - HKCR\EoRezoBHO.EoBho.1
/!\ NON SUPPRIMÉ - HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
/!\ NON SUPPRIMÉ - HKCR\SearchSettings.BHO
/!\ NON SUPPRIMÉ - HKCR\SearchSettings.BHO.1
/!\ NON SUPPRIMÉ - HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCU\Software\Titan Poker
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\EoRezoBHO.EoBho
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\EoRezoBHO.EoBho.1
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\SearchSettings.BHO
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\SearchSettings.BHO.1
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
/!\ NON SUPPRIMÉ - HKLM\Software\Dealio
/!\ NON SUPPRIMÉ - HKLM\Software\EoRezo
/!\ NON SUPPRIMÉ - HKLM\Software\ItsLabel
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FBrowsingAdvisor_is1
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
/!\ NON SUPPRIMÉ - HKLM\Software\Search Settings
/!\ NON SUPPRIMÉ - HKLM\Software\Titan Poker
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\au
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBrowsingAdvisor_is1
/!\ NON SUPPRIMÉ - HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
/!\ NON SUPPRIMÉ - HKCR\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
.
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio\Dealio Deskbar.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio\Help.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio\Uninstall.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio\What is Dealio.url
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\ItsLabel\ItsTV.lnk
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\ItsLabel
C:\Users\sandra\AppData\Roaming\Dealio\kb127
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules
C:\Users\sandra\AppData\Roaming\Dealio\kb127\temp
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\alerts.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\alerts_over.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\alerts_rec.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\alerts_rec_over.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\chevron-small.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\DealioSearch.html
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\deals-leftcap.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\deal_report.jpg
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\ebay_login.jpg
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\err_mainwindow.html
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\err_toolbar.html
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\global_scripts.js
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\headerbgthin.jpg
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\highlight-bg.png
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\logo.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\logo_over.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\man_toolbar.css
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\man_toolbar.html
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\man_toolbar.js
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\man_toolbarl.js
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\post-this-deal.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\post-this-deal_over.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\scripts.js
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\scroller.js
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\search-chevron.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\search-chevron_over.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\search_bg_blink.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\separator.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\settings.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\settings_over.gif
C:\Users\sandra\AppData\Roaming\Dealio\kb127\res\yahoo-search.png
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\index.76.35
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.10.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.109.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.110.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.12.52
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.13.58
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.130.58
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.135.50
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.153.44
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.155.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.156.49
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.16.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.161.52
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.178.66
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.184.55
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.188.52
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.189.45
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.196.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.198.56
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.199.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.200.53
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.201.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.202.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.203.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.205.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.213.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.214.49
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.215.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.216.67
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.217.67
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.218.52
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.219.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.220.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.221.57
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.222.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.223.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.226.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.227.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.228.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.229.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.23.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.239.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.24.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.240.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.241.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.242.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.243.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.244.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.245.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.247.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.248.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.249.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.250.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.251.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.252.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.253.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.254.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.255.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.256.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.257.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.279.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.28.58
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.282.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.283.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.284.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.289.67
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.290.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.291.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.296.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.297.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.304.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.307.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.308.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.31.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.310.46
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.311.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.315.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.316.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.317.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.318.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.319.49
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.32.48
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.334.44
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.335.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.336.44
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.337.44
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.338.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.339.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.34.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.340.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.341.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.349.50
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.35.48
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.350.50
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.351.51
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.352.54
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.353.51
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.354.51
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.357.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.358.52
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.359.52
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.360.53
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.361.54
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.362.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.363.58
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.364.54
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.365.53
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.367.56
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.368.58
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.369.55
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.370.56
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.371.56
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.372.57
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.373.55
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.375.56
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.376.57
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.377.55
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.378.65
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.384.58
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.386.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.387.59
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.388.59
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.389.59
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.390.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.391.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.392.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.393.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.394.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.396.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.397.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.398.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.399.60
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.403.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.404.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.405.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.406.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.407.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.408.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.409.61
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.412.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.413.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.414.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.415.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.416.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.417.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.418.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.419.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.420.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.421.62
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.423.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.424.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.425.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.426.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.427.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.428.65
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.429.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.430.63
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.432.65
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.433.64
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.434.65
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.435.64
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.436.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.437.64
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.438.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.439.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.440.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.442.73
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.443.73
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.444.73
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.445.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.446.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.450.67
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.451.67
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.452.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.453.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.454.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.456.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.457.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.458.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.459.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.460.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.462.74
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.463.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.464.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.465.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.468.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.469.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.470.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.471.73
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.472.70
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.478.74
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.479.73
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.480.68
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.481.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.482.74
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.49.67
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.50.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.500.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.501.74
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.502.71
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.51.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.52.72
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.520.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.521.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.522.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.53.51
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.531.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.532.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.534.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.54.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.55.45
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.56.69
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.57.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.58.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.593.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.595.76
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.63.57
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.66.47
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.70.75
C:\Users\sandra\AppData\Roaming\Dealio\kb127\rules\rules.1.71.43
C:\Users\sandra\AppData\Roaming\Dealio\kb127\temp\dealio-14104.log
C:\Users\sandra\AppData\Roaming\Dealio\kb127\temp\dod_cache.xml
C:\Users\sandra\AppData\Roaming\Dealio
C:\Users\sandra\AppData\Roaming\EoRezo\cache
C:\Users\sandra\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\sandra\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\sandra\AppData\Roaming\EoRezo\db
C:\Users\sandra\AppData\Roaming\EoRezo\eoDesktop
C:\Users\sandra\AppData\Roaming\EoRezo\eoStats
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\sandra\AppData\Roaming\EoRezo\host.cyp
C:\Users\sandra\AppData\Roaming\EoRezo\user.cyp
C:\Users\sandra\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\sandra\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\sandra\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\sandra\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\sandra\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\sandra\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png
C:\Users\sandra\AppData\Roaming\EoRezo
C:\Users\sandra\AppData\Roaming\ItsLabel\ItsTV
C:\Users\sandra\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml
C:\Users\sandra\AppData\Roaming\ItsLabel
C:\Users\sandra\AppData\Roaming\Search Settings\kb127
C:\Users\sandra\AppData\Roaming\Search Settings\kb127\res
C:\Users\sandra\AppData\Roaming\Search Settings\kb127\temp
C:\Users\sandra\AppData\Roaming\Search Settings\kb127\temp\ws-14104.log
C:\Users\sandra\AppData\Roaming\Search Settings
C:\Users\sandra\AppData\LocalLow\Dealio\kb127
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\alerts.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\alerts_over.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\alerts_rec.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\alerts_rec_over.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\chevron-small.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\deals-leftcap.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\deal_report.jpg
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\ebay_login.jpg
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\err_mainwindow.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\err_toolbar.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\global_scripts.js
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\headerbgthin.jpg
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\highlight-bg.png
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\logo.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\logo_over.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\man_toolbar.css
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\man_toolbar.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\man_toolbar.js
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\man_toolbarl.js
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\post-this-deal.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\post-this-deal_over.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\scripts.js
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\scroller.js
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\search-chevron.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\search-chevron_over.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\search_bg_blink.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\separator.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\settings.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\settings_over.gif
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\res\yahoo-search.png
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\index.76.35
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.10.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.109.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.110.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.12.52
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.13.58
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.130.58
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.135.50
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.153.44
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.155.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.156.49
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.16.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.161.52
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.178.66
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.184.55
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.188.52
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.189.45
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.196.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.198.56
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.199.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.200.53
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.201.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.202.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.203.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.205.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.213.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.214.49
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.215.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.216.67
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.217.67
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.218.52
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.219.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.220.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.221.57
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.222.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.223.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.226.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.227.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.228.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.229.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.23.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.239.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.24.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.240.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.241.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.242.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.243.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.244.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.245.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.247.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.248.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.249.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.250.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.251.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.252.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.253.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.254.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.255.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.256.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.257.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.279.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.28.58
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.282.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.283.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.284.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.289.67
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.290.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.291.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.296.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.297.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.304.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.307.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.308.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.31.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.310.46
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.311.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.315.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.316.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.317.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.318.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.319.49
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.32.48
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.334.44
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.335.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.336.44
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.337.44
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.338.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.339.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.34.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.340.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.341.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.349.50
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.35.48
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.350.50
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.351.51
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.352.54
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.353.51
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.354.51
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.357.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.358.52
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.359.52
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.360.53
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.361.54
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.362.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.363.58
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.364.54
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.365.53
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.367.56
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.368.58
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.369.55
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.370.56
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.371.56
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.372.57
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.373.55
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.375.56
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.376.57
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.377.55
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.378.65
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.384.58
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.386.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.387.59
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.388.59
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.389.59
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.390.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.391.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.392.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.393.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.394.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.396.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.397.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.398.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.399.60
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.403.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.404.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.405.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.406.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.407.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.408.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.409.61
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.412.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.413.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.414.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.415.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.416.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.417.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.418.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.419.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.420.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.421.62
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.423.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.424.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.425.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.426.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.427.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.428.65
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.429.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.430.63
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.432.65
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.433.64
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.434.65
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.435.64
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.436.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.437.64
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.438.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.439.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.440.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.442.73
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.443.73
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.444.73
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.445.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.446.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.450.67
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.451.67
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.452.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.453.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.454.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.456.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.457.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.458.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.459.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.460.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.462.74
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.463.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.464.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.465.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.468.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.469.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.470.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.471.73
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.472.70
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.478.74
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.479.73
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.480.68
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.481.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.482.74
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.49.67
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.50.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.500.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.501.74
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.502.71
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.51.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.52.72
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.520.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.521.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.522.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.53.51
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.531.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.532.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.534.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.54.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.55.45
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.56.69
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.57.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.58.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.593.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.595.76
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.63.57
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.66.47
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.70.75
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\rules\rules.1.71.43
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\dealio-14419.log
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\dealio-14420.log
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\dod_cache.xml
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_1232_4132_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_1540_3048_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_1804_6068_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2092_5844_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2144_3040_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2392_6036_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2652_5112_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2892_5884_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2948_4740_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_228_86.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_228_88.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_260_58.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_2860_35.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_3132_74.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_3320_85.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_3572_89.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_3572_90.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_3644_73.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_4032_87.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_4808_38.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_5140_91.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_5140_92.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_5368_43.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_5448_70.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_5496_81.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2952_5540_63.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_2972_4244_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3008_5020_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3196_1064_9.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3208_3464_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3208_5308_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3252_4804_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3280_2088_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3332_4892_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3352_3420_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3372_3224_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3604_5468_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3640_7648_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3752_4576_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3904_1340_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_3912_2300_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4044_5248_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4060_4772_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4060_6120_9.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4080_6416_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4104_2116_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4112_4048_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4140_4600_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4172_2624_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4180_5496_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4208_5988_21.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4272_2948_2.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4296_2192_18.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4296_2484_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4296_2836_17.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4296_3112_14.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4296_5172_8.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4356_3744_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4512_6080_13.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4636_5240_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4660_6372_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4672_508_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4680_3680_9.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4700_5544_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4736_5408_5.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4740_4988_9.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4748_968_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_1004_19.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_1004_20.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_3716_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_3924_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_4236_18.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_4492_12.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_5920_15.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4804_696_9.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4820_5564_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4932_5828_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_4992_2988_2.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5016_3832_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5028_5284_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5064_5688_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5080_5232_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5088_4596_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5196_1088_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5220_4732_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5224_3736_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5224_796_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5344_5912_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5444_3724_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5476_3140_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5476_3724_23.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5536_5976_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5536_6124_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5560_6540_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5568_6016_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5596_692_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5632_3632_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5644_3452_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5652_3648_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5788_6520_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5804_5972_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5904_1292_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5920_3024_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5928_5312_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5944_4900_6.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5968_5296_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_5976_4536_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_6004_472_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_6036_5060_2.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_6328_2656_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_7264_6348_27.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_7600_4172_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_7724_1368_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_8008_6260_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_800_2956_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_8020_6948_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_8044_6956_3.html
C:\Users\sandra\AppData\LocalLow\Dealio\kb127\temp\_toolbar_tmp_8132_7288_3.html
C:\Users\sandra\AppData\LocalLow\Dealio
C:\Users\sandra\AppData\LocalLow\Search Settings\kb127
C:\Users\sandra\AppData\LocalLow\Search Settings\kb127\res
C:\Users\sandra\AppData\LocalLow\Search Settings\kb127\temp
C:\Users\sandra\AppData\LocalLow\Search Settings\kb127\temp\ws-14419.log
C:\Users\sandra\AppData\LocalLow\Search Settings\kb127\temp\ws-14420.log
C:\Users\sandra\AppData\LocalLow\Search Settings
C:\Progr
0
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234 > poupi
 
Ton rapport est incomplet et la suppression n' a pas fonctionné.

1/
Désactive l'UAC :

* Va dans "Démarrer" puis Panneau de configuration.
* Double Clique sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
* Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
* Valide par OK et redémarrez .

2/
Fais un clic droit sur L'icône d'Ad-Remover sur ton bureau et choisi exécuter en tant qu'administrateur. (Si ton mot de passe t'est demandé, rentre le)

• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé sous C:\Ad-report-clean.log )

Si tu n'arrives pas à le poster entier, sépare le en 2 et poste le dans 2 messages en prenant soin de ne pas te planter^^.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Bon, y'a un blême...

Cela ne se passe pas come prévu, je ne sais pas si c'est parce qu'il y a quelque chose qui "résiste" ou si tu appliques mal les consignes mais je constate dans tes rapports d'UsbFix une différence.
Je t'avais demandé de brancher toutes tes clés USB pour le nettoyage, mais:
dans le premier rapport( détection):
# F:\ # Disque amovible # 1,87 Go (690,03 Mo free) # FAT

Présent ! F:\autorun.inf

Dans le second:
# F:\ # Disque amovible --> pas branché.

Sachant qu'il s'agit d'infections se transmettant par clé USB, c'est mal engagé^^

Donc on refait ça et s'il te plait essaie de répondre à la suite de ce message (clique sur "répondre à Trying2" en bas à gauche de ce message), parce qu'on s'y perd....

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir

* Double clique sur le raccourci UsbFix présent sur ton bureau.

* choisi l'option 2 ( Suppression )

* Ton bureau disparaîtra et le pc redémarrera .

* Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil.

* Ensuite poste le rapport UsbFix.txt qui apparaitra avec le bureau dans ton prochain message .

* Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
0
Réponse 6 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
En attendant de trouver une solution pour Ad-Remover, je te conseille vivement de changer d'antivirus.

Petite comparaison pour info.

Si tu es d'accord pour remplacer Avast par Antivir, tu peux suivre cette procédure:

Télécharge ceci et exécute le afin de désinstaller Avast.
Il te faudra redémarrer ton pc et ensuite tu pourras installer Antivir téléchargeable ici.

Tu devras l'installer, le mettre à jour, faire un scan et me poster le rapport.
choisi les paramètres par défaut lors de l'installation, mais ensuite n'oublie pas de cocher la case pour activer la recherche de Rootkits --> La case qui n'est pas cochée ici à droite sur cette image
Si tu as d'éventuelles questions, elles trouveront réponse dans ces explications.
0
Réponse 7 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Bon tout d'abord, j'aimerais que pour ton prochain message tu cliques ici et que tu y colles ton rapport stp.

La suppression des éléments avec Ad-Remover ne fonctionne pas en mode normal, donc nous allons le faire en mode sans echec.

Suis précisément ces instructions:

Redémarre ton pc.

Après le lancement du BIOS, tapote plusieurs fois sur la touche F8 (ou F5) et attend le menu des options avancées de démarrage.

Sélectionne le démarrage en mode sans échec à l'aide des flèches et valide par entrée.

Ton affichage sera différent de d'habitude, c'est normal.

Ensuite

• Relance Ad-remover en double cliquant sur l'icône.
• Au menu principal choisis l'option "L" et tape sur [entrée] .

• Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé sous C:\Ad-report-clean.log )

Note: tu devras redémarrer ton pc de manière "normale" afin de pouvoir accéder au Net.
0
Réponse 8 / 14
poupi
 
coucou

j'ai pu lancer comme tu me l'as indique ad remover voici le rapport
par contre pour antivir j'ai bien reussi mais j'ai plante le pc deux fois en essayant de le poster car il est tres tres long et l'envoyer en plusieurs fois me ferai envoyer au moins une cinquantaine de messages!! que faire??
merci a toi

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:42:20, 26/06/2009 | Mode sans echec | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: PCDEBUREAU | Utilisateur actuel: SYSTEM
.
Administrateur: Administrateur *Desactive*
N'est pas administrateur: Invité
Administrateur: sandra
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
/!\ NON SUPPRIMÉ - HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
/!\ NON SUPPRIMÉ - HKCR\EoRezoBHO.EoBho
/!\ NON SUPPRIMÉ - HKCR\EoRezoBHO.EoBho.1
/!\ NON SUPPRIMÉ - HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
/!\ NON SUPPRIMÉ - HKCR\SearchSettings.BHO
/!\ NON SUPPRIMÉ - HKCR\SearchSettings.BHO.1
/!\ NON SUPPRIMÉ - HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\EoRezoBHO.EoBho
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\EoRezoBHO.EoBho.1
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\SearchSettings.BHO
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\SearchSettings.BHO.1
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
/!\ NON SUPPRIMÉ - HKLM\Software\Dealio
/!\ NON SUPPRIMÉ - HKLM\Software\EoRezo
/!\ NON SUPPRIMÉ - HKLM\Software\ItsLabel
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FBrowsingAdvisor_is1
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
/!\ NON SUPPRIMÉ - HKLM\Software\Search Settings
/!\ NON SUPPRIMÉ - HKLM\Software\Titan Poker
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\au
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBrowsingAdvisor_is1
/!\ NON SUPPRIMÉ - HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
/!\ NON SUPPRIMÉ - HKCR\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
/!\ NON SUPPRIMÉ - HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
.

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
.

* Internet Explorer Version 8.0.6001.18372 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Users\sandra\AppData\Local\temp\Temp1_USB_Driver_3.4.6_patch_ for HG.zip
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip
C:\Users\sandra\AppData\Local\temp\Temp1_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\custom.txt
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\DRIVER USB EMULATION SERIE_US.2.pdf
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\MDINS.TI.USBCDCWin2kXP.pdf
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\PhSerUsb.sys
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\PhSerUsbMdm.inf
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\PhSerUsbPort.inf
C:\Users\sandra\AppData\Local\temp\Temp2_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\TI-CDC-w2k.inf
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\custom.txt
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\DRIVER USB EMULATION SERIE_US.2.pdf
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\MDINS.TI.USBCDCWin2kXP.pdf
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\PhSerUsb.sys
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\PhSerUsbMdm.inf
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\PhSerUsbPort.inf
C:\Users\sandra\AppData\Local\temp\Temp3_USB_Driver_3.4.6_patch_ for HG.zip\USB_Driver_3.4.6_patch_ for HG\TI-CDC-w2k.inf
C:\Users\sandra\AppData\Roaming\uTorrent\NUAccTXm_3538_Grand_Theft_Auto_Chinatown_Wars_EUR (WIFI WORKING PATCHED BY xxJayx).nds.torrent
.
===================================
.
7117 Octet(s) - C:\Ad-Report-CLEAN.log
7330 Octet(s) - C:\Ad-Report-SCAN.log
.
0 Fichier(s) - C:\Windows\system32\config\SYSTEM~1\AppData\Local\Temp
3 Fichier(s) - C:\Windows\Temp
.
34 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
28 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 21:54:07 | 26/06/2009
.
============== E.O.F ==============
.
0
Réponse 9 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Hello,

On change de stratégie:

*Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

*Télécharge OTM (OldTimer) sur ton Bureau :

*Double-clique sur OTM.exe afin de le lancer.

* Copie (Ctrl+C) le texte en gras ci-dessous :



:processes
explorer.exe

:reg

HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\SearchSettings.BHO
HKCR\SearchSettings.BHO.1
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64­F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-3972369­6E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C­89C56013A}
HKLM\Software\Classes\SearchSettings.BHO
HKLM\Software\Classes\SearchSettings.BHO.1
HKLM\Software\Classes\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF­2BD778F}
HKLM\Software\Dealio
HKLM\Software\EoRezo
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}­
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\FBr­owsingAdvisor_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Its­TV_is1
HKLM\Software\Search Settings
HKLM\Software\Titan Poker
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\au
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSe­ttings
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FBr­owsingAdvisor_is1
HKCR\CLSID\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKLM\Software\Classes\CLSID\{6A87B991-A31F-4130-AE72-6D0C294­BF082}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}
HKCR\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C549­84B2C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Brow­ser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C549­84B2C}

:commands
[purity]
[emptytemp]
[reboot]


*Colle (Ctrl+V) le texte précédemment copié dans le cadre "Paste Instructions for Items to be Moved".

*Clique maintenant sur le bouton "MoveIt"! puis ferme OTMoveIt3.

*Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

*Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 10 / 14
poupi
 
bonjour!!

alors j'ai fait comme tu m'as dit j'ai bien desactive antivir et j'ai lance otm la mon bureau a disparu et ca marque que otm ne reponds pas est ce que c'est normal ??
merci a toi
0
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
As tu réessayé une seconde fois?

Je reviens demain...

@+
0
Réponse 11 / 14
poupi
 
coucou j'ai ressaye j'attend en cas ou car l ordi reflechi je le le laisse une heure si ca donne rien je te dirais ca bonne soiree a plus
0
Réponse 12 / 14
poupi
 
coucou
j'ai essaye trois fois il plante des le debut avec a droite le message suivant:

all process killed
=========processes===========
no active process named explorer.exe

was found

=====registry===========
du coup j'ai telecharge internet explorer
je sais pas si j'ai bien fait
0
Réponse 13 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Hi,

Double-clique sur RSIT.exe afin de lancer le programme et poste moi le rapport Log.txt.
0
Réponse 14 / 14
Trying2 Messages postés 7751 Date d'inscription   Statut Contributeur sécurité Dernière intervention   234
 
Hello,

Tu es toujours dans le coin?

Je me suis planté dans ce que je t'ai fait faire avec OTM.

Si tu repasses, je te referai ça proprement.
:)
0

Discussions similaires

Dimensions L x l x H : comment lire ces infos ?
Miss-Curieuse -
valou -

8 réponses
Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
FOTOSE (allemagne)
lix -
Yves -

13 réponses
Arnaque installation Avast Premium security
Eldanield -
bazfile -

9 réponses
arnaque de avast prelevement sans autorisation
petit -
Petittoune -

15 réponses