Sujet Précédent Sujet Suivant

JS:FakeAV-AH [Trj]

Résolu
Tomasy94 -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
je voudrais savoir si quelqu'un pourrait m'aider pour supprimer le virus: JS:FakeAV-AH [Trj] de mon ordinateur.
je ne parviens pas a le mettre en quarantaine ou a le supprimer.
De plus j'ai essayé d'installer le logiciel "Malwarebytes" voici le message d'erreur que j'ai eu : "Run time error '0'
Pouvez vous m'aider par avance merci

34 réponses

  • 1
  • 2
Réponse 1 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonsoir,

▶ Télécharge Random's System Information Tool (RSIT).

▶ Un tutoriel sera à ta disposition sur mon site web pour l'installer et l'utiliser correctement.

▶ Double clique sur RSIT.exe pour lancer l'outil.

▶ Clique sur 'Continue' à l'écran Disclaimer.

▶ Si l'outil Hijackthis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.

▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports.

( C:\RSIT\log.txt et C:\RSIT\info.txt )

CTRL A pour sélectionner tout, CTRL C pour copier et puis CTRL V pour coller

Comment héberger les rapports trop longs de RSIT ??
0
Réponse 2 / 34
Tomasy94
 
1er rapport log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michel Durca at 2009-08-11 18:02:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 22 GB (46%) free of 47 GB
Total RAM: 511 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:54, on 11/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\sySTEM32\SvchoSt.ExE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\freddy57.exe
C:\windows\mstre20.exe
C:\windows\pp10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\websrvx\websrvx.exe
C:\Documents and Settings\Michel Durca\Local Settings\Temporary Internet Files\Content.IE5\71OWBIMQ\RSIT[1].exe
C:\Program Files\trend micro\Michel Durca.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy57.exe
O4 - HKLM\..\Run: [Sysmstray] C:\windows\mstre20.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinRoll\winroll.exe"
O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
O4 - HKCU\..\Run: [MMAgent] C:\Program Files\Mobile Master\MMAgent.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Michel Durca\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: websrvx - Unknown owner - C:\Program Files\websrvx\websrvx.exe
0
Réponse 3 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonjour,

oula !! Ton PC est très infecté... Il va y avoir du boulot !

Commence par faire ceci stp :

Tu as plusieurs toolbars infectée installée sur ton PC => Search Setting et Dealio

Lorsque tu télécharges des logiciels, il faut faire attention de ne pas installer les toolbars qu'ils te proposent lors de l'installation des logiciels... Il faut bien regarder et ne pas cliquer tout le temps sur Suivant sans lire ce qu'il est écrit...

▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

▶ Lance l'installation du programme en exécutant le fichier téléchargé.

Sous XP : Double-clique sur le raccourci de Toolbar-S&D.

Sous Vista : Fais un clic droit sur ToolbarSD et sélectionne "Exécuter en tant qu'administrateur".

▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

▶ Poste le rapport généré. (C:\TB.txt)
0
Réponse 4 / 34
Tomasy94
 
Bonjour,
J'ai bien vu, même si je n'y connais pas grand chose, quand je vous ai posté les rapports qu'il avait l'air d'avoir pas mal de chose infecté.
Ci-joint le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.00
USER : Michel Durca ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090810-0] 4.8.1335 (Activated)
C:\ (Local Disk) - FAT32 - Total:46 Go (Free:20 Go)
D:\ (Local Disk) - FAT32 - Total:9 Go (Free:7 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 11/08/2009|21:34 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4768_7792_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_16392_16604_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_16392_6008_6.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_20428_9192_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_10896_11860_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_16392_13608_13.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_15444_13768_21.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_15444_4208_6.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6256_20172_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6256_7788_6.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\Program Files\Dealio
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\WINDOWS\Prefetch\DEALIOAU.EXE-32C4A05D.pf
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
C:\DOCUME~1\MICHEL~1\Cookies\michel_durca@dealio[1].txt
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127\temp\ws-14465.log
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127\temp\ws-14466.log
C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127\temp\ws-14467.log
C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings
C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings\kb127\temp\ws-14430.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\temp
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\DOCUME~1\MICHEL~1\Cookies\michel_durca@try.starware[2].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

--------------------\\ Recherche d'autres infections

--------------------\\ KoobFace !

C:\WINDOWS\mmsmark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen
C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen\!!! A LIRE AVANT TOUT !!!.txt
C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen\Adobe Photoshop CS2.exe
C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe

1 - "C:\ToolBar SD\TB_1.txt" - 11/08/2009|21:27 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 11/08/2009|21:35 - Option : [1]

-----------\\ Fin du rapport a 21:35:06,86

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.00
USER : Michel Durca ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090810-0] 4.8.1335 (Activated)
C:\ (Local Disk) - FAT32 - Total:46 Go (Free:20 Go)
D:\ (Local Disk) - FAT32 - Total:9 Go (Free:7 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 11/08/2009|21:34 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_4768_7792_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_16392_16604_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_16392_6008_6.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_20428_9192_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_10896_11860_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_16392_13608_13.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_15444_13768_21.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_15444_4208_6.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6256_20172_3.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_6256_7788_6.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\D
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Oui tu en vois déjà un aperçu dans le rapport de ToolbarSD ;-)

maintenant fais ceci stp :

▶ Relance Toolbar-S&D.

▶ Tape sur "2" puis valide en appuyant sur "Entrée".

/!\ Ne ferme pas la fenêtre lors de la suppression /!\

▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Ce qu'il faut savoir sur les toolbars (barres d'outils)
0
Réponse 6 / 34
Tomasy94
 
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1600MHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.00.00
USER : Michel Durca ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090810-0] 4.8.1335 (Activated)
C:\ (Local Disk) - FAT32 - Total:46 Go (Free:21 Go)
D:\ (Local Disk) - FAT32 - Total:9 Go (Free:7 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 11/08/2009|22:25 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio\kb127
Supprime! - C:\DOCUME~1\AUDREY\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\WINDOWS\Prefetch\DEALIOAU.EXE-32C4A05D.pf
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\MICHEL~1\Cookies\michel_durca@dealio[1].txt
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-253CB611.pf
Supprime! - C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings\kb127
Supprime! - C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\MICHEL~1\Cookies\michel_durca@try.starware[2].txt
Supprime! - C:\DOCUME~1\MICHEL~1\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\AUDREY\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\MICHEL~1\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\AUDREY\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ KoobFace !

C:\WINDOWS\mmsmark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen
C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen\!!! A LIRE AVANT TOUT !!!.txt
C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen\Adobe Photoshop CS2.exe
C:\DOCUME~1\MICHEL~1\Mes documents\les logiciels et drivers deja install‚- c les installeurs\Adobe.Photoshop.CS2\Crack et Keygen\Crack Activation Photoshop CS2 Fr.exe

1 - "C:\ToolBar SD\TB_1.txt" - 11/08/2009|21:27 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 11/08/2009|21:35 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 11/08/2009|22:27 - Option : [2]

-----------\\ Fin du rapport a 22:27:58,36
0
Réponse 7 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok... Nous allons maintenant nous occuper du virus KoobFace.

Tu as du attraper cette infection dans un commentaire sur MySpace ou FaceBook en cliquant sur un lien te demandant de télécharger une vidéo... Fais attention de ne pas faire la même erreur..

▶ Télécharge Hijackthis

▶ Installe-le dans tes programmes (par défaut)

▶ Lance Hijackthis en cliquant sur scan only et coches ces lignes stp :

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [sysfbtray] C:\windows\freddy57.exe
O4 - HKLM\..\Run: [Sysmstray] C:\windows\mstre20.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe

▶ puis tu cliques sur fix checked.

ensuite :

Il faut maintenant désactiver le proxy ajouté par l'infection... fais ceci :

Sur Firefox, Menu Editions / Préférences puis onglet Avancés.
▶ Cliquez sur Réseau et Paramètres.
▶ Choisissez "Ne pas mettre de Proxy".
▶ Sur Internet Explorer, c'est le menu Outils / Options Internet.
▶ Onglet Connexions puis en bas, vous pouvez désactiver le proxy.

Ensuite redémarre ton PC puis fais ceci stp :

▶ Télécharge Combofix de sUBs

▶ et enregistre le sur le Bureau.

▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Je te conseille d'installer la console de récupération !!

ensuite envois le rapport et refais un nouveau rapport RSIT stp
0
Réponse 8 / 34
Tomasy94
 
ComboFix 09-08-10.06 - Michel Durca 11/08/2009 23:45.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.285 [GMT 2:00]
Running from: c:\documents and settings\Michel Durca\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090811-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BrowserCtl
c:\program files\BrowserCtl\BrowserCtl.dll
c:\program files\BrowserCtl\BrowserCtl.sys
c:\program files\websrvx
c:\program files\websrvx\websrvx.exe
c:\windows\934fdfg34fgjf23
c:\windows\freddy57.exe
c:\windows\ld12.exe
c:\windows\mstre20.exe
c:\windows\pp10.exe
c:\windows\pp11.exe
c:\windows\system32\UpMedia
c:\windows\th823567.dat
D:\AUTORUN.INF

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Legacy_NPF
-------\Service_browserctl
-------\Service_browserctldrv
-------\Service_NPF
-------\Service_SfX
-------\Legacy_websrvx
-------\Service_websrvx

((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 19:25 . 2009-08-11 19:25 -------- d-----w- C:\ToolBar SD
2009-08-11 16:02 . 2009-08-11 16:02 -------- d-----w- c:\program files\trend micro
2009-08-11 16:02 . 2009-08-11 16:02 -------- d-----w- C:\rsit
2009-08-09 22:59 . 2009-08-09 22:59 1 ----a-w- c:\windows\ectbbyn.dat
2009-08-09 22:59 . 2009-08-11 16:04 4505 ----a-w- c:\windows\th1234.dat
2009-08-09 22:55 . 2009-08-09 22:55 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-09 22:54 . 2009-08-09 22:54 247 ----a-w- c:\windows\prxid93ps.dat
2009-08-06 15:52 . 2009-08-06 15:52 -------- d-----w- c:\program files\Western Digital

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 21:58 . 2008-05-29 17:46 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-29 10:53 . 2007-01-25 10:22 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

------- Sigcheck -------

[-] 2008-04-14 02:33 579584 F6E2A8A9B6EEBA739F03EF4068DB0330 c:\windows\system32\user32.dll
[7] 2008-04-14 02:33 579584 E853F84D3CE2FAA2A802E33CF89AC023 c:\windows\FlyakiteOSX\Backup\user32.dll
[7] 2004-08-19 22:09 578048 61C8C283AD063BB697AE61A155C64A5A c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 17:10 578048 0DF75FB73F705B011630159A43D7C354 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 17:20 578048 C34920EB988CE98910BD6B0417F334EB c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:50 579072 4D88AAF39ADABFE45958EA1384E2C4FF c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2003-04-24 10:00 561152 0ABF2F5280940D32D1D52BD3500B0C37 c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2007-03-08 15:37 578560 2ED0A71B1A374BAF75D2301637307278 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 02:33 579584 F6E2A8A9B6EEBA739F03EF4068DB0330 c:\windows\ServicePackFiles\i386\user32.dll
[-] 2005-03-02 17:10 578048 03E9E9F6876ADE0159E671AD4CBA6D68 c:\windows\$NtUninstallKB925902$\user32.dll

[-] 2008-08-26 08:11 803840 5E53F1AC6DAC5E104698B61694887411 c:\windows\system32\wininet.dll
[-] 2008-08-26 08:11 803840 5E53F1AC6DAC5E104698B61694887411 c:\windows\system32\dllcache\wininet.dll
[7] 2008-08-26 08:11 826368 E30CACD98479B36A3DBFA3267BF62DD0 c:\windows\FlyakiteOSX\Backup\wininet.dll
[-] 2006-10-23 14:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\ie7\wininet.dll
[-] 2006-10-23 14:34 668672 EFA0C2870CBA1747809A13E09F35BF82 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[7] 2007-04-25 08:26 823808 47DDAD237F60729DEA2B9E0E2382B58F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[7] 2007-06-27 14:14 824320 7201D19B81883B57D5FFE8EBB5A83E8B c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[7] 2007-08-20 09:49 825344 2DD1B0F579C80562EDCB8848FF7EA9F6 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[7] 2007-10-10 22:22 825344 871AE10D6AE8877E9636AE5017953D52 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 00:42 825344 F4FD487241D3AC291046A22CEBD2CF71 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[7] 2008-03-01 12:34 827392 5A0093F59B505C008ED0CEE615563C72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[7] 2008-04-23 07:19 827392 78D3D2B0BE6AD3E6D82CCB115CF74310 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[7] 2008-06-23 15:40 827904 52589BAE67DD9859724287372668690B c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[7] 2008-08-26 09:10 827904 4B0E70D44297877A313045BD059770E1 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2006-11-07 19:03 796160 444B6B28BA4C8F045BD205451120400D c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 07:27 800256 BF09F05D7C62B4DFE372A58FBC015142 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 07:40 800256 D354BF8F239C77F0385C41FE0EEBE5A5 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 13:24 801280 C011B0756CC0B2CD2C7715E1D4033CB1 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 09:59 802304 10A9B4F341929BD042D2A0BE1D2A711A c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 22:49 802304 529F90C9730CEB2C60FDC9BBDFF6A667 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 01:08 802304 3807ACEFB98FEB3665CDF8AF6D245391 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 12:58 803840 DF8F216E2391409F01817B38CA16BA3B c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 803840 8B4159AC94CF3CE4CB84050E99E31ABA c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:28 803840 D3D56D9D3FC6AC98854BDA01062C4CBC c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2004-08-19 22:09 681472 83BCF1D077E8E7F9F293075506962854 c:\windows\$NtUninstallKB925454_0$\wininet.dll
[-] 2006-10-23 14:18 663040 6091FEE2B68974683D52119A98BE3564 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2003-04-24 10:00 603136 CBC50D46257C4A75644230507B488050 c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
[-] 2008-08-26 08:11 803840 5E53F1AC6DAC5E104698B61694887411 c:\windows\ServicePackFiles\i386\wininet.dll

[-] 2008-10-16 22:28 2026368 4067400AE3131E35D7348F102DD0E84D c:\windows\system32\ntkrnlpa.exe
[-] 2008-08-14 13:23 2026368 3C7BFAF5178BE7595EB510B0B6AEE8CC c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2008-08-14 13:23 2068096 8DA71F1900721E1E4FCB5B02D55FB771 c:\windows\FlyakiteOSX\Backup\ntkrnlpa.exe
[7] 2004-08-19 22:04 2058880 F252FAE094C54572ECE38A039F2103C4 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2006-12-19 18:22 2059648 06015D137B02542F07D5CD7B144DF942 c:\windows\SoftwareDistribution\Download\c362c2879f9dde1f49c21e13f2c9fced\sp2gdr\ntkrnlpa.exe
[-] 2006-12-19 18:45 2061440 8B039EFBE4C9AA23F152FFA0E238B8FA c:\windows\SoftwareDistribution\Download\c362c2879f9dde1f49c21e13f2c9fced\sp2qfe\ntkrnlpa.exe
[-] 2005-03-02 17:07 2058880 73FA9C95D235844A36968C7852C7DBDD c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe
[-] 2005-03-02 17:13 2059008 5311776074B6C13F983DC75BAEAC9C0C c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 16:08 2061440 7A56A64EB50399613587E90292DD2AAB c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 17:26 2068096 755B50949D0DBC0F0136B0DB58765331 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2003-04-24 10:00 1951488 4560381FA3425B16F5DF1A0DE4814DE7 c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe
[-] 2004-10-28 00:27 1959424 939A0369E78BFB0BD342302E86390A09 c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe
[-] 2007-06-20 18:08 2017920 537434DDEE4364A6B6ED41EE4E1159F1 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[-] 2008-08-14 13:23 2026368 3C7BFAF5178BE7595EB510B0B6AEE8CC c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2007-01-09 22:24 2017152 3D04CD64E7176EF0A3DBCD3F3C1CFB23 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2008-10-08 21:48 2026240 68133B0A011F19823E3C55FA230F7CFA c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe

[-] 2008-10-16 22:28 2149504 C75A4CD686846B6741200ABD8B2F3AD3 c:\windows\system32\ntoskrnl.exe
[-] 2008-08-14 13:23 2149504 1C98501AB47C4242D95EF50EB5ECECE0 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2008-08-14 13:23 2191232 C8D4D5974F9671DA0A37175650912960 c:\windows\FlyakiteOSX\Backup\ntoskrnl.exe
[7] 2004-08-19 22:04 2183040 7D38CE4398E6AA6339B4644FEADCC0D8 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2006-12-19 18:22 2182400 D27929DB7B7F92F9D0F8EC9BA01C601C c:\windows\SoftwareDistribution\Download\c362c2879f9dde1f49c21e13f2c9fced\sp2gdr\ntoskrnl.exe
[-] 2006-12-19 18:45 2184064 1F3FA2065E6E043A1D82A487B5DA309C c:\windows\SoftwareDistribution\Download\c362c2879f9dde1f49c21e13f2c9fced\sp2qfe\ntoskrnl.exe
[-] 2005-03-02 17:08 2181376 63729DD0F2AAE36CC52B89C05505146C c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe
[-] 2005-03-02 17:13 2181632 3E2A0A4A0C0B19FC113618A9562A3B2A c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 16:08 2184192 8E244108562E0E452EB68DFF64CB08A9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[7] 2008-08-14 17:26 2191232 D79210549BBF09B7638E860440504299 c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2003-04-24 10:00 2045824 F58B3CE36566D6061A496DC595A8AAA3 c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe
[-] 2004-10-28 00:27 2092032 A8A188AC824AAC564048C3A61A94AB9C c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe
[-] 2007-06-20 18:08 2140672 2391557BBDABDAFCC6BCC2C053F44AB0 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[-] 2008-08-14 13:23 2149504 1C98501AB47C4242D95EF50EB5ECECE0 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2007-01-09 22:24 2139648 0F2F92C0A30E5ADAD026B89FCEB1630C c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2008-10-08 21:48 2149376 C4F86FE6793EC350B454F060AAF91317 c:\windows\$NtUninstallKB956841$\ntoskrnl.exe

[-] 2008-04-14 02:34 1370624 78588F2C1FE8030E9535E6467F803316 c:\windows\explorer.exe
[7] 2008-04-14 02:34 1037824 F2317622D29F9FF0F88AEECD5F60F0DD c:\windows\FlyakiteOSX\Backup\explorer.exe
[-] 2007-06-13 13:10 1037312 B795475444D6D57A572C14B9E1A29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 13:22 1370112 156EF4C52B6F6BDA067945215EEA7A5C c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 02:34 1370624 78588F2C1FE8030E9535E6467F803316 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-19 22:09 1369088 ADB1AB54545E7F141078A0D44C0476A5 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-08-27 09:11 3503616 5084C999378DB4F2639D6077AE103838 c:\windows\system32\mshtml.dll
[-] 2008-08-27 09:11 3503616 5084C999378DB4F2639D6077AE103838 c:\windows\system32\dllcache\mshtml.dll
[7] 2008-08-27 09:11 3593216 3CCDB836BBAB800FDED3181AF7EED38F c:\windows\FlyakiteOSX\Backup\mshtml.dll
[-] 2006-10-23 14:34 3082240 EE542871960ACFD459F4113B1BCC6C10 c:\windows\ie7\mshtml.dll
[-] 2006-10-23 14:34 3082240 EE542871960ACFD459F4113B1BCC6C10 c:\windows\$hf_mig$\KB925454\SP2QFE\mshtml.dll
[7] 2007-05-08 09:04 3584000 B672A6772187AE5E63762A1B4EAAF2CA c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[7] 2007-07-18 20:58 3584000 CD3ED432FE932AFBB9AC55A57ADFE0D0 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[7] 2007-08-20 09:49 3592192 D9481E937D5BE0B2D5DBCD87745E925A c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[7] 2007-10-30 22:40 3593216 EB4E53C96D5FB4A9A3F1EAEB782D8862 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[7] 2007-12-07 00:42 3593216 906D0EC58033A9475BF8C7F885B7ED45 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[7] 2008-03-01 12:34 3593216 B22EC9AE82E19818077E286FF1B82B72 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[7] 2008-04-23 07:19 3593728 EBF0440323874DDF97EF0CEC2D6DC9F4 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[7] 2008-06-23 15:40 3594240 A01EF08ACFF24D6E4987804BFD306AA4 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[7] 2008-08-26 09:10 3594752 0F345A2FE55C3DC9693AAAF2E983F4AD c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2006-11-07 19:03 3488256 04A5722EAB300D2511C0E87A9E224EB6 c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2007-01-12 07:27 3490816 821E4A254466A69A5DE2F74C0334F7C5 c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-05-08 08:59 3493888 B6F68FFCEFEEB4AD5074A33B678A2550 c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-07-19 06:58 3493888 BD6E8B288C5FE130CFC387FB7D54D837 c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-08-20 09:59 3494912 D5FDB1F71056D636AAE2904B9A16B485 c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-30 22:23 3501056 1A182DF631CAAF190D922E6D6B6557C2 c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-12-08 04:08 3502592 3DEEE6FA21EEC5C79301A50838AC7990 c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2008-03-01 16:28 3502080 6F44C2BD3C94CEDA8D87299D02FE5A24 c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-23 20:16 3502080 85773D342513FAE821020573EEB7B54B c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-06-24 08:28 3502592 AD85B87CC3948097AD06BC4CBB649721 c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2004-08-19 22:09 3081728 B1C6AA6C162542060840FA708F7CF550 c:\windows\$NtUninstallKB925454_0$\mshtml.dll
[-] 2006-10-23 14:18 3076096 B481993BE34E673801E10F943BCEAF14 c:\windows\$NtUninstallKB925454$\mshtml.dll
[-] 2003-04-24 10:00 2833920 195ECED9CA2D18CCEB5C383220D8ED44 c:\windows\$NtUninstallKB918899-IE6SP1-20060725.123917$\mshtml.dll
[-] 2008-08-27 09:11 3503616 5084C999378DB4F2639D6077AE103838 c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2008-04-14 02:33 889344 E5B8EA3C4CFCC64F3950AE69B7B3F9DB c:\windows\system32\comres.dll
[7] 2008-04-14 02:33 851968 F4B7146C7EED6C4E158DCD9B5266C25A c:\windows\FlyakiteOSX\Backup\comres.dll
[-] 2004-08-19 22:09 889344 B1CB22FEF6BAD3ABDA22F24953686437 c:\windows\$NtServicePackUninstall$\comres.dll
[-] 2008-04-14 02:33 889344 E5B8EA3C4CFCC64F3950AE69B7B3F9DB c:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-14 02:33 735744 C437C01DF9EBD0DA34B8A341BFE91D31 c:\windows\system32\comctl32.dll
[-] 2003-04-24 10:00 919552 3DB20630FBA2A7B03CA25105B0149129 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2003-04-24 10:00 920064 31DD2F414CBD3B9D416C0EB7FFB138B2 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[-] 2005-08-31 16:50 925184 7BCD276EEE605DF05B160DBD265DEB05 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll
[-] 2006-03-17 04:04 925184 83F339913E0DC8CC16566D48C8310B13 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll
[-] 2006-07-13 12:52 925184 6E1F6582179FB6C0531599DD03EF380A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1873_x-ww_7d39bb85\comctl32.dll
[-] 2006-08-25 14:54 925184 9724ECD4529AF317DD5BD6194EB6428C c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1891_x-ww_7d3bbc01\comctl32.dll
[-] 2004-08-19 22:07 1048576 0D49E245BF1D4D65DBD8322FC384A745 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[7] 2008-04-14 02:30 1054208 F92E6BEA9349D49341383F8403B4DFE5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[7] 2008-04-14 02:33 617472 B4AA331468315B6A174C3F0D5B3BC135 c:\windows\FlyakiteOSX\Backup\comctl32.dll
[-] 2006-08-25 14:51 617472 5BBCD65CFD7610F36BCA96B72BBAED4B c:\windows\$hf_mig$\KB923191\SP2QFE\comctl32.dll
[7] 2004-08-19 22:09 611328 7D3AA1F0E765054CB5F30114F2DB6888 c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2003-04-24 10:00 557056 676445DF1322A8DC49E99D2D3688D230 c:\windows\$NtUninstallKB923191_0$\comctl32.dll
[-] 2006-08-25 14:51 735744 11103FEF67791F40FB7B92E66687013F c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2008-04-14 02:33 735744 C437C01DF9EBD0DA34B8A341BFE91D31 c:\windows\ServicePackFiles\i386\comctl32.dll

c:\windows\system32\appmgmts.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinRoll"="c:\program files\WinRoll\winroll.exe" [2006-01-01 15872]
"Alt+Q Hotkey Tool"="c:\windows\Alt+Q Hotkey.exe" [2005-12-18 27648]
"RK Launcher"="c:\program files\RK Launcher\RKLauncher.exe" [2005-10-19 393216]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-29 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-29 618496]
"PCMService"="c:\program files\Aspire Arcade\PCMService.exe" [2003-09-29 73728]
"ShowIcon_Chander_CRW Series Driver v1.17r019"="c:\program files\CRW\shwicon.exe" [2003-01-08 73728]
"System Files Updater"="c:\windows\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 118485]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"MDDiskProtect.exe"="c:\program files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-10-19 106496]
"MediafourGettingStartedWithMacDrive6"="c:\program files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 86016]
"Mediafour Mac Volume Notifications"="c:\program files\Fichiers communs\Mediafour\MACVNTFY.EXE" [2002-12-17 61440]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"ScanSoft OmniPage SE 4.0-reminder"="c:\program files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2006-09-26 1414696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2003-09-12 28672]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-07-12 54784]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-08-29 88267]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Michel Durca\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Michel Durca\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\Michel Durca\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-1-11 1044480]

c:\documents and settings\Michel Durca\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility]
2003-11-07 15:24 61440 ----a-r- c:\program files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\System32\\FXSCLNT.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Hercules\\Classic Link\\Station2.exe"=
"c:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:browserctl
"53:TCP"= 53:TCP:websrvx

R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [18/10/2004 17:17 44512]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/05/2008 11:05 114768]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [27/09/2004 17:56 277272]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/05/2008 11:05 20560]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/09/2008 21:02 98432]
S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\DRIVERS\k600bus.sys --> c:\windows\system32\DRIVERS\k600bus.sys [?]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\DRIVERS\k600mdfl.sys --> c:\windows\system32\DRIVERS\k600mdfl.sys [?]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\DRIVERS\k600mdm.sys --> c:\windows\system32\DRIVERS\k600mdm.sys [?]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\k600mgmt.sys --> c:\windows\system32\DRIVERS\k600mgmt.sys [?]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\k600obex.sys --> c:\windows\system32\DRIVERS\k600obex.sys [?]
S3 PAC7302;Hercules Classic Link;c:\windows\system32\drivers\PAC7302.SYS [29/09/2008 21:02 457984]
.
Contents of the 'Scheduled Tasks' folder

2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 15:13]
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
HKCU-Run-MMAgent - c:\program files\Mobile Master\MMAgent.exe
HKLM-Run-PKR Pal - c:\program files\PKR\pkrpal.exe
HKLM-Run-POEngine - (no file)

.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Michel Durca\Application Data\Mozilla\Firefox\Profiles\9qhou2e7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 00:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\program files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll

- - - - - - - > 'explorer.exe'(2604)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\System32\cscui.dll
c:\program files\Fichiers communs\Mediafour\MACVICON.DLL
c:\program files\WinRoll\winroll.dll
c:\windows\system32\credui.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
c:\windows\SYSTEM32\WBEM\WMIAPSRV.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-08-11 0:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-11 22:06

Pre-Run: 22 482 911 232 octets libres
Post-Run: 23 554 621 440 octets libres

340 --- E O F --- 2008-11-12 22:03
0
Réponse 9 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok maintenant pour vérifier tu peux faire ceci stp :

▶ télécharge smitfraudfix et enregistre le sur le bureau

Sous XP : Double clique sur smitfraudfix puis exécuter

sous vista : Clic-droit sur SmitfraudFix présent sur le bureau et choisis "Exécuter en tant qu'administrateur"

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.

Voici un tutoriel sonore et animé en cas de problème d'utilisation

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)
0
Réponse 10 / 34
Tomasy94
 
SmitFraudFix v2.423

Rapport fait à 0:32:10,29, 12/08/2009
Executé à partir de C:\Documents and Settings\Michel Durca\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinRoll\winroll.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel Durca

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel Durca\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\MICHEL~1\FAVORIS

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: Intel(R) PRO/Wireless LAN 2100 3B Mini PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{27D2AD19-C254-4356-8128-02CDE688CF81}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{86B63E55-6EFC-404C-B0C7-A7C6A426B607}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{27D2AD19-C254-4356-8128-02CDE688CF81}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{86B63E55-6EFC-404C-B0C7-A7C6A426B607}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{86B63E55-6EFC-404C-B0C7-A7C6A426B607}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{27D2AD19-C254-4356-8128-02CDE688CF81}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{86B63E55-6EFC-404C-B0C7-A7C6A426B607}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 11 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Ok...

▶ Telecharge UsbFix de C_XX & Chiquitine29

▶ tutoriel d'installation

▶ tutoriel recherche

▶ Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

▶ Double clic sur le raccourci UsbFix sur ton bureau

▶ Choisi l'option 1 (recherche)

▶ Laisse travailler l'outil

▶ Ensuite post le rapport UsbFix.txt qui apparaîtra

* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

* Note : "SniffC.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 12 / 34
Tomasy94
 
Bonjour,
J'ai un petit problème après avoir lancer l'application UsbFix.
J'ai choisi l'option 1 et pendant la recherche le scan s'est arrêté à 90% d'un seul coup sur C\document and setting\Michel Durca _^>Cracks/Keygens/Serials..... et après la recherche s'est arrêté
0
Réponse 13 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonsoir,

vas voir dans ton disque C:

Tu dois normalement avoir un fichier nommé UsbFix.txt
0
Réponse 14 / 34
Tomasy94
 
############################## | UsbFix V6.016 |

User : Michel Durca (Administrateurs) # ACER-N1S7Z4Q82H
Update on 11/08/09 by Chiquitine29 & C_XX
Start at: 11:49:03 | 12/08/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) M processor 1600MHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : avast! antivirus 4.8.1335 [VPS 090811-0] 4.8.1335 [ Enabled | Updated ]

C:\ -> Disque fixe local # 46,01 Go (21,84 Go free) [ACER] # FAT32
D:\ -> Disque fixe local # 9,76 Go (7,24 Go free) [ACERDATA] # FAT32
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Aspire Arcade\PCMService.exe
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WinRoll\winroll.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

################## | Suspect ! ... | https://www.virustotal.com/gui/ |

C:\DOTNETFX\DOTNETFX.EXE
D:\DOTNETFX\DOTNETFX.EXE

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

################## | Cracks / Keygens / Serials |
0
Réponse 15 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Vas analyser ce fichier sur Virus Total comme écrit en bas du rapport :

C:\DOTNETFX\DOTNETFX.EXE

ensuite poste le rapport de Virus Total stp
0
Réponse 16 / 34
Tomasy94
 
Je n'ai pas le DOTNETFX.EXE sur C\
0
Réponse 17 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonsoir,

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition pour l'installer et l'utiliser correctement.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum

* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC...
Faites le en cliquant sur "oui" à la question posée
0
Tomasy94
 
Bonjour,
Le logiciel malwarebyte s'est mal intallé sur mon ordi je comprends pas pourquoi.
Voici le message à la fin de l'installation :
- Run-time error '0'
- Run-time error '440'
Automation error
0
Réponse 18 / 34
Noni
 
JS Fake AV Agent
http://www.darfuns.com/remove-js-downloader-agent-trojan/
0
Réponse 19 / 34
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Bonjour,

Télécharge ceci et enregistre-le sur ton bureau : http://www.malwarebytes.org/~marcin/mbam.exe

Ensuite vas dans le dossier Malwarebytes se trouvant dans tes programmes et remplace le fichier nommé MBAM.exe par celui que tu viens de télécharger...

Ce qu'il faut faire :

- Supprimer le fichier MBAM.exe du dossier Malwarebytes

- faire un copié/collé du fichier que tu viens de télécharger dans le dossier Malwarebytes.

Ensuite essaye de le lancer
0
Réponse 20 / 34
Tomasy94
 
ça fonctionne pas j'ai toujours le même message
0

Discussions similaires

Javascript Arrondi à 2 chiffres après la virgule
jeremy -
gravityaerox -

12 réponses
'JS/Agent.TS' Qu'est ce que c'est ?
TheFastBoost -
TheFastBoost -

17 réponses
javascript arrondi après la virgule
cap -
Thomas -

4 réponses
Arrondir nombre Math.round
ohklik -
Sugel -

1 réponse
code couleur associé a une image
magic charly -
pandora -

9 réponses