MailSkinner
Résolu
yayarcheo
Messages postés
70
Statut
Membre
-
yayarcheo Messages postés 70 Statut Membre -
yayarcheo Messages postés 70 Statut Membre -
Bonjour,
Il m'est impossible de supprimer Mailskinner de mon ordinateur. J'ai essayé Avast, antivir et un anti malware, mais rien à faire. je ne peux pas le supprimer de mes programmes. J'ai aussi tenté le mode sans echec mais rien à faire, il reste bien incruster dans mon pc.... pouvez-vous m'aider? et à quel point ce truc est-il dangereux?
merci :)
Il m'est impossible de supprimer Mailskinner de mon ordinateur. J'ai essayé Avast, antivir et un anti malware, mais rien à faire. je ne peux pas le supprimer de mes programmes. J'ai aussi tenté le mode sans echec mais rien à faire, il reste bien incruster dans mon pc.... pouvez-vous m'aider? et à quel point ce truc est-il dangereux?
merci :)
31 réponses
Bonjour,
Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner
Ensuite :
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Renomme Hijackthis en Tutu
Double-clique sur HJTInstall.exe (tutu) pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner
Ensuite :
Télécharge le fichier d'installation d'HijackThis.
Enregistre HJTInstall.exe sur ton bureau.
Renomme Hijackthis en Tutu
Double-clique sur HJTInstall.exe (tutu) pour lancer le programme
Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis
Accepte la licence en cliquant sur le bouton "I Accept"
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
Colle le rapport que tu viens de copier sur ce forum
Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement
Tutoriaux (ne fixe rien pour le moment !!)
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:53, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:53, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------
Updated by C_XX on 15/02/2009 at 10:20
Start at: 11:30:14 | Lun 16/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: BIDULE
Current User: Yasmina - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 36
+-----------------| Boonty/Boonty Games Elements Found:
.
.
+-----------------| Eorezo Elements Found:
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Documents and Settings\Yasmina\Application Data\EoRezo
C:\Documents and Settings\Yasmina\Application Data\EoRezo\db
C:\Documents and Settings\Yasmina\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Yasmina\Application Data\EoRezo\eoStats
C:\Documents and Settings\Yasmina\Application Data\EoRezo\SoftwareUpdate
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-22E533F9.pf
C:\Documents and Settings\Yasmina\Cookies\yasmina@eorezo[1].txt
+-----------------| Infected Poker Softwares Elements Found:
.
+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:
.
.
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: ur2eei1b.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Google"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
Invalidprefs.js: Browser.Search.DefaultEngineName: "Google"
Invalidprefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
(Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://eo.st");
.
.
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://y.lo.st
+-[HKEY_USERS\S-1-5-21-3778484445-1339818193-2825729356-1007\..\Internet Explorer\Main]
Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://y.lo.st
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://eo.st
+---------------------------------------------------------------------------+
[~3354 Bytes] - "C:\Ad-Report-Scan-16.02.2009.log"
-
End at: 11:31:23 | 16/02/2009
.
+-----------------| E.O.F - 72 Lines
.
Updated by C_XX on 15/02/2009 at 10:20
Start at: 11:30:14 | Lun 16/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
Computer Name: BIDULE
Current User: Yasmina - Administrator
Drive(s):
- C:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\
--- Running Processes: 36
+-----------------| Boonty/Boonty Games Elements Found:
.
.
+-----------------| Eorezo Elements Found:
HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\Documents and Settings\Yasmina\Application Data\EoRezo
C:\Documents and Settings\Yasmina\Application Data\EoRezo\db
C:\Documents and Settings\Yasmina\Application Data\EoRezo\eoDesktop
C:\Documents and Settings\Yasmina\Application Data\EoRezo\eoStats
C:\Documents and Settings\Yasmina\Application Data\EoRezo\SoftwareUpdate
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-22E533F9.pf
C:\Documents and Settings\Yasmina\Cookies\yasmina@eorezo[1].txt
+-----------------| Infected Poker Softwares Elements Found:
.
+-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:
.
.
+-----------------| It's TV Elements Found:
.
+-----------------| Sweetim Elements Found:
.
+-----------------| Added Scan:
---- Mozilla FireFox Version 3.0.6 ----
ProfilePath: ur2eei1b.default
.
Prefs.js: Browser.Search.DefaultEngineName: "Google"
Prefs.js: Browser.Search.SelectedEngine: "Google"
Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
.
Invalidprefs.js: Browser.Search.DefaultEngineName: "Google"
Invalidprefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
.
(Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://eo.st");
.
.
---- Internet Explorer Version 7.0.5730.11 ----
+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]
Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://y.lo.st
+-[HKEY_USERS\S-1-5-21-3778484445-1339818193-2825729356-1007\..\Internet Explorer\Main]
Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://y.lo.st
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
Tabs: hxxp://eo.st
+---------------------------------------------------------------------------+
[~3354 Bytes] - "C:\Ad-Report-Scan-16.02.2009.log"
-
End at: 11:31:23 | 16/02/2009
.
+-----------------| E.O.F - 72 Lines
.
Déconnectes toi et fermes toutes applications en cours !
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
ensuite un nouvel hijackthis.
Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
* Relances "Ad-remover" : au menu principal choisi l'option "B" .
--> le programme va travailler ...
* Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...
( le rapport est sauvegardé aussi sous C:\Ad-report.log )
/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
ensuite un nouvel hijackthis.
le rapport de ad-remover :
[ ]1. Suppression Boonty/BoontyGames
[ ]2. Suppression Eorezo
[ ]3. Suppression Logiciels Poker infectés
[ ]4. Suppression FunWebProducts/MyWay/MyWebSearch
[ ]5. Suppression It's TV
[ ]6. Suppression Sweetim
Voilà :) Je lance maintenant un nouveau scan de Hijackthis.
Encore merci pour ce suivi pas à pas :)
[ ]1. Suppression Boonty/BoontyGames
[ ]2. Suppression Eorezo
[ ]3. Suppression Logiciels Poker infectés
[ ]4. Suppression FunWebProducts/MyWay/MyWebSearch
[ ]5. Suppression It's TV
[ ]6. Suppression Sweetim
Voilà :) Je lance maintenant un nouveau scan de Hijackthis.
Encore merci pour ce suivi pas à pas :)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
non ce n'est pas le rapport désolé.
c'est pourtant ce que m'a affiché ad-remover lorsque je l'ai lancé en mode B. Ensuite il me demandait si je voulais supprimer les fichiers. Il ne m'est pas possible de copier/coller ce rendu, alors je l'ai recopié. Je me suis trompée?
Voici le rapport de HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:55, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/...
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Voici le rapport de HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:06:55, on 16/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/...
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
normalement c'est le même rapport que l'autre sauf qu'il à marqué suppression afin d'être sur que ce soit supprimé.
Ensuite ceci :
Téléchargez SmitfraudFix et enregistrez-le sur le bureau
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.
Regarde bien le tuto qui est avec
/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.
En mode sans echec la suppression des fichiers présents.
process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Ensuite ceci :
Téléchargez SmitfraudFix et enregistrez-le sur le bureau
* Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
* Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
* A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.
Regarde bien le tuto qui est avec
/!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.
En mode sans echec la suppression des fichiers présents.
process.exe
est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
Antivir me signale un truc malveillant du nom de WORM/Generic.3868, et me conseille de refuser l'accès. Ceci est lié à MailSkinner?
Sinon, voici le rapport de SmitFraudFix:
SmitFraudFix v2.396
Rapport fait à 14:23:30,17, 16/02/2009
Executé à partir de C:\Documents and Settings\Yasmina\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yasmina
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yasmina\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yasmina\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yasmina\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Sinon, voici le rapport de SmitFraudFix:
SmitFraudFix v2.396
Rapport fait à 14:23:30,17, 16/02/2009
Executé à partir de C:\Documents and Settings\Yasmina\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yasmina
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yasmina\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yasmina\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yasmina\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Bonjour yayarcheo,
Une fois dans le menu de l'option B de Ad-remover, il faut cocher la case devant Eorezo, pour cela tape sur ton clavier la touche 2, valide par entrée, puis tape la touche S et valide par entrée ... répond oui a la demande de confirmation et laisse le programme travailler.
Bonne continuation
++
Une fois dans le menu de l'option B de Ad-remover, il faut cocher la case devant Eorezo, pour cela tape sur ton clavier la touche 2, valide par entrée, puis tape la touche S et valide par entrée ... répond oui a la demande de confirmation et laisse le programme travailler.
Bonne continuation
++
Fait ce qu'a demandé CXX. ensuite pour Mailskinner :
# Cliquez sur démarrer > Panneau de configuration > Ajout/suppression de programmes puis désinstallez Mailskinner si présent. Si le programme montre une quelconque résistance à la suppression, essayez de le désinstaller en mode sans échec .
# 2. Cliquez sur Démarrer > Poste de travail > C:\ > Program Files, et supprimez ce dossier : Mailskinner. Si le dossier persiste, supprimez-le en mode sans échec (voir ci-dessus pour y accéder)
# 3. Faites ceci pour finir la suppression des dossiers créés par Mailskinner :
* Affichez tous les dossiers et fichiers cachés :
* Cliquez sur Démarrer > Panneau de configuration > Outils > Options des dossiers > Affichage
* Cochez : "Afficher les fichiers et dossiers cachés"
* Cliquez sur Appliquer puis OK.
* Cliquez sur Démarrer > Poste de travail > C:\ > Documents and settings > All Users > Application data, et supprimez si présent le dossier Mailskinner.
# 4. Faites la même chose avec les autres dossiers de sessions, par exemple :
* C:/Documents and settings/< le nom de(s) autre(s) session(s) >/Application data
* Supprimez les dossiers Mailskinner si présents.
# Cliquez sur démarrer > Panneau de configuration > Ajout/suppression de programmes puis désinstallez Mailskinner si présent. Si le programme montre une quelconque résistance à la suppression, essayez de le désinstaller en mode sans échec .
# 2. Cliquez sur Démarrer > Poste de travail > C:\ > Program Files, et supprimez ce dossier : Mailskinner. Si le dossier persiste, supprimez-le en mode sans échec (voir ci-dessus pour y accéder)
# 3. Faites ceci pour finir la suppression des dossiers créés par Mailskinner :
* Affichez tous les dossiers et fichiers cachés :
* Cliquez sur Démarrer > Panneau de configuration > Outils > Options des dossiers > Affichage
* Cochez : "Afficher les fichiers et dossiers cachés"
* Cliquez sur Appliquer puis OK.
* Cliquez sur Démarrer > Poste de travail > C:\ > Documents and settings > All Users > Application data, et supprimez si présent le dossier Mailskinner.
# 4. Faites la même chose avec les autres dossiers de sessions, par exemple :
* C:/Documents and settings/< le nom de(s) autre(s) session(s) >/Application data
* Supprimez les dossiers Mailskinner si présents.
J'ai relancé un scan "Tutu" dont voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:24, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:34:24, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
as tu fait ce qu CXX t'a demandé?
Ensuite fait ceci :
Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
Tuto
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
Ensuite fait ceci :
Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
Tuto
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.
* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
oui oui j'ai bien fait ce que m'avait demandé CXX.
voilà le rapport de ToolBar S&D:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Yasmina ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090216-1] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/02/2009|12:19 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dealio-14282.log
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dealio-14283.log
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3988_2348_6.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3988_3808_3.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(Yasmina) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Yasmina) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009|12:20 - Option : [1]
-----------\\ Fin du rapport a 12:20:12,42
voilà le rapport de ToolBar S&D:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Yasmina ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090216-1] 4.8.1296 (Not Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 17/02/2009|12:19 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\chevron-small.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\DealioSearch.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\deal_report.jpg
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\err_toolbar.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\global_scripts.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\highlight-bg.png
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\logo.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\logo_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.css
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\scripts.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\scroller.js
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search-chevron.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\separator.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\settings.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\settings_over.gif
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\yahoo-search.png
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\index.76.35
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dealio-14282.log
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dealio-14283.log
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3988_2348_6.html
C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3988_3808_3.html
C:\Program Files\Dealio
C:\Program Files\Dealio\DealioAU.exe
C:\Program Files\Dealio\kb127
C:\Program Files\Dealio\SearchSettingsKit.exe
C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
C:\Program Files\Dealio\kb127\Dealio.dll
C:\Program Files\Dealio\kb127\DealioRes409.dll
C:\Program Files\Dealio\kb127\res
C:\Program Files\Dealio\kb127\resDN
C:\Program Files\Dealio\kb127\rules
C:\Program Files\Dealio\kb127\temp
C:\Program Files\Dealio\kb127\res\alerts.gif
C:\Program Files\Dealio\kb127\res\alerts_over.gif
C:\Program Files\Dealio\kb127\res\alerts_rec.gif
C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
C:\Program Files\Dealio\kb127\res\chevron-small.gif
C:\Program Files\Dealio\kb127\res\DealioSearch.html
C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
C:\Program Files\Dealio\kb127\res\deal_report.jpg
C:\Program Files\Dealio\kb127\res\ebay_login.jpg
C:\Program Files\Dealio\kb127\res\err_mainwindow.html
C:\Program Files\Dealio\kb127\res\err_toolbar.html
C:\Program Files\Dealio\kb127\res\global_scripts.js
C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
C:\Program Files\Dealio\kb127\res\highlight-bg.png
C:\Program Files\Dealio\kb127\res\logo.gif
C:\Program Files\Dealio\kb127\res\logo_over.gif
C:\Program Files\Dealio\kb127\res\man_toolbar.css
C:\Program Files\Dealio\kb127\res\man_toolbar.html
C:\Program Files\Dealio\kb127\res\man_toolbar.js
C:\Program Files\Dealio\kb127\res\man_toolbarl.js
C:\Program Files\Dealio\kb127\res\post-this-deal.gif
C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
C:\Program Files\Dealio\kb127\res\scripts.js
C:\Program Files\Dealio\kb127\res\scroller.js
C:\Program Files\Dealio\kb127\res\search-chevron.gif
C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
C:\Program Files\Dealio\kb127\res\separator.gif
C:\Program Files\Dealio\kb127\res\settings.gif
C:\Program Files\Dealio\kb127\res\settings_over.gif
C:\Program Files\Dealio\kb127\res\yahoo-search.png
C:\Program Files\Dealio\kb127\resDN\bottom.gif
C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
C:\Program Files\Dealio\kb127\resDN\close.gif
C:\Program Files\Dealio\kb127\resDN\deskbar.css
C:\Program Files\Dealio\kb127\resDN\deskbar.js
C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
C:\Program Files\Dealio\kb127\resDN\logo.gif
C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
C:\Program Files\Dealio\kb127\resDN\losing.gif
C:\Program Files\Dealio\kb127\resDN\lost.gif
C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
C:\Program Files\Dealio\kb127\resDN\menu_check.gif
C:\Program Files\Dealio\kb127\resDN\no_image.gif
C:\Program Files\Dealio\kb127\resDN\prod_img.gif
C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
C:\Program Files\Dealio\kb127\resDN\spacer.gif
C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
C:\Program Files\Dealio\kb127\resDN\top.gif
C:\Program Files\Dealio\kb127\resDN\unknown.gif
C:\Program Files\Dealio\kb127\resDN\winning.gif
C:\Program Files\Dealio\kb127\resDN\won.gif
C:\Program Files\Dealio\kb127\rules\index.76.35
C:\Program Files\Dealio\kb127\rules\rules.1.10.76
C:\Program Files\Dealio\kb127\rules\rules.1.109.43
C:\Program Files\Dealio\kb127\rules\rules.1.110.43
C:\Program Files\Dealio\kb127\rules\rules.1.12.52
C:\Program Files\Dealio\kb127\rules\rules.1.13.58
C:\Program Files\Dealio\kb127\rules\rules.1.130.58
C:\Program Files\Dealio\kb127\rules\rules.1.135.50
C:\Program Files\Dealio\kb127\rules\rules.1.153.44
C:\Program Files\Dealio\kb127\rules\rules.1.155.43
C:\Program Files\Dealio\kb127\rules\rules.1.156.49
C:\Program Files\Dealio\kb127\rules\rules.1.16.60
C:\Program Files\Dealio\kb127\rules\rules.1.161.52
C:\Program Files\Dealio\kb127\rules\rules.1.178.66
C:\Program Files\Dealio\kb127\rules\rules.1.184.55
C:\Program Files\Dealio\kb127\rules\rules.1.188.52
C:\Program Files\Dealio\kb127\rules\rules.1.189.45
C:\Program Files\Dealio\kb127\rules\rules.1.196.43
C:\Program Files\Dealio\kb127\rules\rules.1.198.56
C:\Program Files\Dealio\kb127\rules\rules.1.199.43
C:\Program Files\Dealio\kb127\rules\rules.1.200.53
C:\Program Files\Dealio\kb127\rules\rules.1.201.43
C:\Program Files\Dealio\kb127\rules\rules.1.202.43
C:\Program Files\Dealio\kb127\rules\rules.1.203.71
C:\Program Files\Dealio\kb127\rules\rules.1.205.62
C:\Program Files\Dealio\kb127\rules\rules.1.213.71
C:\Program Files\Dealio\kb127\rules\rules.1.214.49
C:\Program Files\Dealio\kb127\rules\rules.1.215.43
C:\Program Files\Dealio\kb127\rules\rules.1.216.67
C:\Program Files\Dealio\kb127\rules\rules.1.217.67
C:\Program Files\Dealio\kb127\rules\rules.1.218.52
C:\Program Files\Dealio\kb127\rules\rules.1.219.43
C:\Program Files\Dealio\kb127\rules\rules.1.220.43
C:\Program Files\Dealio\kb127\rules\rules.1.221.57
C:\Program Files\Dealio\kb127\rules\rules.1.222.43
C:\Program Files\Dealio\kb127\rules\rules.1.223.68
C:\Program Files\Dealio\kb127\rules\rules.1.226.68
C:\Program Files\Dealio\kb127\rules\rules.1.227.43
C:\Program Files\Dealio\kb127\rules\rules.1.228.62
C:\Program Files\Dealio\kb127\rules\rules.1.229.76
C:\Program Files\Dealio\kb127\rules\rules.1.23.63
C:\Program Files\Dealio\kb127\rules\rules.1.239.43
C:\Program Files\Dealio\kb127\rules\rules.1.24.43
C:\Program Files\Dealio\kb127\rules\rules.1.240.43
C:\Program Files\Dealio\kb127\rules\rules.1.241.43
C:\Program Files\Dealio\kb127\rules\rules.1.242.43
C:\Program Files\Dealio\kb127\rules\rules.1.243.43
C:\Program Files\Dealio\kb127\rules\rules.1.244.63
C:\Program Files\Dealio\kb127\rules\rules.1.245.43
C:\Program Files\Dealio\kb127\rules\rules.1.247.43
C:\Program Files\Dealio\kb127\rules\rules.1.248.43
C:\Program Files\Dealio\kb127\rules\rules.1.249.43
C:\Program Files\Dealio\kb127\rules\rules.1.250.43
C:\Program Files\Dealio\kb127\rules\rules.1.251.43
C:\Program Files\Dealio\kb127\rules\rules.1.252.43
C:\Program Files\Dealio\kb127\rules\rules.1.253.43
C:\Program Files\Dealio\kb127\rules\rules.1.254.43
C:\Program Files\Dealio\kb127\rules\rules.1.255.43
C:\Program Files\Dealio\kb127\rules\rules.1.256.43
C:\Program Files\Dealio\kb127\rules\rules.1.257.43
C:\Program Files\Dealio\kb127\rules\rules.1.279.43
C:\Program Files\Dealio\kb127\rules\rules.1.28.58
C:\Program Files\Dealio\kb127\rules\rules.1.282.75
C:\Program Files\Dealio\kb127\rules\rules.1.283.43
C:\Program Files\Dealio\kb127\rules\rules.1.284.43
C:\Program Files\Dealio\kb127\rules\rules.1.289.67
C:\Program Files\Dealio\kb127\rules\rules.1.290.62
C:\Program Files\Dealio\kb127\rules\rules.1.291.61
C:\Program Files\Dealio\kb127\rules\rules.1.296.43
C:\Program Files\Dealio\kb127\rules\rules.1.297.43
C:\Program Files\Dealio\kb127\rules\rules.1.304.43
C:\Program Files\Dealio\kb127\rules\rules.1.307.43
C:\Program Files\Dealio\kb127\rules\rules.1.308.75
C:\Program Files\Dealio\kb127\rules\rules.1.31.47
C:\Program Files\Dealio\kb127\rules\rules.1.310.46
C:\Program Files\Dealio\kb127\rules\rules.1.311.43
C:\Program Files\Dealio\kb127\rules\rules.1.315.43
C:\Program Files\Dealio\kb127\rules\rules.1.316.43
C:\Program Files\Dealio\kb127\rules\rules.1.317.43
C:\Program Files\Dealio\kb127\rules\rules.1.318.43
C:\Program Files\Dealio\kb127\rules\rules.1.319.49
C:\Program Files\Dealio\kb127\rules\rules.1.32.48
C:\Program Files\Dealio\kb127\rules\rules.1.334.44
C:\Program Files\Dealio\kb127\rules\rules.1.335.60
C:\Program Files\Dealio\kb127\rules\rules.1.336.44
C:\Program Files\Dealio\kb127\rules\rules.1.337.44
C:\Program Files\Dealio\kb127\rules\rules.1.338.75
C:\Program Files\Dealio\kb127\rules\rules.1.339.47
C:\Program Files\Dealio\kb127\rules\rules.1.34.43
C:\Program Files\Dealio\kb127\rules\rules.1.340.47
C:\Program Files\Dealio\kb127\rules\rules.1.341.47
C:\Program Files\Dealio\kb127\rules\rules.1.349.50
C:\Program Files\Dealio\kb127\rules\rules.1.35.48
C:\Program Files\Dealio\kb127\rules\rules.1.350.50
C:\Program Files\Dealio\kb127\rules\rules.1.351.51
C:\Program Files\Dealio\kb127\rules\rules.1.352.54
C:\Program Files\Dealio\kb127\rules\rules.1.353.51
C:\Program Files\Dealio\kb127\rules\rules.1.354.51
C:\Program Files\Dealio\kb127\rules\rules.1.357.62
C:\Program Files\Dealio\kb127\rules\rules.1.358.52
C:\Program Files\Dealio\kb127\rules\rules.1.359.52
C:\Program Files\Dealio\kb127\rules\rules.1.360.53
C:\Program Files\Dealio\kb127\rules\rules.1.361.54
C:\Program Files\Dealio\kb127\rules\rules.1.362.68
C:\Program Files\Dealio\kb127\rules\rules.1.363.58
C:\Program Files\Dealio\kb127\rules\rules.1.364.54
C:\Program Files\Dealio\kb127\rules\rules.1.365.53
C:\Program Files\Dealio\kb127\rules\rules.1.367.56
C:\Program Files\Dealio\kb127\rules\rules.1.368.58
C:\Program Files\Dealio\kb127\rules\rules.1.369.55
C:\Program Files\Dealio\kb127\rules\rules.1.370.56
C:\Program Files\Dealio\kb127\rules\rules.1.371.56
C:\Program Files\Dealio\kb127\rules\rules.1.372.57
C:\Program Files\Dealio\kb127\rules\rules.1.373.55
C:\Program Files\Dealio\kb127\rules\rules.1.375.56
C:\Program Files\Dealio\kb127\rules\rules.1.376.57
C:\Program Files\Dealio\kb127\rules\rules.1.377.55
C:\Program Files\Dealio\kb127\rules\rules.1.378.65
C:\Program Files\Dealio\kb127\rules\rules.1.384.58
C:\Program Files\Dealio\kb127\rules\rules.1.386.71
C:\Program Files\Dealio\kb127\rules\rules.1.387.59
C:\Program Files\Dealio\kb127\rules\rules.1.388.59
C:\Program Files\Dealio\kb127\rules\rules.1.389.59
C:\Program Files\Dealio\kb127\rules\rules.1.390.60
C:\Program Files\Dealio\kb127\rules\rules.1.391.60
C:\Program Files\Dealio\kb127\rules\rules.1.392.60
C:\Program Files\Dealio\kb127\rules\rules.1.393.60
C:\Program Files\Dealio\kb127\rules\rules.1.394.60
C:\Program Files\Dealio\kb127\rules\rules.1.396.61
C:\Program Files\Dealio\kb127\rules\rules.1.397.61
C:\Program Files\Dealio\kb127\rules\rules.1.398.60
C:\Program Files\Dealio\kb127\rules\rules.1.399.60
C:\Program Files\Dealio\kb127\rules\rules.1.403.61
C:\Program Files\Dealio\kb127\rules\rules.1.404.63
C:\Program Files\Dealio\kb127\rules\rules.1.405.61
C:\Program Files\Dealio\kb127\rules\rules.1.406.61
C:\Program Files\Dealio\kb127\rules\rules.1.407.76
C:\Program Files\Dealio\kb127\rules\rules.1.408.63
C:\Program Files\Dealio\kb127\rules\rules.1.409.61
C:\Program Files\Dealio\kb127\rules\rules.1.412.62
C:\Program Files\Dealio\kb127\rules\rules.1.413.62
C:\Program Files\Dealio\kb127\rules\rules.1.414.62
C:\Program Files\Dealio\kb127\rules\rules.1.415.62
C:\Program Files\Dealio\kb127\rules\rules.1.416.62
C:\Program Files\Dealio\kb127\rules\rules.1.417.62
C:\Program Files\Dealio\kb127\rules\rules.1.418.62
C:\Program Files\Dealio\kb127\rules\rules.1.419.62
C:\Program Files\Dealio\kb127\rules\rules.1.420.62
C:\Program Files\Dealio\kb127\rules\rules.1.421.62
C:\Program Files\Dealio\kb127\rules\rules.1.423.63
C:\Program Files\Dealio\kb127\rules\rules.1.424.63
C:\Program Files\Dealio\kb127\rules\rules.1.425.63
C:\Program Files\Dealio\kb127\rules\rules.1.426.63
C:\Program Files\Dealio\kb127\rules\rules.1.427.63
C:\Program Files\Dealio\kb127\rules\rules.1.428.65
C:\Program Files\Dealio\kb127\rules\rules.1.429.63
C:\Program Files\Dealio\kb127\rules\rules.1.430.63
C:\Program Files\Dealio\kb127\rules\rules.1.432.65
C:\Program Files\Dealio\kb127\rules\rules.1.433.64
C:\Program Files\Dealio\kb127\rules\rules.1.434.65
C:\Program Files\Dealio\kb127\rules\rules.1.435.64
C:\Program Files\Dealio\kb127\rules\rules.1.436.76
C:\Program Files\Dealio\kb127\rules\rules.1.437.64
C:\Program Files\Dealio\kb127\rules\rules.1.438.71
C:\Program Files\Dealio\kb127\rules\rules.1.439.71
C:\Program Files\Dealio\kb127\rules\rules.1.440.75
C:\Program Files\Dealio\kb127\rules\rules.1.442.73
C:\Program Files\Dealio\kb127\rules\rules.1.443.73
C:\Program Files\Dealio\kb127\rules\rules.1.444.73
C:\Program Files\Dealio\kb127\rules\rules.1.445.68
C:\Program Files\Dealio\kb127\rules\rules.1.446.69
C:\Program Files\Dealio\kb127\rules\rules.1.450.67
C:\Program Files\Dealio\kb127\rules\rules.1.451.67
C:\Program Files\Dealio\kb127\rules\rules.1.452.68
C:\Program Files\Dealio\kb127\rules\rules.1.453.68
C:\Program Files\Dealio\kb127\rules\rules.1.454.69
C:\Program Files\Dealio\kb127\rules\rules.1.456.69
C:\Program Files\Dealio\kb127\rules\rules.1.457.75
C:\Program Files\Dealio\kb127\rules\rules.1.458.70
C:\Program Files\Dealio\kb127\rules\rules.1.459.70
C:\Program Files\Dealio\kb127\rules\rules.1.460.69
C:\Program Files\Dealio\kb127\rules\rules.1.462.74
C:\Program Files\Dealio\kb127\rules\rules.1.463.69
C:\Program Files\Dealio\kb127\rules\rules.1.464.70
C:\Program Files\Dealio\kb127\rules\rules.1.465.68
C:\Program Files\Dealio\kb127\rules\rules.1.468.70
C:\Program Files\Dealio\kb127\rules\rules.1.469.70
C:\Program Files\Dealio\kb127\rules\rules.1.470.70
C:\Program Files\Dealio\kb127\rules\rules.1.471.73
C:\Program Files\Dealio\kb127\rules\rules.1.472.70
C:\Program Files\Dealio\kb127\rules\rules.1.478.74
C:\Program Files\Dealio\kb127\rules\rules.1.479.73
C:\Program Files\Dealio\kb127\rules\rules.1.480.68
C:\Program Files\Dealio\kb127\rules\rules.1.481.71
C:\Program Files\Dealio\kb127\rules\rules.1.482.74
C:\Program Files\Dealio\kb127\rules\rules.1.49.67
C:\Program Files\Dealio\kb127\rules\rules.1.50.43
C:\Program Files\Dealio\kb127\rules\rules.1.500.71
C:\Program Files\Dealio\kb127\rules\rules.1.501.74
C:\Program Files\Dealio\kb127\rules\rules.1.502.71
C:\Program Files\Dealio\kb127\rules\rules.1.51.69
C:\Program Files\Dealio\kb127\rules\rules.1.52.72
C:\Program Files\Dealio\kb127\rules\rules.1.520.76
C:\Program Files\Dealio\kb127\rules\rules.1.521.76
C:\Program Files\Dealio\kb127\rules\rules.1.522.76
C:\Program Files\Dealio\kb127\rules\rules.1.53.51
C:\Program Files\Dealio\kb127\rules\rules.1.531.76
C:\Program Files\Dealio\kb127\rules\rules.1.532.75
C:\Program Files\Dealio\kb127\rules\rules.1.534.75
C:\Program Files\Dealio\kb127\rules\rules.1.54.47
C:\Program Files\Dealio\kb127\rules\rules.1.55.45
C:\Program Files\Dealio\kb127\rules\rules.1.56.69
C:\Program Files\Dealio\kb127\rules\rules.1.57.43
C:\Program Files\Dealio\kb127\rules\rules.1.58.47
C:\Program Files\Dealio\kb127\rules\rules.1.593.76
C:\Program Files\Dealio\kb127\rules\rules.1.595.76
C:\Program Files\Dealio\kb127\rules\rules.1.63.57
C:\Program Files\Dealio\kb127\rules\rules.1.66.47
C:\Program Files\Dealio\kb127\rules\rules.1.70.75
C:\Program Files\Dealio\kb127\rules\rules.1.71.43
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\res
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb127
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb127\res
C:\Program Files\Search Settings\kb127\SearchSettings.dll
C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
C:\Program Files\Search Settings\kb127\temp
-----------\\ Extensions
(Yasmina) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Yasmina) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009|12:20 - Option : [1]
-----------\\ Fin du rapport a 12:20:12,42
Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
Ensuite :
Télécharge :
Brute Force Uninstaller (de Merjin).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible du lien sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).
Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".
AIDE : Comment installer et utiliser BFU ?
Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
EGDACCESS.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attends que Complete script execution apparaisse pour cliquer sur OK.
Clique Exit pour fermer le programme BFU.
!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".
Note : ne touches à rien lors de la suppression !
Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...
Ensuite :
Télécharge :
Brute Force Uninstaller (de Merjin).
Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)
FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible du lien sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).
Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".
AIDE : Comment installer et utiliser BFU ?
Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)
- Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :
EGDACCESS.bfu
- Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu
Clique sur Execute et laisse-le faire son travail.
Attends que Complete script execution apparaisse pour cliquer sur OK.
Clique Exit pour fermer le programme BFU.
voici les rapports Toolbar, suivi de hijackthis:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Yasmina ( Administrator )
BOOT : Fail-safe boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090216-1] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/02/2009|15:33 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Yasmina) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Yasmina) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009|12:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/02/2009|15:35 - Option : [2]
-----------\\ Fin du rapport a 15:35:07,32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:41, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Yasmina ( Administrator )
BOOT : Fail-safe boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090216-1] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
D:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/02/2009|15:33 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127
Supprime! - C:\Program Files\Dealio\DealioAU.exe
Supprime! - C:\Program Files\Dealio\kb127
Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\kb127
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Dealio
Supprime! - C:\Program Files\Dealio
Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Yasmina) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(Yasmina) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search bar"="http://www.bing.com/spresults.aspx"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\Pack.epk
[b]==> EGDACCESS <==/b
1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009|12:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 17/02/2009|15:35 - Option : [2]
-----------\\ Fin du rapport a 15:35:07,32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:41, on 17/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Excuse moi pour le lien le voici qui marche Brute Force
c'est quand tu es sur ccm tu clique droit sur brute force et tu as enregistrer le cible du lien sous.
bon essaye navilog :
* Téléchargez et enregistrez Navilog1 sur le bureau.
* Sous XP : double-cliquez dessus pour l'installer et le lancer.
* Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
* Quand il sera installé, appuyez sur F pour Français.
* Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
* Tapez 1 pour exécuter une recherche.
* Laissez le programme travailler, il pourrait durer une dizaine de minutes.
* Un rapport va être généré dans le bloc note à la fin de l'analyse
* Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
* Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :
http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
* Téléchargez et enregistrez Navilog1 sur le bureau.
* Sous XP : double-cliquez dessus pour l'installer et le lancer.
* Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
* Quand il sera installé, appuyez sur F pour Français.
* Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
* Tapez 1 pour exécuter une recherche.
* Laissez le programme travailler, il pourrait durer une dizaine de minutes.
* Un rapport va être généré dans le bloc note à la fin de l'analyse
* Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
* Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :
http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
voici le rapport de navilog:
Search Navipromo version 3.7.4 commencé le 19/02/2009 à 11:54:26,37
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Yasmina ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090218-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
D:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
MailSkinner
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Yasmina\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Yasmina\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\mc
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
uxbbqx.dat trouvé !
* Dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 19/02/2009 à 11:57:36,09 ***
Aussi, Antivir me signale qu'un virus ou logiciel malveillant a été détecté dans C:\WINDOWS\Temp\_avast4_\unp86432895.tmp; il contient le cheval de troie TR/unpacked.Gen
Dois-je désinstaller Avast, et ne garder qu'antivir?
Search Navipromo version 3.7.4 commencé le 19/02/2009 à 11:54:26,37
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO
Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.0
USER : Yasmina ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090218-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
D:\ (CD or DVD)
Recherche executé en mode normal
*** Recherche Programmes installés ***
MailSkinner
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Yasmina\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Yasmina\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
*** Recherche fichiers ***
C:\WINDOWS\pack.epk trouvé !
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\mc
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
uxbbqx.dat trouvé !
* Dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 19/02/2009 à 11:57:36,09 ***
Aussi, Antivir me signale qu'un virus ou logiciel malveillant a été détecté dans C:\WINDOWS\Temp\_avast4_\unp86432895.tmp; il contient le cheval de troie TR/unpacked.Gen
Dois-je désinstaller Avast, et ne garder qu'antivir?
parce qu'en plus tu as 2 antivirus? il faut absolument en supprimer 1.
ensuite fait ceci
désinfection automatique
* Relancez Navilog1 comme expliqué lors de la recherche.
* Cette fois-ci tapez 2 pour exécuter une désinfection automatique. (le bureau disparaît, c'est normal)
* Le PC va redémarrer.
* Après redémarrage, un rapport va être généré dans le bloc note.
* Vérifiez que tout a bien été supprimé car il se pourrait que certains fichiers ne soient pas supprimés lors de la désinfection automatique...
Puis lance brute force comme ceci sans renommer rien :
Etape 1/ Télécharge [ http://merijn.geekstogo.com/files/bfu.zip Brute Force Uninstaller] (Merijn) et décompresse-le sur ton bureau.
Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.
Voici le Tuto
Redémarre en mode sans échec comme indiqué ici ; . Choisis ta session courante
# Etape 2/
Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
- Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
- clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
- Clique sur OK, puis exit pour fermer le programme BFU.
- Recommence encore une fois.
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
ensuite fait ceci
désinfection automatique
* Relancez Navilog1 comme expliqué lors de la recherche.
* Cette fois-ci tapez 2 pour exécuter une désinfection automatique. (le bureau disparaît, c'est normal)
* Le PC va redémarrer.
* Après redémarrage, un rapport va être généré dans le bloc note.
* Vérifiez que tout a bien été supprimé car il se pourrait que certains fichiers ne soient pas supprimés lors de la désinfection automatique...
Puis lance brute force comme ceci sans renommer rien :
Etape 1/ Télécharge [ http://merijn.geekstogo.com/files/bfu.zip Brute Force Uninstaller] (Merijn) et décompresse-le sur ton bureau.
Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.
Voici le Tuto
Redémarre en mode sans échec comme indiqué ici ; . Choisis ta session courante
# Etape 2/
Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
- Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
- clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
- Clique sur OK, puis exit pour fermer le programme BFU.
- Recommence encore une fois.
Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
tu as le rapport brute force STP.
oui, désolée :
BFU v1.12.0
Windows XP SP3 (WinNT 5.01.2600 SP3)
Script started at 21:10:05, on 19/02/2009
Option Unload Explorer: Yes
Success: ProcessKillByPID 924
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
# lazzzy 20/09/2006
# Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited
OptionUnloadShell
# 1 - Processus
ProcessKill \AdwareProtector.exe|1
ProcessKill \ErrorGuard.exe|1
ProcessKill \ERScw.exe|1
ProcessKill \Malwarrior.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
ProcessKill \sd2006.exe|1
ProcessKill \SDR6cw.exe|1
ProcessKill \SDRmon.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
ProcessKill uwasffNT.exe|1
ProcessKill \was6.exe|1
ProcessKill \WinAV.exe|1
ProcessKill \WinPG2005.exe|1
ProcessKill \WinSpywareProtect.exe|1
# 2 - Services
ServiceStop FWSvc
ServiceDisable FWSvc
ServiceDelete FWSvc
# 3 - Registre
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys
RegDeleteKey HKCR\antiviruscom.avofficeprotect
RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
RegDeleteKey HKCR\avexplorer.shellextension
RegDeleteKey HKCR\avexplorer.shellextension.2
RegDeleteKey HKCR\avexplorer.shellextension\curver
RegDeleteKey HKCR\checkprod.checkproduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
RegDeleteKey HKCR\ComCleanCor.AppCleane
RegDeleteKey HKCR\ComCleanCor.AppCleane.1
RegDeleteKey HKCR\ComCleanCor.CQuickScan
RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
RegDeleteKey HKCR\ComCleanCor.FileCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane.1
RegDeleteKey HKCR\ComCleanCor.RegCleane
RegDeleteKey HKCR\ComCleanCor.RegCleane.1
RegDeleteKey HKCR\ComCleanCor.SystemCleane
RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
RegDeleteKey HKCR\ComCleanCore.FileClean.1
RegDeleteKey HKCR\CompCleanCore.AppCleaner
RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
RegDeleteKey HKCR\CompCleanCore.CCQuickScan
RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
RegDeleteKey HKCR\CompCleanCore.FileCleaner
RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
RegDeleteKey HKCR\CompCleanCore.InetCleaner
RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
RegDeleteKey HKCR\CompCleanCore.RegCleaner
RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
RegDeleteKey HKCR\CompCleanCore.SystemCleaner
RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
RegDeleteKey HKCR\df_fixer.Fixer
RegDeleteKey HKCR\df_fixer.Fixer.1
RegDeleteKey HKCR\df_proxy.DriverManipulate
RegDeleteKey HKCR\df_proxy.DriverManipulate.1
RegDeleteKey HKCR\df_fix.Fix
RegDeleteKey HKCR\df_fix.Fix.1
RegDeleteKey HKCR\df_prx.DriverManipulat
RegDeleteKey HKCR\df_prx.DriverManipulat.1
RegDeleteKey HKCR\escompcleancore.esappcleaner
RegDeleteKey HKCR\escompcleancore.esappcleaner.1
RegDeleteKey HKCR\escompcleancore.esccquickscan
RegDeleteKey HKCR\escompcleancore.esccquickscan.1
RegDeleteKey HKCR\escompcleancore.esfilecleaner
RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
RegDeleteKey HKCR\escompcleancore.esinetcleaner
RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
RegDeleteKey HKCR\escompcleancore.esregcleaner
RegDeleteKey HKCR\escompcleancore.esregcleaner.1
RegDeleteKey HKCR\escompcleancore.essystemcleaner
RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
RegDeleteKey HKCR\esdf_fixer.esfixer
RegDeleteKey HKCR\esdf_fixer.esfixer.1
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
RegDeleteKey HKCR\esffwraper.esffenginwraper
RegDeleteKey HKCR\esffwraper.esffenginwraper.1
RegDeleteKey HKCR\esfixcore.esmmfixcore
RegDeleteKey HKCR\esfixcore.esmmfixcore.1
RegDeleteKey HKCR\esmmfixctrl.escofixengine
RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
RegDeleteKey HKCR\esspchck.esspchck
RegDeleteKey HKCR\esspchck.esspchck.1
RegDeleteKey HKCR\esspcheck.esspcheck
RegDeleteKey HKCR\esspcheck.esspcheck.1
RegDeleteKey HKCR\FFCom.FlFixer
RegDeleteKey HKCR\FFWraper.FFEnginWraper
RegDeleteKey HKCR\FFWrap.FEnginWrape
RegDeleteKey HKCR\FFWrap.FEnginWrape.1
RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
RegDeleteKey HKCR\FFxr_21.FFixr21
RegDeleteKey HKCR\FixCor.MMFxCor
RegDeleteKey HKCR\FixCor.MMFxCor.1
RegDeleteKey HKCR\FixCore.MMFixCore
RegDeleteKey HKCR\FixCore.MMFixCore.1
RegDeleteKey HKCR\FlFxr3.FlFixer3
RegDeleteKey HKCR\flfxr5.flfixer5
RegDeleteKey HKCR\FlFxr15.FlFixer15
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
RegDeleteKey HKCR\FWraper.FFEnginWraper
RegDeleteKey HKCR\FWraper.FFEnginWraper.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e
RegDeleteKey HKCR\FxCore.MMFixCore
RegDeleteKey HKCR\FxCore.MMFixCore.1
RegDeleteKey HKCR\iefwbho.iefw
RegDeleteKey HKCR\iefwbho.iefw.2
RegDeleteKey HKCR\Install.Install
RegDeleteKey HKCR\Install.Install.1
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
RegDeleteKey HKCR\MMFx.CoFxEngin
RegDeleteKey HKCR\MMFx.CoFxEngin.1
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
RegDeleteKey HKCR\systemdoctor.free
RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
RegDeleteKey HKCR\UWFXCheck.UWFXCheck
RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
RegDeleteKey HKCR\wap6.pcheck
RegDeleteKey HKCR\wap6.pcheck.1
RegDeleteKey HKCR\winpgintegrator.ieintegrator
RegDeleteKey HKCR\winpgintegrator.ieintegrator.1
RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
RegDeleteKey HKCR\AppID\CheckProduct2.DLL
RegDeleteKey HKCR\AppID\compcln.dll
RegDeleteKey HKCR\AppID\compclr.dll
RegDeleteKey HKCR\AppID\FFWrapr.DLL
RegDeleteKey HKCR\AppID\FFWraper.DLL
RegDeleteKey HKCR\AppID\FixCore.DLL
RegDeleteKey HKCR\AppID\FxCr.DLL
RegDeleteKey HKCR\AppID\MFix.DLL
RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
RegDeleteKey HKCR\AppID\winpgi.dll appid
RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}
RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}
RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}
RegDeleteKey HKCU\Software\Adsl Software Limited
RegDeleteKey HKCU\Software\ErrorGuard
RegDeleteKey HKCU\Software\errorsafe
RegDeleteKey HKCU\Software\error safe free
RegDeleteKey HKCU\Software\sysprotect free
RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
RegDeleteKey HKCU\Software\WinFixer 2005
RegDeleteKey HKCU\Software\WinSoftware
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered
RegDeleteKey HKLM\Software\AXPFixer
RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
RegDeleteKey HKLM\Software\ErrorSafe
RegDeleteKey HKLM\Software\Error Safe Free
RegDeleteKey HKLM\Software\sysprotect
RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKLM\Software\winantivirus pro 2006
RegDeleteKey HKLM\Software\WinSoftware
RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
RegDeleteKey HKLM\Software\Classes\UDCShell
RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk
RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll
RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}
RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd
RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd
RegDeleteKey HKUS\Software\DriveCleaner 2006 Free
# 4 - ActiveX
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024
# 5 - Fichiers
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
DllUnregister C:\Program Files\SysProtect\compclr.dll|1
DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
DllUnregister C:\WINDOWS\syst32.dll|1
FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\*errorsafe*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\*winantispyware*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\*winantivirus*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\install_fr*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\installer_fr[1].exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\setup_fr[1].exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\DriveCleaner 2006 Free.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorGuard.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorSafe.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorSafe*.exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\WinFixer*.exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\WinFixer*.lnk
FileDelete C:\Documents and Settings\Yasmina\Mes documents\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Yasmina\Mes documents\*SystemDoctor*.exe
FileDelete C:\Documents and Settings\Yasmina\Mes documents\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\*drivecleaner*.exe
FileDelete C:\Program Files\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
FileDelete C:\WINDOWS\46241234110.exe
FileDelete C:\WINDOWS\service32.exe
FileDelete C:\WINDOWS\syst32.dll
FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
FileDelete C:\WINDOWS\system32\av.cpl
FileDelete C:\WINDOWS\system32\blackster.scr
FileDelete C:\WINDOWS\system32\df_kme.exe
FileDelete C:\WINDOWS\system32\stera.exe
FileDelete C:\WINDOWS\system32\stera.?o?
FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
FileDelete C:\WINDOWS\system32\drivers\ersd.sys
FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
FileDelete C:\WINDOWS\system32\drivers\fopn.sys
FileDelete C:\WINDOWS\system32\drivers\sscan.sys
FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\WFF.sys
FileDelete C:\systemdoctor*.exe
# 6 - Repertoires
FolderDelete C:\Documents and Settings\Yasmina\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\Yasmina\Application Data\AXPDefender
FolderDelete C:\Documents and Settings\Yasmina\Application Data\AXPFixer
FolderDelete C:\Documents and Settings\Yasmina\Application Data\DriveCleaner Free
FolderDelete C:\Documents and Settings\Yasmina\Application Data\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\Yasmina\Application Data\systemdoctor 2006 free
FolderDelete C:\Documents and Settings\Yasmina\Application Data\VirusGarde
FolderDelete C:\Documents and Settings\Yasmina\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\Yasmina\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
FolderDelete C:\Program Files\AXPDefender
FolderDelete C:\Program Files\AXPFixer
FolderDelete C:\Program Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\erroguard
FolderDelete C:\Program Files\Error Safe
FolderDelete C:\Program Files\Error Safe Free
FolderDelete C:\Program Files\ErrorSafe
FolderDelete C:\Program Files\errorsafe free
FolderDelete C:\Program Files\MalWarrior*
FolderDelete C:\Program Files\SysProtect Free
FolderDelete C:\Program Files\SystemDoctor 2006
FolderDelete C:\Program Files\SystemDoctor 2006 Free
FolderDelete C:\Program Files\VirusGarde
FolderDelete C:\Program Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
FolderDelete C:\Program Files\WinAntiVirus 2005
FolderDelete C:\Program Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\WinFixer 2005
FolderDelete C:\Program Files\WinPopupGuard 2005
FolderDelete C:\Program Files\winspywareprotect
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
FolderDelete C:\Program Files\Archivos comunes\ErrClean
FolderDelete C:\Program Files\Archivos comunes\Error Safe
FolderDelete C:\Program Files\Archivos comunes\erroguard
FolderDelete C:\Program Files\Archivos comunes\errorguard
FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
FolderDelete C:\Program Files\Archivos comunes\WinSoftware
FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Common Files\ErrClean
FolderDelete C:\Program Files\Common Files\erroguard
FolderDelete C:\Program Files\Common Files\errorguard
FolderDelete C:\Program Files\Common Files\ErrorSafe
FolderDelete C:\Program Files\Common Files\SysProtect
FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Common Files\WinFixer 2005
FolderDelete C:\Program Files\Common Files\WinSoftware
FolderDelete C:\Program Files\Common Files\winspywareprotect
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner Free
FolderDelete C:\Program Files\Fichiers communs\ErrClean
FolderDelete C:\Program Files\Fichiers communs\Error Safe
FolderDelete C:\Program Files\Fichiers communs\erroguard
FolderDelete C:\Program Files\Fichiers communs\errorguard
FolderDelete C:\Program Files\Fichiers communs\ErrorSafe
Fold
BFU v1.12.0
Windows XP SP3 (WinNT 5.01.2600 SP3)
Script started at 21:10:05, on 19/02/2009
Option Unload Explorer: Yes
Success: ProcessKillByPID 924
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
# lazzzy 20/09/2006
# Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited
OptionUnloadShell
# 1 - Processus
ProcessKill \AdwareProtector.exe|1
ProcessKill \ErrorGuard.exe|1
ProcessKill \ERScw.exe|1
ProcessKill \Malwarrior.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
ProcessKill \sd2006.exe|1
ProcessKill \SDR6cw.exe|1
ProcessKill \SDRmon.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
ProcessKill uwasffNT.exe|1
ProcessKill \was6.exe|1
ProcessKill \WinAV.exe|1
ProcessKill \WinPG2005.exe|1
ProcessKill \WinSpywareProtect.exe|1
# 2 - Services
ServiceStop FWSvc
ServiceDisable FWSvc
ServiceDelete FWSvc
# 3 - Registre
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys
RegDeleteKey HKCR\antiviruscom.avofficeprotect
RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
RegDeleteKey HKCR\avexplorer.shellextension
RegDeleteKey HKCR\avexplorer.shellextension.2
RegDeleteKey HKCR\avexplorer.shellextension\curver
RegDeleteKey HKCR\checkprod.checkproduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
RegDeleteKey HKCR\ComCleanCor.AppCleane
RegDeleteKey HKCR\ComCleanCor.AppCleane.1
RegDeleteKey HKCR\ComCleanCor.CQuickScan
RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
RegDeleteKey HKCR\ComCleanCor.FileCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane.1
RegDeleteKey HKCR\ComCleanCor.RegCleane
RegDeleteKey HKCR\ComCleanCor.RegCleane.1
RegDeleteKey HKCR\ComCleanCor.SystemCleane
RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
RegDeleteKey HKCR\ComCleanCore.FileClean.1
RegDeleteKey HKCR\CompCleanCore.AppCleaner
RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
RegDeleteKey HKCR\CompCleanCore.CCQuickScan
RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
RegDeleteKey HKCR\CompCleanCore.FileCleaner
RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
RegDeleteKey HKCR\CompCleanCore.InetCleaner
RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
RegDeleteKey HKCR\CompCleanCore.RegCleaner
RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
RegDeleteKey HKCR\CompCleanCore.SystemCleaner
RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
RegDeleteKey HKCR\df_fixer.Fixer
RegDeleteKey HKCR\df_fixer.Fixer.1
RegDeleteKey HKCR\df_proxy.DriverManipulate
RegDeleteKey HKCR\df_proxy.DriverManipulate.1
RegDeleteKey HKCR\df_fix.Fix
RegDeleteKey HKCR\df_fix.Fix.1
RegDeleteKey HKCR\df_prx.DriverManipulat
RegDeleteKey HKCR\df_prx.DriverManipulat.1
RegDeleteKey HKCR\escompcleancore.esappcleaner
RegDeleteKey HKCR\escompcleancore.esappcleaner.1
RegDeleteKey HKCR\escompcleancore.esccquickscan
RegDeleteKey HKCR\escompcleancore.esccquickscan.1
RegDeleteKey HKCR\escompcleancore.esfilecleaner
RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
RegDeleteKey HKCR\escompcleancore.esinetcleaner
RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
RegDeleteKey HKCR\escompcleancore.esregcleaner
RegDeleteKey HKCR\escompcleancore.esregcleaner.1
RegDeleteKey HKCR\escompcleancore.essystemcleaner
RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
RegDeleteKey HKCR\esdf_fixer.esfixer
RegDeleteKey HKCR\esdf_fixer.esfixer.1
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
RegDeleteKey HKCR\esffwraper.esffenginwraper
RegDeleteKey HKCR\esffwraper.esffenginwraper.1
RegDeleteKey HKCR\esfixcore.esmmfixcore
RegDeleteKey HKCR\esfixcore.esmmfixcore.1
RegDeleteKey HKCR\esmmfixctrl.escofixengine
RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
RegDeleteKey HKCR\esspchck.esspchck
RegDeleteKey HKCR\esspchck.esspchck.1
RegDeleteKey HKCR\esspcheck.esspcheck
RegDeleteKey HKCR\esspcheck.esspcheck.1
RegDeleteKey HKCR\FFCom.FlFixer
RegDeleteKey HKCR\FFWraper.FFEnginWraper
RegDeleteKey HKCR\FFWrap.FEnginWrape
RegDeleteKey HKCR\FFWrap.FEnginWrape.1
RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
RegDeleteKey HKCR\FFxr_21.FFixr21
RegDeleteKey HKCR\FixCor.MMFxCor
RegDeleteKey HKCR\FixCor.MMFxCor.1
RegDeleteKey HKCR\FixCore.MMFixCore
RegDeleteKey HKCR\FixCore.MMFixCore.1
RegDeleteKey HKCR\FlFxr3.FlFixer3
RegDeleteKey HKCR\flfxr5.flfixer5
RegDeleteKey HKCR\FlFxr15.FlFixer15
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
RegDeleteKey HKCR\FWraper.FFEnginWraper
RegDeleteKey HKCR\FWraper.FFEnginWraper.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e
RegDeleteKey HKCR\FxCore.MMFixCore
RegDeleteKey HKCR\FxCore.MMFixCore.1
RegDeleteKey HKCR\iefwbho.iefw
RegDeleteKey HKCR\iefwbho.iefw.2
RegDeleteKey HKCR\Install.Install
RegDeleteKey HKCR\Install.Install.1
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
RegDeleteKey HKCR\MMFx.CoFxEngin
RegDeleteKey HKCR\MMFx.CoFxEngin.1
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
RegDeleteKey HKCR\systemdoctor.free
RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
RegDeleteKey HKCR\UWFXCheck.UWFXCheck
RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
RegDeleteKey HKCR\wap6.pcheck
RegDeleteKey HKCR\wap6.pcheck.1
RegDeleteKey HKCR\winpgintegrator.ieintegrator
RegDeleteKey HKCR\winpgintegrator.ieintegrator.1
RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
RegDeleteKey HKCR\AppID\CheckProduct2.DLL
RegDeleteKey HKCR\AppID\compcln.dll
RegDeleteKey HKCR\AppID\compclr.dll
RegDeleteKey HKCR\AppID\FFWrapr.DLL
RegDeleteKey HKCR\AppID\FFWraper.DLL
RegDeleteKey HKCR\AppID\FixCore.DLL
RegDeleteKey HKCR\AppID\FxCr.DLL
RegDeleteKey HKCR\AppID\MFix.DLL
RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
RegDeleteKey HKCR\AppID\winpgi.dll appid
RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}
RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}
RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}
RegDeleteKey HKCU\Software\Adsl Software Limited
RegDeleteKey HKCU\Software\ErrorGuard
RegDeleteKey HKCU\Software\errorsafe
RegDeleteKey HKCU\Software\error safe free
RegDeleteKey HKCU\Software\sysprotect free
RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
RegDeleteKey HKCU\Software\WinFixer 2005
RegDeleteKey HKCU\Software\WinSoftware
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered
RegDeleteKey HKLM\Software\AXPFixer
RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
RegDeleteKey HKLM\Software\ErrorSafe
RegDeleteKey HKLM\Software\Error Safe Free
RegDeleteKey HKLM\Software\sysprotect
RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKLM\Software\winantivirus pro 2006
RegDeleteKey HKLM\Software\WinSoftware
RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
RegDeleteKey HKLM\Software\Classes\UDCShell
RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk
RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll
RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}
RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell
RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd
RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd
RegDeleteKey HKUS\Software\DriveCleaner 2006 Free
# 4 - ActiveX
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024
# 5 - Fichiers
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
DllUnregister C:\Program Files\SysProtect\compclr.dll|1
DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
DllUnregister C:\WINDOWS\syst32.dll|1
FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\*errorsafe*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\*winantispyware*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\*winantivirus*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\install_fr*.exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\installer_fr[1].exe
FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\Yasmina\Application Data\setup_fr[1].exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\DriveCleaner 2006 Free.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorGuard.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorSafe.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorSafe*.exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\Yasmina\Bureau\WinFixer*.exe
FileDelete C:\Documents and Settings\Yasmina\Bureau\WinFixer*.lnk
FileDelete C:\Documents and Settings\Yasmina\Mes documents\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Yasmina\Mes documents\*SystemDoctor*.exe
FileDelete C:\Documents and Settings\Yasmina\Mes documents\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\*drivecleaner*.exe
FileDelete C:\Program Files\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
FileDelete C:\WINDOWS\46241234110.exe
FileDelete C:\WINDOWS\service32.exe
FileDelete C:\WINDOWS\syst32.dll
FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
FileDelete C:\WINDOWS\system32\av.cpl
FileDelete C:\WINDOWS\system32\blackster.scr
FileDelete C:\WINDOWS\system32\df_kme.exe
FileDelete C:\WINDOWS\system32\stera.exe
FileDelete C:\WINDOWS\system32\stera.?o?
FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
FileDelete C:\WINDOWS\system32\drivers\ersd.sys
FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
FileDelete C:\WINDOWS\system32\drivers\fopn.sys
FileDelete C:\WINDOWS\system32\drivers\sscan.sys
FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\WFF.sys
FileDelete C:\systemdoctor*.exe
# 6 - Repertoires
FolderDelete C:\Documents and Settings\Yasmina\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\Yasmina\Application Data\AXPDefender
FolderDelete C:\Documents and Settings\Yasmina\Application Data\AXPFixer
FolderDelete C:\Documents and Settings\Yasmina\Application Data\DriveCleaner Free
FolderDelete C:\Documents and Settings\Yasmina\Application Data\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\Yasmina\Application Data\systemdoctor 2006 free
FolderDelete C:\Documents and Settings\Yasmina\Application Data\VirusGarde
FolderDelete C:\Documents and Settings\Yasmina\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\Yasmina\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
FolderDelete C:\Program Files\AXPDefender
FolderDelete C:\Program Files\AXPFixer
FolderDelete C:\Program Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\erroguard
FolderDelete C:\Program Files\Error Safe
FolderDelete C:\Program Files\Error Safe Free
FolderDelete C:\Program Files\ErrorSafe
FolderDelete C:\Program Files\errorsafe free
FolderDelete C:\Program Files\MalWarrior*
FolderDelete C:\Program Files\SysProtect Free
FolderDelete C:\Program Files\SystemDoctor 2006
FolderDelete C:\Program Files\SystemDoctor 2006 Free
FolderDelete C:\Program Files\VirusGarde
FolderDelete C:\Program Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
FolderDelete C:\Program Files\WinAntiVirus 2005
FolderDelete C:\Program Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\WinFixer 2005
FolderDelete C:\Program Files\WinPopupGuard 2005
FolderDelete C:\Program Files\winspywareprotect
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
FolderDelete C:\Program Files\Archivos comunes\ErrClean
FolderDelete C:\Program Files\Archivos comunes\Error Safe
FolderDelete C:\Program Files\Archivos comunes\erroguard
FolderDelete C:\Program Files\Archivos comunes\errorguard
FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
FolderDelete C:\Program Files\Archivos comunes\WinSoftware
FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Common Files\ErrClean
FolderDelete C:\Program Files\Common Files\erroguard
FolderDelete C:\Program Files\Common Files\errorguard
FolderDelete C:\Program Files\Common Files\ErrorSafe
FolderDelete C:\Program Files\Common Files\SysProtect
FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Common Files\WinFixer 2005
FolderDelete C:\Program Files\Common Files\WinSoftware
FolderDelete C:\Program Files\Common Files\winspywareprotect
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner Free
FolderDelete C:\Program Files\Fichiers communs\ErrClean
FolderDelete C:\Program Files\Fichiers communs\Error Safe
FolderDelete C:\Program Files\Fichiers communs\erroguard
FolderDelete C:\Program Files\Fichiers communs\errorguard
FolderDelete C:\Program Files\Fichiers communs\ErrorSafe
Fold
Fait moi un scan en ligne Merci :
Fais un scan en ligne avec Internet explorer (merci !aur3n7=
* Rend toi sur ce site https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Clique sur l'image de droite Kaspersky Online scanner
-- Une notice s'affichera , clique sur le bouton j'accepte (après en avoir pris connaissance bien sur)
note: Si le scanner n'a pas encore été installé (ActivX) un message te demandera si tu accepte ou non de le faire.
-- L'installation et la mise à jour de la base antivirale se feront automatiquement.
* Clique sur Suivant
* Clique sur le bouton paramètres d'analyse
-- à l'option analyser avec la base antivirus suivant :
---- [X] étendue
-- dans les options d'analyse contrôle que les cases suivantes soient cochées
---- [X] analyser les archives
---- [X] analyser les bases de messagerie
-- Clique sur le bouton OK
* choisis Poste de travail pour lancer le scan
* Une fois le scan terminé sauvegarde le rapport Clique sur Enregistrer rapport sous
-- Pour le retrouver facilement met le sur le bureau
-- dans nom de fichier entre Kaspersky
-- A type de fichier choisis text file (*.txt) puis clique sur le bouton enregistrer
* Fais un copier coller du contenu de ce fichier dans ta prochaine réponse.
Note :
- En cas de problème vérifies ces quelques points https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809
- Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
- En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
Fais un scan en ligne avec Internet explorer (merci !aur3n7=
* Rend toi sur ce site https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Clique sur l'image de droite Kaspersky Online scanner
-- Une notice s'affichera , clique sur le bouton j'accepte (après en avoir pris connaissance bien sur)
note: Si le scanner n'a pas encore été installé (ActivX) un message te demandera si tu accepte ou non de le faire.
-- L'installation et la mise à jour de la base antivirale se feront automatiquement.
* Clique sur Suivant
* Clique sur le bouton paramètres d'analyse
-- à l'option analyser avec la base antivirus suivant :
---- [X] étendue
-- dans les options d'analyse contrôle que les cases suivantes soient cochées
---- [X] analyser les archives
---- [X] analyser les bases de messagerie
-- Clique sur le bouton OK
* choisis Poste de travail pour lancer le scan
* Une fois le scan terminé sauvegarde le rapport Clique sur Enregistrer rapport sous
-- Pour le retrouver facilement met le sur le bureau
-- dans nom de fichier entre Kaspersky
-- A type de fichier choisis text file (*.txt) puis clique sur le bouton enregistrer
* Fais un copier coller du contenu de ce fichier dans ta prochaine réponse.
Note :
- En cas de problème vérifies ces quelques points https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809
- Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
- En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
On dirait que la vilaine bête est partie. Un ami m'a dit qu'il ne restait dans l'ordi que l'empreinte de son chemin d'acces. Comme il est supprimé, il ne le trouve plus mais continues à chercher ce .setup.msi.
Il a réussi à l'enlever mais me conseille quand même de formater, au cas où.
Tu en penses quoi?
Il a réussi à l'enlever mais me conseille quand même de formater, au cas où.
Tu en penses quoi?
as oui tu utilise firefox, il faut que tu intalle ceci, qui s'appelle IE tab car kaspersky ne marche encore qu'avec IE. Une fois cela installer, tu clique droit sur le lien kaspersky ici et tu fait ourir ace IE tab.
Merci.
https://addons.mozilla.org/fr/firefox/addon/1419
Merci.
https://addons.mozilla.org/fr/firefox/addon/1419
ça ne marche toujours pas.
quand j'essaye sous internet explorer, ça me remet le message: Échec du chargement du contrôle ActiveX Kaspersky On-line Scanner!
Vous devez jouir des privilèges d'administrateur sur ce poste ;
en outre, il faut configurer le niveau de sécurité IE sur Moyen.
Et quand j'essaye sous firefox, en ayant fait ce que tu m'as donné, j'accepte et puis rien ne se passe.
quand j'essaye sous internet explorer, ça me remet le message: Échec du chargement du contrôle ActiveX Kaspersky On-line Scanner!
Vous devez jouir des privilèges d'administrateur sur ce poste ;
en outre, il faut configurer le niveau de sécurité IE sur Moyen.
Et quand j'essaye sous firefox, en ayant fait ce que tu m'as donné, j'accepte et puis rien ne se passe.
Fait celui ci alors. Mais es tu l'administrateur de l'ordi?
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
non pas de formatage cela ne sert à rien, me faire le scan antivirus et me répondre à ma question, on va voir avec le scan s'il est bien parti.
Voici le rapport du scan:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-22 20:11:01
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition Classic 8.0.1.30 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@tradedoubler[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@weborama[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@smartadserver[2].txt
00484705 Application/IEDefender HackTools No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP621\A0040646.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP620\A0040624.sys
03587590 Adware/Yassist Adware No 0 No No C:\Documents and Settings\Yasmina\Bureau\divx_divx_6.8.3.9_francais_10144.exe[²ÇÇ\y_toolbar.exe][²èÇ]
;===================================================================================================================================================================================
SUSPECTS
Sent Location |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-02-22 20:11:01
PROTECTIONS: 1
MALWARE: 8
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Avira AntiVir PersonalEdition Classic 8.0.1.30 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@tradedoubler[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@xiti[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@weborama[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@bluestreak[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@smartadserver[2].txt
00484705 Application/IEDefender HackTools No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP621\A0040646.sys
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP620\A0040624.sys
03587590 Adware/Yassist Adware No 0 No No C:\Documents and Settings\Yasmina\Bureau\divx_divx_6.8.3.9_francais_10144.exe[²ÇÇ\y_toolbar.exe][²èÇ]
;===================================================================================================================================================================================
SUSPECTS
Sent Location |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
