Sujet Précédent Sujet Suivant

Pb virus Rogue.Eorezo

Lilas -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,

Pouvez-vous me renseigner sur la présence de ce que je crois être un virus. J'ai le logiciel Malware Byte's Antimalware et depuis plusieurs semaines il y a toujours le même virus qui ressort : Rogue.Eorezo. On me dit de redémarrer l'ordinateur pour le supprimer mais il revient à chaque fois.

Et en utilisant Spybot, j'ai le même phénomène il trouve toujours 2 virus : My Way.MyWebSearch et Right Média. Après redémarage c'est pareil ils reviennent toujours.

Si vous pouvez m'aider je vous en remercie et pour compléter ma question je joins le rapport de Malware Byte's Antimalware et à la suite un hijackthis.

Merci de ce que vous pourrez faire car je ne suis pas trés expérimentée.

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1554
Windows 5.1.2600 Service Pack 3

27/12/2008 13:29:58
mbam-log-2008-12-27 (13-29-58).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 147887
Temps écoulé: 39 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

Voilà le Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:18, on 27/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrateur\Mes documents\mes logiciels\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?e=1226512628215&h=2e72c3ba2a8116df4b669f998e90e373/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

9 réponses

Réponse 1 / 9
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bonjour,

Tu as une barre d'outil infectée (AskPBar) et un logiciel parasitaire (EoRezo)

On va utiliser des programmes spécialisés pour supprimer ces infections :

1) Pour EoRezo :

Télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-remover située sur ton Bureau
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

2) Pour la barre d'outil :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

0
Lilas
 
Merci pour ton aide :

Pour Eorezo je pense avoir résolu le problème, j'ai trouvé une solution sur le forum en faisant un clic droit dessus + supprimer. J'ai refait une analyse avec Malware byte's antimalware et il n'y avait plus rien.

Ensuite pour la barre d'outil, j'ai fait ce que tu m'as dit, voici donc le rapport. Merci encore.

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081226-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:48 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 27/12/2008|18:00 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskPBar
C:\Program Files\AskPBar\bar
C:\Program Files\AskPBar\SrchAstt
C:\Program Files\AskPBar\bar\1.bin
C:\Program Files\AskPBar\SrchAstt\1.bin
C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
C:\Program Files\AskTBar
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mysearch[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@spamblockerutility[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@h.starware[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@try.starware[1].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 27/12/2008|18:01 - Option : [1]

-----------\\ Fin du rapport a 18:01:43,71
0
Réponse 2 / 9
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Fais quand même le scan avec Ad-Remover, EoRezo laisse des traces un peu partout, il faut les supprimer.

• Relance Toolbar-S&D en double-cliquant sur le raccourci.
• Tape sur "2" puis valide en appuyant sur "Entrée".
• Ne ferme pas la fenêtre lors de la suppression !
• Un rapport sera généré, poste son contenu ici.

0
Réponse 3 / 9
ripou
 
bonjour j ai également le meme soucis j ai donc Télécharger Ad-Remover (de C_XX) dont voici le rapport:

--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------

# START at: 23:27:48 | Sam 27/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MCE2005 | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 33 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho"
"HKEY_CLASSES_ROOT\EoRezoBHO.EoBho.1"
"HKEY_CLASSES_ROOT\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}"
"HKEY_CLASSES_ROOT\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}"
"HKEY_CURRENT_USER\SOFTWARE\EoRezo"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}"
"HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}"
.
[20/03/2008 19:06|d--------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo
[20/03/2008 15:18|--a------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo\cache
[20/03/2008 19:04|d--------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo\eoStats
[20/08/2007 09:55|--a------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo\EOWEAT~1.CFG
[26/06/2007 14:33|--a------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo\host.cyp
[20/03/2008 19:06|--a------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo\user.cyp
[20/03/2008 19:04|--a------] C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\EoRezo\eoStats\eoStats.txt

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

"HKEY_LOCAL_MACHINE\SOFTWARE\ItsLabel"
.

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\7xv582vg.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.20 ~~~~

* Browser Search Default Engine: "Yahoo"
* Browser Search Selected Engine: "Yahoo"

+----------+

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
egui REG_SZ "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.orange.fr

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-27.12.2008.log" (~4760 bytes)

# END at: 23:28:15 | 27/12/2008 - Time elapsed: 26.3 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 98 lines ]
+---------------------------------------------------------------------------+

que dois je faire...?
merci d avance de vos conseil^^
0
Réponse 4 / 9
ripou
 
comme j suis un peu en panique j ai supprimer les eorezo et le it s tv element... ais je bien fai?

voici le rapport apres l opération ( j ai relancer ad-remover):

--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------

# START at: 23:43:20 | Sam 27/12/2008 | Microsoft® Windows XP™ SP2 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: MCE2005 | USER: Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 33 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\slrundll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

.

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

...\7xv582vg.default\prefs.js :

~~~~ Mozilla FireFox version 2.0.0.20 ~~~~

* Browser Search Default Engine: "Yahoo"
* Browser Search Selected Engine: "Yahoo"

+----------+

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
msnmsgr REG_SZ "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
WOOKIT REG_SZ C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
Picasa Media Detector REG_SZ C:\Program Files\Picasa2\PicasaMediaDetector.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
egui REG_SZ "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

+--[HKEY_USERS\.DEFAULT\..\Run]

CTFMON.EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-27.12.2008.log" (~4331 bytes)

- "C:\AD-report-Scan-27.12.2008.log" (~3726 bytes)

# END at: 23:43:42 | 27/12/2008 - Time elapsed: 22.6 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 168 lines ]
+---------------------------------------------------------------------------+

et j ai lancer toolbar dont voici le rapport:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

( : )
USER : Administrateur ( Administrator )

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 27/12/2008|23:45 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\resFF
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\resFF\deal_report.jpg
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\resFF\ebay_login.jpg
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\index.3.67.22
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.109.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.178.66
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.198.56
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.245.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.247.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.279.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.283.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.284.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.289.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.290.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.297.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.315.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.319.49
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.335.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.337.44
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.340.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.360.53
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.386.59
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.388.59
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.391.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.398.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.399.60
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.403.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.404.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.405.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.406.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.407.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.408.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.409.61
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.412.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.413.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.414.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.415.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.416.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.417.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.418.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.419.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.420.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.421.62
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.424.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.427.63
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.432.65
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.49.67
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.51.46
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.52.57
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.53.51
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.54.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.57.43
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\rulesFF\rules.3.58.47
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3820_2256_4.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3820_2752_20.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3820_3328_12.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3956_3988_3.html
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_888_3792_4.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\resFF
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\rulesFF
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\resFF\deal_report.jpg
C:\Program Files\Dealio\kb127\resFF\ebay_login.jpg
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\Program Files\Dealio\kb127\rulesFF\index.3.67.22
C:\Program Files\Dealio\kb127\rulesFF\rules.3.109.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.178.66
C:\Program Files\Dealio\kb127\rulesFF\rules.3.198.56
C:\Program Files\Dealio\kb127\rulesFF\rules.3.245.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.247.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.279.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.283.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.284.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.289.67
C:\Program Files\Dealio\kb127\rulesFF\rules.3.290.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.297.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.315.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.319.49
C:\Program Files\Dealio\kb127\rulesFF\rules.3.335.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.337.44
C:\Program Files\Dealio\kb127\rulesFF\rules.3.340.47
C:\Program Files\Dealio\kb127\rulesFF\rules.3.360.53
C:\Program Files\Dealio\kb127\rulesFF\rules.3.386.59
C:\Program Files\Dealio\kb127\rulesFF\rules.3.388.59
C:\Program Files\Dealio\kb127\rulesFF\rules.3.391.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.398.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.399.60
C:\Program Files\Dealio\kb127\rulesFF\rules.3.403.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.404.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.405.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.406.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.407.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.408.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.409.61
C:\Program Files\Dealio\kb127\rulesFF\rules.3.412.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.413.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.414.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.415.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.416.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.417.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.418.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.419.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.420.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.421.62
C:\Program Files\Dealio\kb127\rulesFF\rules.3.424.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.427.63
C:\Program Files\Dealio\kb127\rulesFF\rules.3.432.65
C:\Program Files\Dealio\kb127\rulesFF\rules.3.49.67
C:\Program Files\Dealio\kb127\rulesFF\rules.3.51.46
C:\Program Files\Dealio\kb127\rulesFF\rules.3.52.57
C:\Program Files\Dealio\kb127\rulesFF\rules.3.53.51
C:\Program Files\Dealio\kb127\rulesFF\rules.3.54.47
C:\Program Files\Dealio\kb127\rulesFF\rules.3.57.43
C:\Program Files\Dealio\kb127\rulesFF\rules.3.58.47
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Dealio
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\CONTENT\dealiotoolbarplugin.xul
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.dtd
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\LOCALE\EN-US\dealio.properties
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealiotoolbarplugin.css
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_large.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_small.png
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_winxp_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_act.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\dealio_win_hot.ico
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\CHROME\SKIN\search_dealio.bmp
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioFF.dll
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\DealioProtocol.js
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealio.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFBHODealioHelperEngine.xpt
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.idl
C:\Program Files\Mozilla Firefox\extensions\toolbar@dealio.com\COMPONENTS\IFDealioHelperPreferences.xpt
C:\DOCUME~1\ADMINI~1.MCE\Cookies\administrateur@mysearch[1].txt
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.js
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT\searchsettingsplugin.xul
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.dtd
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US\searchsettingsplugin.properties
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS\SearchSettingsFF.dll
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Search Settings
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\ADMINI~1.MCE\APPLIC~1\Search Settings\kb127\temp
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
C:\DOCUME~1\ADMINI~1.MCE\Favoris\µTorrent Search.url

-----------\\ Extensions

(Administrateur.MCE2005) - {e4a8a97b-f2ed-450b-b12d-ee082ba24781} => greasemonkey

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src={referrer:source?}"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 27/12/2008|23:46 - Option : [1]

-----------\\ Fin du rapport a 23:46:35,39
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
ripou
 
j comprend rien^^ .. que dois je faire?
please help me
0
Réponse 6 / 9
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bonjour ripou,

Merci d'ouvrir ton propre sujet, sinon on va tout mélanger là...
Juste pour info : EoRezo a été supprimé, mais tu as aussi une barre d'outil infectée, tu vas devoir relancer ToolBar S&D pour la supprimer. Mais fais toi aider en ouvrant un autre sujet, tu as peut-être d'autres infections !

0
lilas
 
Bonjour,

J'ai fait donc ce que tu m'as demandé et voici les deux rapports. Encore merci

--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------

# START at: 18:46:20 | Dim 28/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: PASCALE | USER: HP_Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 58 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------


+-----------------------| Boonty/Boonty Games Elements found :

.

+-----------------------| Eorezo Elements found :

.
[15/10/2008 19:29|d--------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\cmhost.cyp
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\CONFME~1.CYP
[15/10/2008 19:29|d--------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\db
[15/10/2008 19:29|d--------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\EODESK~1
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\host.cyp
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\user.cyp
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\db\cat.cyp
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\EODESK~1\config.xml
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\EODESK~1\EODESK~1.HTM
[15/10/2008 19:29|--a------] C:\DOCUME~1\HP_ADM~1\APPLIC~1\EoRezo\EODESK~1\USERCO~1.XML
[15/10/2008 19:27|--a------] C:\DOCUME~1\HP_ADM~1\Cookies\HP2E84~1.TXT
[15/10/2008 19:27|--a------] C:\DOCUME~1\HP_ADM~1\Cookies\HPC04D~1.TXT

+-----------------------| Everest Poker Elements found :

.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.

+-----------------------| It's TV Elements found :

.

+-----------------------| Sweetim Elements found :

.

+-----------------------| ADDED SCAN :

+--[HKEY_CURRENT_USER\..\Run]

MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
ftutil2 REG_SZ rundll32.exe ftutil2.dll,SetWriteCacheMode
RTHDCPL REG_SZ RTHDCPL.EXE
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
DMAScheduler REG_SZ "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
PCDrProfiler REG_SZ
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update REG_EXPAND_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]


+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Scan-28.12.2008.log" (~6373 bytes)

# END at: 18:46:38 | 28/12/2008 - Time elapsed: 18.6 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 123 lines ]
+---------------------------------------------------------------------------+

Voici l'autre :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081228-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:47 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 28/12/2008|18:49 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskPBar\bar
Supprime! - C:\Program Files\AskPBar\SrchAstt
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mysearch[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@spamblockerutility[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@h.starware[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@try.starware[1].txt
Supprime! - C:\Program Files\AskPBar
Supprime! - C:\Program Files\AskTBar

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 27/12/2008|18:01 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 28/12/2008|18:50 - Option : [2]

-----------\\ Fin du rapport a 18:50:50,12

Pourras tu m'indiquer comment désinstaller quand ce sera fini ? Merci
0
Réponse 7 / 9
ripou
 
ok merci!
j relance tool bar et j crée topic
0
Réponse 8 / 9
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
! Déconnecte toi et ferme toutes les applications en cours !

Relance "Ad-remover" et choisis l'option "B" au menu principal

Coche à l'écran de sélection :
Suppression Eorezo
Suppression Funwebproduct/MyWay/MyWebsearch

Puis choisis "S" , le programme va travailler,

Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

Après ça, ton ordinateur ne sera plus infecté, voici donc quelques conseils pour finir le nettoyage et sécuriser ton pc ;)

Très bien, ton ordinateur n'est plus infecté !

Avant de retourner surfer sur internet, il y a quelques petites choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (6).

1) Sécurise ton ordinateur

• Anti-virus :
Avast était un antivirus convenable il y a quelques années, mais il est dépassé aujourd'hui. Il existe d'autres antivirus gratuits plus efficaces (Antivir ou AVG)
Désinstalle Avast : Commence par supprimer ce qu'il y a en quarantaine, puis fais clic droit sur l'icone d'Avast près de l'horloge --> désactive la protection résidente.
Puis Menu démarrer --> Panneau de configuration --> ajout/suppression de programmes --> désinstalle Avast.
Si ça ne fonctionne pas, consulte ce lien : Désinstallation d'Avast

Si tu choisis Antivir pour le remplacer, télécharge le ici.

• Anti-spyware :
* Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement, tous les 10 jours environ, et activer toutes les protections (« Enable all protection »)
* En complément, garde MalwareBytes pour son scan de nettoyage performant.

• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille d’installer et d'utiliser le navigateur Firefox 3 avec l’extension « AdBlockPlus ». Tu peux trouver des explications ici

• Internet Explorer n'est pas à jour, c'est une faille de sécurité (même si tu ne l'utilises pas)
Menu démarrer --> Windows update --> recherche et installe toutes les mises à jour importantes.
Si Internet Explorer n'y est pas, télécharge et installe IE 7 depuis ce lien : IE 7

• Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.

2) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
Lance le, clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.

3) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).

4) Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).

• Fais un clic droit sur poste de travail (qui est sur ton Bureau ou dans le menu démarrer), puis propriétés.
• Sélectionne l'onglet restauration du système
• Coche l'option Désactiver la restauration du système sur tous les lecteurs
• Clique sur OK.

Puis refais la manipulation inverse pour réactiver la restauration système.

5) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile):
Prévention et sécurité sur internet

Bonne lecture et bon courage ;)
0
lilas
 
Bonjour,

J'ai donc fait ce que tu m'as dit et voici le rapport. Je pense que je vais suivre tes conseils de sécurité car effectivement cela fait plusieurs fois que j'attrape des saloperies.

J'espère que c'est fini et te remercie beaucoup.

--------- Logfile of AD-Remover 1.0.8.0 by C_XX ---------

*** Limited to ***

Eorezo
Funwebproduct/MyWay/MyWebsearch

******************

# START at: 18:51:31 | Lun 29/12/2008 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal

# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat

# PC: PASCALE | USER: HP_Administrateur ( Current user is an administrator)

# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: FAT32)

# Internet Explorer v7.0.5730.13

--------- [ RUNNING PROCESSES: 58 ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe

-----------------------------------

(!) ---- IE start pages reset

+-----------------------| Eorezo Elements Deleted :

.
[15/10/2008 19:29|d--------] C:\Documents and Settings\HP_Administrateur\Application Data\EoRezo
[15/10/2008 19:27|--a------] C:\DOCUME~1\HP_ADM~1\Cookies\HP2E84~1.TXT
[15/10/2008 19:27|--a------] C:\DOCUME~1\HP_ADM~1\Cookies\HPC04D~1.TXT

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------------| ADDED SCAN :

+--[HKEY_CURRENT_USER\..\Run]

MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} REG_SZ "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+--[HKEY_LOCAL_MACHINE\..\Run]

ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
ftutil2 REG_SZ rundll32.exe ftutil2.dll,SetWriteCacheMode
RTHDCPL REG_SZ RTHDCPL.EXE
IAAnotif REG_SZ C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /installquiet /keeploaded /nodetect
DMAScheduler REG_SZ "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
PCDrProfiler REG_SZ
HPBootOp REG_SZ "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
HP Software Update REG_EXPAND_SZ C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
NeroFilterCheck REG_SZ C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

+--[HKEY_USERS\.DEFAULT\..\Run]


+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/

+---------------------------------------------------------------------------+

- "C:\AD-report-Clean-29.12.2008.log" (~5553 bytes)

- "C:\AD-report-Scan-28.12.2008.log" (~6708 bytes)

# END at: 18:55:44 | 29/12/2008 - Time elapsed: 4 minutes, 12 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 112 lines ]
+---------------------------------------------------------------------------+
0
lilas
 
Info supplémentaire,

J'ai voulu mettre à jour Windows et on me répond qu'il est à jour. Par contre, j'ai voulu supprimer Adobe Reader pour le remplacer et je ne peux pas car il marque qu'il y a un problème de Virus Eorezo. Je pense que mes problèmes ne sont pas terminés ... Merci
0
Réponse 9 / 9
anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
 
Bonjour,

Excuse moi pour le délai de réponse, j'étais absent ces derniers jours comme indiqué dans mon profil.

Fais ceci stp :

Télécharge hijackthis (logiciel de diagnostique) sur ton Bureau :
http://static.commentcamarche.net/www.commentcamarche.net/download/fichiers/HJTInstall.exe

Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum

0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses