MailSkinner

Résolu
yayarcheo Messages postés 70 Statut Membre -  
yayarcheo Messages postés 70 Statut Membre -
Bonjour,
Il m'est impossible de supprimer Mailskinner de mon ordinateur. J'ai essayé Avast, antivir et un anti malware, mais rien à faire. je ne peux pas le supprimer de mes programmes. J'ai aussi tenté le mode sans echec mais rien à faire, il reste bien incruster dans mon pc.... pouvez-vous m'aider? et à quel point ce truc est-il dangereux?
merci :)
Configuration: Windows XP
Firefox 3.0.6

31 réponses

  • 1
  • 2
Résumé de la discussion

Le problème porte sur l’impossibilité de supprimer Mailskinner sur un PC Windows XP, malgré des tentatives avec Avast, Avira et le mode sans échec, et malgré l’incrustation du programme dans le système. Des éléments et méthodes de réponse ont été évoqués, incluant l’analyse de journaux avec HijackThis et Navilog, et l’emploi d’outils comme Brute Force pour isoler et supprimer les composants malveillants. Le rapport de diagnostic mentionne des cookies traqueurs et des éléments plus sérieux tels que des rootkits et des outils de hack, ce qui justifie une approche multi-outil et une purge plus approfondie.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. haricot60 Messages postés 38 Statut Membre 1
     
    http://www.commentcamarche.net/faq/sujet 5090 supprimer mailskinner#desinstallation
    regarde la
    0
  2. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour,

    Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Ensuite :

    Télécharge le fichier d'installation d'HijackThis.

    Enregistre HJTInstall.exe sur ton bureau.

    Renomme Hijackthis en Tutu

    Double-clique sur HJTInstall.exe (tutu) pour lancer le programme

    Par défaut, il s'installera là :
    C:\Program Files\Trend Micro\HijackThis

    Accepte la licence en cliquant sur le bouton "I Accept"

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum

    Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement

    Tutoriaux (ne fixe rien pour le moment !!)

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      voici le rapport:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:55:53, on 16/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Yasmina\Bureau\Tutu.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  3. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :

    /!\ Déconnectes toi et fermes toutes applications en cours

    ● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
    ● Double clique sur l'icône Ad-removersituée sur ton bureau
    ● Au menu principal choisi l'option "A"
    ● Postes le rapport qui apparait à la fin .

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      ------- LOGFILE OF AD-REMOVER 1.1.1.3 | ONLY XP/VISTA -------

      Updated by C_XX on 15/02/2009 at 10:20

      Start at: 11:30:14 | Lun 16/02/2009 | Boot mode: Normal Boot
      Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
      Operating System: Microsoft® Windows XP™ Service Pack 3 (version 5.1.2600)
      Computer Name: BIDULE
      Current User: Yasmina - Administrator
      Drive(s):
      - C:\ (File System: NTFS)
      System Drive: C:\
      Windows Directory: C:\WINDOWS\
      System Directory: C:\WINDOWS\System32\

      --- Running Processes: 36

      +-----------------| Boonty/Boonty Games Elements Found:

      .
      .

      +-----------------| Eorezo Elements Found:

      HKCU\Software\EoRezo
      HKLM\Software\EoRezo
      HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\EoEngine
      HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Eoengine
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
      .
      C:\Documents and Settings\Yasmina\Application Data\EoRezo
      C:\Documents and Settings\Yasmina\Application Data\EoRezo\db
      C:\Documents and Settings\Yasmina\Application Data\EoRezo\eoDesktop
      C:\Documents and Settings\Yasmina\Application Data\EoRezo\eoStats
      C:\Documents and Settings\Yasmina\Application Data\EoRezo\SoftwareUpdate
      C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-22E533F9.pf
      C:\Documents and Settings\Yasmina\Cookies\yasmina@eorezo[1].txt

      +-----------------| Infected Poker Softwares Elements Found:

      .

      +-----------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

      .
      .

      +-----------------| It's TV Elements Found:

      .

      +-----------------| Sweetim Elements Found:

      .

      +-----------------| Added Scan:

      ---- Mozilla FireFox Version 3.0.6 ----

      ProfilePath: ur2eei1b.default
      .
      Prefs.js: Browser.Search.DefaultEngineName: "Google"
      Prefs.js: Browser.Search.SelectedEngine: "Google"
      Prefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
      .
      .
      Invalidprefs.js: Browser.Search.DefaultEngineName: "Google"
      Invalidprefs.js: Browser.Search.DefaultUrl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
      .
      (Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://eo.st");
      .
      .

      ---- Internet Explorer Version 7.0.5730.11 ----

      +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

      Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://y.lo.st

      +-[HKEY_USERS\S-1-5-21-3778484445-1339818193-2825729356-1007\..\Internet Explorer\Main]

      Search bar: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Start page: hxxp://y.lo.st

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

      Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
      Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
      Start page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

      +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

      Tabs: hxxp://eo.st

      +---------------------------------------------------------------------------+

      [~3354 Bytes] - "C:\Ad-Report-Scan-16.02.2009.log"
      -

      End at: 11:31:23 | 16/02/2009
      .
      +-----------------| E.O.F - 72 Lines
      .
      0
  4. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Déconnectes toi et fermes toutes applications en cours !

    Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    * Relances "Ad-remover" : au menu principal choisi l'option "B" .

    --> le programme va travailler ...

    * Postes le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides) /!\
    ensuite un nouvel hijackthis.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      le rapport de ad-remover :
      [ ]1. Suppression Boonty/BoontyGames
      [ ]2. Suppression Eorezo
      [ ]3. Suppression Logiciels Poker infectés
      [ ]4. Suppression FunWebProducts/MyWay/MyWebSearch
      [ ]5. Suppression It's TV
      [ ]6. Suppression Sweetim

      Voilà :) Je lance maintenant un nouveau scan de Hijackthis.
      Encore merci pour ce suivi pas à pas :)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    non ce n'est pas le rapport désolé.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      c'est pourtant ce que m'a affiché ad-remover lorsque je l'ai lancé en mode B. Ensuite il me demandait si je voulais supprimer les fichiers. Il ne m'est pas possible de copier/coller ce rendu, alors je l'ai recopié. Je me suis trompée?
      Voici le rapport de HijackThis:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:06:55, on 16/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Safe mode

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Documents and Settings\Yasmina\Bureau\Tutu.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=pavilion&pf=laptop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Yasmina\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/...
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    normalement c'est le même rapport que l'autre sauf qu'il à marqué suppression afin d'être sur que ce soit supprimé.

    Ensuite ceci :

    Téléchargez SmitfraudFix et enregistrez-le sur le bureau
    * Ensuite, double cliquez sur SmitfraudFix puis sur Exécuter. (Sous Vista : clic droit sur SmitfraudFix et sélectionnez "Exécuter en tant qu'administrateur")
    * Sélectionnez 1 pour créer un rapport des fichiers responsables de l'infection.
    * A la fin de l'analyse, un rapport va être généré...Enregistrez-le sur le bureau.

    Regarde bien le tuto qui est avec

    /!\ Postez le rapport sur le forum pour savoir si la suppression peut être lancée.

    En mode sans echec la suppression des fichiers présents.

    process.exe
    est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      j'ai recommencé la manip' précédente et il n'a pas pu supprimer le fichier Eorezo, fichier introuvable...
      Je lance la suite.
      0
    2. yayarcheo Messages postés 70 Statut Membre
       
      Antivir me signale un truc malveillant du nom de WORM/Generic.3868, et me conseille de refuser l'accès. Ceci est lié à MailSkinner?
      Sinon, voici le rapport de SmitFraudFix:
      SmitFraudFix v2.396

      Rapport fait à 14:23:30,17, 16/02/2009
      Executé à partir de C:\Documents and Settings\Yasmina\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yasmina


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yasmina\LOCALS~1\Temp


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Yasmina\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Yasmina\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"


      »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      o4Patch
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      Agent.OMZ.Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» RK



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 192.168.1.1

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{BDD07917-A39F-4F73-BEE9-02EDB66D884D}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      0
  8. Utilisateur anonyme
     
    Bonjour yayarcheo,

    Une fois dans le menu de l'option B de Ad-remover, il faut cocher la case devant Eorezo, pour cela tape sur ton clavier la touche 2, valide par entrée, puis tape la touche S et valide par entrée ... répond oui a la demande de confirmation et laisse le programme travailler.

    Bonne continuation

    ++
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      merci :)
      0
  9. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Fait ce qu'a demandé CXX. ensuite pour Mailskinner :

    # Cliquez sur démarrer > Panneau de configuration > Ajout/suppression de programmes puis désinstallez Mailskinner si présent. Si le programme montre une quelconque résistance à la suppression, essayez de le désinstaller en mode sans échec .
    # 2. Cliquez sur Démarrer > Poste de travail > C:\ > Program Files, et supprimez ce dossier : Mailskinner. Si le dossier persiste, supprimez-le en mode sans échec (voir ci-dessus pour y accéder)
    # 3. Faites ceci pour finir la suppression des dossiers créés par Mailskinner :

    * Affichez tous les dossiers et fichiers cachés :
    * Cliquez sur Démarrer > Panneau de configuration > Outils > Options des dossiers > Affichage
    * Cochez : "Afficher les fichiers et dossiers cachés"
    * Cliquez sur Appliquer puis OK.
    * Cliquez sur Démarrer > Poste de travail > C:\ > Documents and settings > All Users > Application data, et supprimez si présent le dossier Mailskinner.

    # 4. Faites la même chose avec les autres dossiers de sessions, par exemple :

    * C:/Documents and settings/< le nom de(s) autre(s) session(s) >/Application data
    * Supprimez les dossiers Mailskinner si présents.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      Bonjour,
      Impossible de supprimer ce foutu logiciel, même en mode sans echec...
      0
    2. yayarcheo Messages postés 70 Statut Membre
       
      J'ai relancé un scan "Tutu" dont voici le rapport:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 07:34:24, on 17/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Documents and Settings\Yasmina\Bureau\Tutu.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Yasmina\Application Data\Dealio\kb127\res\DealioSearch.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    as tu fait ce qu CXX t'a demandé?

    Ensuite fait ceci :

    Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :

    Tuto

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! désactive ton antivirus.

    * double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
    * Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
    * Choisis l'option 1 ( "recherche") et tapes "entrée" .
    * Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
    de son contenu dans ta prochaine réponse ...
    ( le rapport est en outre sauvegardé ici -> C:\TB.txt )

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      oui oui j'ai bien fait ce que m'avait demandé CXX.
      voilà le rapport de ToolBar S&D:

      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft (R) Windows Script Host Version 5.7
      Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
      BIOS : Phoenix NoteBIOS 4.0 Release 6.0
      USER : Yasmina ( Administrator )
      BOOT : Normal boot
      Antivirus : avast! antivirus 4.8.1296 [VPS 090216-1] 4.8.1296 (Not Activated)
      C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [1] ( 17/02/2009|12:19 )

      -----------\\ Recherche de Fichiers / Dossiers ...

      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_over.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_rec.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\alerts_rec_over.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\chevron-small.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\DealioSearch.html
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\deals-leftcap.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\deal_report.jpg
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\ebay_login.jpg
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\err_mainwindow.html
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\err_toolbar.html
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\global_scripts.js
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\headerbgthin.jpg
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\highlight-bg.png
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\logo.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\logo_over.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.css
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.html
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbar.js
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\man_toolbarl.js
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\post-this-deal.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\post-this-deal_over.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\scripts.js
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\scroller.js
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search-chevron.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search-chevron_over.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\search_bg_blink.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\separator.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\settings.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\settings_over.gif
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\res\yahoo-search.png
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\index.76.35
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.10.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.109.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.110.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.12.52
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.13.58
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.130.58
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.135.50
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.153.44
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.155.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.156.49
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.16.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.161.52
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.178.66
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.184.55
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.188.52
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.189.45
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.196.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.198.56
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.199.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.200.53
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.201.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.202.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.203.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.205.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.213.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.214.49
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.215.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.216.67
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.217.67
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.218.52
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.219.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.220.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.221.57
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.222.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.223.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.226.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.227.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.228.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.229.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.23.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.239.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.24.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.240.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.241.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.242.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.243.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.244.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.245.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.247.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.248.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.249.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.250.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.251.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.252.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.253.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.254.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.255.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.256.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.257.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.279.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.28.58
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.282.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.283.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.284.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.289.67
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.290.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.291.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.296.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.297.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.304.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.307.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.308.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.31.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.310.46
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.311.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.315.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.316.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.317.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.318.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.319.49
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.32.48
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.334.44
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.335.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.336.44
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.337.44
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.338.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.339.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.34.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.340.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.341.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.349.50
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.35.48
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.350.50
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.351.51
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.352.54
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.353.51
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.354.51
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.357.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.358.52
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.359.52
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.360.53
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.361.54
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.362.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.363.58
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.364.54
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.365.53
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.367.56
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.368.58
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.369.55
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.370.56
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.371.56
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.372.57
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.373.55
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.375.56
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.376.57
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.377.55
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.378.65
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.384.58
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.386.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.387.59
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.388.59
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.389.59
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.390.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.391.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.392.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.393.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.394.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.396.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.397.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.398.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.399.60
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.403.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.404.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.405.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.406.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.407.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.408.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.409.61
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.412.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.413.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.414.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.415.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.416.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.417.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.418.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.419.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.420.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.421.62
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.423.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.424.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.425.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.426.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.427.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.428.65
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.429.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.430.63
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.432.65
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.433.64
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.434.65
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.435.64
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.436.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.437.64
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.438.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.439.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.440.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.442.73
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.443.73
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.444.73
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.445.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.446.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.450.67
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.451.67
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.452.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.453.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.454.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.456.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.457.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.458.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.459.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.460.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.462.74
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.463.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.464.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.465.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.468.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.469.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.470.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.471.73
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.472.70
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.478.74
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.479.73
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.480.68
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.481.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.482.74
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.49.67
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.50.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.500.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.501.74
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.502.71
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.51.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.52.72
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.520.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.521.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.522.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.53.51
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.531.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.532.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.534.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.54.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.55.45
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.56.69
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.57.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.58.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.593.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.595.76
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.63.57
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.66.47
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.70.75
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\rules\rules.1.71.43
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dealio-14282.log
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dealio-14283.log
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\dod_cache.xml
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3988_2348_6.html
      C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127\temp\_toolbar_tmp_3988_3808_3.html
      C:\Program Files\Dealio
      C:\Program Files\Dealio\DealioAU.exe
      C:\Program Files\Dealio\kb127
      C:\Program Files\Dealio\SearchSettingsKit.exe
      C:\Program Files\Dealio\kb127\Dealio Deskbar.exe
      C:\Program Files\Dealio\kb127\Dealio.dll
      C:\Program Files\Dealio\kb127\DealioRes409.dll
      C:\Program Files\Dealio\kb127\res
      C:\Program Files\Dealio\kb127\resDN
      C:\Program Files\Dealio\kb127\rules
      C:\Program Files\Dealio\kb127\temp
      C:\Program Files\Dealio\kb127\res\alerts.gif
      C:\Program Files\Dealio\kb127\res\alerts_over.gif
      C:\Program Files\Dealio\kb127\res\alerts_rec.gif
      C:\Program Files\Dealio\kb127\res\alerts_rec_over.gif
      C:\Program Files\Dealio\kb127\res\chevron-small.gif
      C:\Program Files\Dealio\kb127\res\DealioSearch.html
      C:\Program Files\Dealio\kb127\res\deals-leftcap.gif
      C:\Program Files\Dealio\kb127\res\deal_report.jpg
      C:\Program Files\Dealio\kb127\res\ebay_login.jpg
      C:\Program Files\Dealio\kb127\res\err_mainwindow.html
      C:\Program Files\Dealio\kb127\res\err_toolbar.html
      C:\Program Files\Dealio\kb127\res\global_scripts.js
      C:\Program Files\Dealio\kb127\res\headerbgthin.jpg
      C:\Program Files\Dealio\kb127\res\highlight-bg.png
      C:\Program Files\Dealio\kb127\res\logo.gif
      C:\Program Files\Dealio\kb127\res\logo_over.gif
      C:\Program Files\Dealio\kb127\res\man_toolbar.css
      C:\Program Files\Dealio\kb127\res\man_toolbar.html
      C:\Program Files\Dealio\kb127\res\man_toolbar.js
      C:\Program Files\Dealio\kb127\res\man_toolbarl.js
      C:\Program Files\Dealio\kb127\res\post-this-deal.gif
      C:\Program Files\Dealio\kb127\res\post-this-deal_over.gif
      C:\Program Files\Dealio\kb127\res\scripts.js
      C:\Program Files\Dealio\kb127\res\scroller.js
      C:\Program Files\Dealio\kb127\res\search-chevron.gif
      C:\Program Files\Dealio\kb127\res\search-chevron_over.gif
      C:\Program Files\Dealio\kb127\res\search_bg_blink.gif
      C:\Program Files\Dealio\kb127\res\separator.gif
      C:\Program Files\Dealio\kb127\res\settings.gif
      C:\Program Files\Dealio\kb127\res\settings_over.gif
      C:\Program Files\Dealio\kb127\res\yahoo-search.png
      C:\Program Files\Dealio\kb127\resDN\bottom.gif
      C:\Program Files\Dealio\kb127\resDN\chevron_down.gif
      C:\Program Files\Dealio\kb127\resDN\chevron_up.gif
      C:\Program Files\Dealio\kb127\resDN\close.gif
      C:\Program Files\Dealio\kb127\resDN\deskbar.css
      C:\Program Files\Dealio\kb127\resDN\deskbar.js
      C:\Program Files\Dealio\kb127\resDN\dispatch_helper.js
      C:\Program Files\Dealio\kb127\resDN\ebay_compatible.jpg
      C:\Program Files\Dealio\kb127\resDN\logo.gif
      C:\Program Files\Dealio\kb127\resDN\logo_chevron_bkg.gif
      C:\Program Files\Dealio\kb127\resDN\losing.gif
      C:\Program Files\Dealio\kb127\resDN\lost.gif
      C:\Program Files\Dealio\kb127\resDN\man_deskbar.html
      C:\Program Files\Dealio\kb127\resDN\menu_arrow.gif
      C:\Program Files\Dealio\kb127\resDN\menu_check.gif
      C:\Program Files\Dealio\kb127\resDN\no_image.gif
      C:\Program Files\Dealio\kb127\resDN\prod_img.gif
      C:\Program Files\Dealio\kb127\resDN\search_chevron.gif
      C:\Program Files\Dealio\kb127\resDN\spacer.gif
      C:\Program Files\Dealio\kb127\resDN\textfield_bkg.gif
      C:\Program Files\Dealio\kb127\resDN\top.gif
      C:\Program Files\Dealio\kb127\resDN\unknown.gif
      C:\Program Files\Dealio\kb127\resDN\winning.gif
      C:\Program Files\Dealio\kb127\resDN\won.gif
      C:\Program Files\Dealio\kb127\rules\index.76.35
      C:\Program Files\Dealio\kb127\rules\rules.1.10.76
      C:\Program Files\Dealio\kb127\rules\rules.1.109.43
      C:\Program Files\Dealio\kb127\rules\rules.1.110.43
      C:\Program Files\Dealio\kb127\rules\rules.1.12.52
      C:\Program Files\Dealio\kb127\rules\rules.1.13.58
      C:\Program Files\Dealio\kb127\rules\rules.1.130.58
      C:\Program Files\Dealio\kb127\rules\rules.1.135.50
      C:\Program Files\Dealio\kb127\rules\rules.1.153.44
      C:\Program Files\Dealio\kb127\rules\rules.1.155.43
      C:\Program Files\Dealio\kb127\rules\rules.1.156.49
      C:\Program Files\Dealio\kb127\rules\rules.1.16.60
      C:\Program Files\Dealio\kb127\rules\rules.1.161.52
      C:\Program Files\Dealio\kb127\rules\rules.1.178.66
      C:\Program Files\Dealio\kb127\rules\rules.1.184.55
      C:\Program Files\Dealio\kb127\rules\rules.1.188.52
      C:\Program Files\Dealio\kb127\rules\rules.1.189.45
      C:\Program Files\Dealio\kb127\rules\rules.1.196.43
      C:\Program Files\Dealio\kb127\rules\rules.1.198.56
      C:\Program Files\Dealio\kb127\rules\rules.1.199.43
      C:\Program Files\Dealio\kb127\rules\rules.1.200.53
      C:\Program Files\Dealio\kb127\rules\rules.1.201.43
      C:\Program Files\Dealio\kb127\rules\rules.1.202.43
      C:\Program Files\Dealio\kb127\rules\rules.1.203.71
      C:\Program Files\Dealio\kb127\rules\rules.1.205.62
      C:\Program Files\Dealio\kb127\rules\rules.1.213.71
      C:\Program Files\Dealio\kb127\rules\rules.1.214.49
      C:\Program Files\Dealio\kb127\rules\rules.1.215.43
      C:\Program Files\Dealio\kb127\rules\rules.1.216.67
      C:\Program Files\Dealio\kb127\rules\rules.1.217.67
      C:\Program Files\Dealio\kb127\rules\rules.1.218.52
      C:\Program Files\Dealio\kb127\rules\rules.1.219.43
      C:\Program Files\Dealio\kb127\rules\rules.1.220.43
      C:\Program Files\Dealio\kb127\rules\rules.1.221.57
      C:\Program Files\Dealio\kb127\rules\rules.1.222.43
      C:\Program Files\Dealio\kb127\rules\rules.1.223.68
      C:\Program Files\Dealio\kb127\rules\rules.1.226.68
      C:\Program Files\Dealio\kb127\rules\rules.1.227.43
      C:\Program Files\Dealio\kb127\rules\rules.1.228.62
      C:\Program Files\Dealio\kb127\rules\rules.1.229.76
      C:\Program Files\Dealio\kb127\rules\rules.1.23.63
      C:\Program Files\Dealio\kb127\rules\rules.1.239.43
      C:\Program Files\Dealio\kb127\rules\rules.1.24.43
      C:\Program Files\Dealio\kb127\rules\rules.1.240.43
      C:\Program Files\Dealio\kb127\rules\rules.1.241.43
      C:\Program Files\Dealio\kb127\rules\rules.1.242.43
      C:\Program Files\Dealio\kb127\rules\rules.1.243.43
      C:\Program Files\Dealio\kb127\rules\rules.1.244.63
      C:\Program Files\Dealio\kb127\rules\rules.1.245.43
      C:\Program Files\Dealio\kb127\rules\rules.1.247.43
      C:\Program Files\Dealio\kb127\rules\rules.1.248.43
      C:\Program Files\Dealio\kb127\rules\rules.1.249.43
      C:\Program Files\Dealio\kb127\rules\rules.1.250.43
      C:\Program Files\Dealio\kb127\rules\rules.1.251.43
      C:\Program Files\Dealio\kb127\rules\rules.1.252.43
      C:\Program Files\Dealio\kb127\rules\rules.1.253.43
      C:\Program Files\Dealio\kb127\rules\rules.1.254.43
      C:\Program Files\Dealio\kb127\rules\rules.1.255.43
      C:\Program Files\Dealio\kb127\rules\rules.1.256.43
      C:\Program Files\Dealio\kb127\rules\rules.1.257.43
      C:\Program Files\Dealio\kb127\rules\rules.1.279.43
      C:\Program Files\Dealio\kb127\rules\rules.1.28.58
      C:\Program Files\Dealio\kb127\rules\rules.1.282.75
      C:\Program Files\Dealio\kb127\rules\rules.1.283.43
      C:\Program Files\Dealio\kb127\rules\rules.1.284.43
      C:\Program Files\Dealio\kb127\rules\rules.1.289.67
      C:\Program Files\Dealio\kb127\rules\rules.1.290.62
      C:\Program Files\Dealio\kb127\rules\rules.1.291.61
      C:\Program Files\Dealio\kb127\rules\rules.1.296.43
      C:\Program Files\Dealio\kb127\rules\rules.1.297.43
      C:\Program Files\Dealio\kb127\rules\rules.1.304.43
      C:\Program Files\Dealio\kb127\rules\rules.1.307.43
      C:\Program Files\Dealio\kb127\rules\rules.1.308.75
      C:\Program Files\Dealio\kb127\rules\rules.1.31.47
      C:\Program Files\Dealio\kb127\rules\rules.1.310.46
      C:\Program Files\Dealio\kb127\rules\rules.1.311.43
      C:\Program Files\Dealio\kb127\rules\rules.1.315.43
      C:\Program Files\Dealio\kb127\rules\rules.1.316.43
      C:\Program Files\Dealio\kb127\rules\rules.1.317.43
      C:\Program Files\Dealio\kb127\rules\rules.1.318.43
      C:\Program Files\Dealio\kb127\rules\rules.1.319.49
      C:\Program Files\Dealio\kb127\rules\rules.1.32.48
      C:\Program Files\Dealio\kb127\rules\rules.1.334.44
      C:\Program Files\Dealio\kb127\rules\rules.1.335.60
      C:\Program Files\Dealio\kb127\rules\rules.1.336.44
      C:\Program Files\Dealio\kb127\rules\rules.1.337.44
      C:\Program Files\Dealio\kb127\rules\rules.1.338.75
      C:\Program Files\Dealio\kb127\rules\rules.1.339.47
      C:\Program Files\Dealio\kb127\rules\rules.1.34.43
      C:\Program Files\Dealio\kb127\rules\rules.1.340.47
      C:\Program Files\Dealio\kb127\rules\rules.1.341.47
      C:\Program Files\Dealio\kb127\rules\rules.1.349.50
      C:\Program Files\Dealio\kb127\rules\rules.1.35.48
      C:\Program Files\Dealio\kb127\rules\rules.1.350.50
      C:\Program Files\Dealio\kb127\rules\rules.1.351.51
      C:\Program Files\Dealio\kb127\rules\rules.1.352.54
      C:\Program Files\Dealio\kb127\rules\rules.1.353.51
      C:\Program Files\Dealio\kb127\rules\rules.1.354.51
      C:\Program Files\Dealio\kb127\rules\rules.1.357.62
      C:\Program Files\Dealio\kb127\rules\rules.1.358.52
      C:\Program Files\Dealio\kb127\rules\rules.1.359.52
      C:\Program Files\Dealio\kb127\rules\rules.1.360.53
      C:\Program Files\Dealio\kb127\rules\rules.1.361.54
      C:\Program Files\Dealio\kb127\rules\rules.1.362.68
      C:\Program Files\Dealio\kb127\rules\rules.1.363.58
      C:\Program Files\Dealio\kb127\rules\rules.1.364.54
      C:\Program Files\Dealio\kb127\rules\rules.1.365.53
      C:\Program Files\Dealio\kb127\rules\rules.1.367.56
      C:\Program Files\Dealio\kb127\rules\rules.1.368.58
      C:\Program Files\Dealio\kb127\rules\rules.1.369.55
      C:\Program Files\Dealio\kb127\rules\rules.1.370.56
      C:\Program Files\Dealio\kb127\rules\rules.1.371.56
      C:\Program Files\Dealio\kb127\rules\rules.1.372.57
      C:\Program Files\Dealio\kb127\rules\rules.1.373.55
      C:\Program Files\Dealio\kb127\rules\rules.1.375.56
      C:\Program Files\Dealio\kb127\rules\rules.1.376.57
      C:\Program Files\Dealio\kb127\rules\rules.1.377.55
      C:\Program Files\Dealio\kb127\rules\rules.1.378.65
      C:\Program Files\Dealio\kb127\rules\rules.1.384.58
      C:\Program Files\Dealio\kb127\rules\rules.1.386.71
      C:\Program Files\Dealio\kb127\rules\rules.1.387.59
      C:\Program Files\Dealio\kb127\rules\rules.1.388.59
      C:\Program Files\Dealio\kb127\rules\rules.1.389.59
      C:\Program Files\Dealio\kb127\rules\rules.1.390.60
      C:\Program Files\Dealio\kb127\rules\rules.1.391.60
      C:\Program Files\Dealio\kb127\rules\rules.1.392.60
      C:\Program Files\Dealio\kb127\rules\rules.1.393.60
      C:\Program Files\Dealio\kb127\rules\rules.1.394.60
      C:\Program Files\Dealio\kb127\rules\rules.1.396.61
      C:\Program Files\Dealio\kb127\rules\rules.1.397.61
      C:\Program Files\Dealio\kb127\rules\rules.1.398.60
      C:\Program Files\Dealio\kb127\rules\rules.1.399.60
      C:\Program Files\Dealio\kb127\rules\rules.1.403.61
      C:\Program Files\Dealio\kb127\rules\rules.1.404.63
      C:\Program Files\Dealio\kb127\rules\rules.1.405.61
      C:\Program Files\Dealio\kb127\rules\rules.1.406.61
      C:\Program Files\Dealio\kb127\rules\rules.1.407.76
      C:\Program Files\Dealio\kb127\rules\rules.1.408.63
      C:\Program Files\Dealio\kb127\rules\rules.1.409.61
      C:\Program Files\Dealio\kb127\rules\rules.1.412.62
      C:\Program Files\Dealio\kb127\rules\rules.1.413.62
      C:\Program Files\Dealio\kb127\rules\rules.1.414.62
      C:\Program Files\Dealio\kb127\rules\rules.1.415.62
      C:\Program Files\Dealio\kb127\rules\rules.1.416.62
      C:\Program Files\Dealio\kb127\rules\rules.1.417.62
      C:\Program Files\Dealio\kb127\rules\rules.1.418.62
      C:\Program Files\Dealio\kb127\rules\rules.1.419.62
      C:\Program Files\Dealio\kb127\rules\rules.1.420.62
      C:\Program Files\Dealio\kb127\rules\rules.1.421.62
      C:\Program Files\Dealio\kb127\rules\rules.1.423.63
      C:\Program Files\Dealio\kb127\rules\rules.1.424.63
      C:\Program Files\Dealio\kb127\rules\rules.1.425.63
      C:\Program Files\Dealio\kb127\rules\rules.1.426.63
      C:\Program Files\Dealio\kb127\rules\rules.1.427.63
      C:\Program Files\Dealio\kb127\rules\rules.1.428.65
      C:\Program Files\Dealio\kb127\rules\rules.1.429.63
      C:\Program Files\Dealio\kb127\rules\rules.1.430.63
      C:\Program Files\Dealio\kb127\rules\rules.1.432.65
      C:\Program Files\Dealio\kb127\rules\rules.1.433.64
      C:\Program Files\Dealio\kb127\rules\rules.1.434.65
      C:\Program Files\Dealio\kb127\rules\rules.1.435.64
      C:\Program Files\Dealio\kb127\rules\rules.1.436.76
      C:\Program Files\Dealio\kb127\rules\rules.1.437.64
      C:\Program Files\Dealio\kb127\rules\rules.1.438.71
      C:\Program Files\Dealio\kb127\rules\rules.1.439.71
      C:\Program Files\Dealio\kb127\rules\rules.1.440.75
      C:\Program Files\Dealio\kb127\rules\rules.1.442.73
      C:\Program Files\Dealio\kb127\rules\rules.1.443.73
      C:\Program Files\Dealio\kb127\rules\rules.1.444.73
      C:\Program Files\Dealio\kb127\rules\rules.1.445.68
      C:\Program Files\Dealio\kb127\rules\rules.1.446.69
      C:\Program Files\Dealio\kb127\rules\rules.1.450.67
      C:\Program Files\Dealio\kb127\rules\rules.1.451.67
      C:\Program Files\Dealio\kb127\rules\rules.1.452.68
      C:\Program Files\Dealio\kb127\rules\rules.1.453.68
      C:\Program Files\Dealio\kb127\rules\rules.1.454.69
      C:\Program Files\Dealio\kb127\rules\rules.1.456.69
      C:\Program Files\Dealio\kb127\rules\rules.1.457.75
      C:\Program Files\Dealio\kb127\rules\rules.1.458.70
      C:\Program Files\Dealio\kb127\rules\rules.1.459.70
      C:\Program Files\Dealio\kb127\rules\rules.1.460.69
      C:\Program Files\Dealio\kb127\rules\rules.1.462.74
      C:\Program Files\Dealio\kb127\rules\rules.1.463.69
      C:\Program Files\Dealio\kb127\rules\rules.1.464.70
      C:\Program Files\Dealio\kb127\rules\rules.1.465.68
      C:\Program Files\Dealio\kb127\rules\rules.1.468.70
      C:\Program Files\Dealio\kb127\rules\rules.1.469.70
      C:\Program Files\Dealio\kb127\rules\rules.1.470.70
      C:\Program Files\Dealio\kb127\rules\rules.1.471.73
      C:\Program Files\Dealio\kb127\rules\rules.1.472.70
      C:\Program Files\Dealio\kb127\rules\rules.1.478.74
      C:\Program Files\Dealio\kb127\rules\rules.1.479.73
      C:\Program Files\Dealio\kb127\rules\rules.1.480.68
      C:\Program Files\Dealio\kb127\rules\rules.1.481.71
      C:\Program Files\Dealio\kb127\rules\rules.1.482.74
      C:\Program Files\Dealio\kb127\rules\rules.1.49.67
      C:\Program Files\Dealio\kb127\rules\rules.1.50.43
      C:\Program Files\Dealio\kb127\rules\rules.1.500.71
      C:\Program Files\Dealio\kb127\rules\rules.1.501.74
      C:\Program Files\Dealio\kb127\rules\rules.1.502.71
      C:\Program Files\Dealio\kb127\rules\rules.1.51.69
      C:\Program Files\Dealio\kb127\rules\rules.1.52.72
      C:\Program Files\Dealio\kb127\rules\rules.1.520.76
      C:\Program Files\Dealio\kb127\rules\rules.1.521.76
      C:\Program Files\Dealio\kb127\rules\rules.1.522.76
      C:\Program Files\Dealio\kb127\rules\rules.1.53.51
      C:\Program Files\Dealio\kb127\rules\rules.1.531.76
      C:\Program Files\Dealio\kb127\rules\rules.1.532.75
      C:\Program Files\Dealio\kb127\rules\rules.1.534.75
      C:\Program Files\Dealio\kb127\rules\rules.1.54.47
      C:\Program Files\Dealio\kb127\rules\rules.1.55.45
      C:\Program Files\Dealio\kb127\rules\rules.1.56.69
      C:\Program Files\Dealio\kb127\rules\rules.1.57.43
      C:\Program Files\Dealio\kb127\rules\rules.1.58.47
      C:\Program Files\Dealio\kb127\rules\rules.1.593.76
      C:\Program Files\Dealio\kb127\rules\rules.1.595.76
      C:\Program Files\Dealio\kb127\rules\rules.1.63.57
      C:\Program Files\Dealio\kb127\rules\rules.1.66.47
      C:\Program Files\Dealio\kb127\rules\rules.1.70.75
      C:\Program Files\Dealio\kb127\rules\rules.1.71.43
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
      C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
      C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings
      C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127
      C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\res
      C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp
      C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp\ws-14282.log
      C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127\temp\ws-14283.log
      C:\Program Files\Search Settings
      C:\Program Files\Search Settings\kb127
      C:\Program Files\Search Settings\SearchSettings.exe
      C:\Program Files\Search Settings\kb127\res
      C:\Program Files\Search Settings\kb127\SearchSettings.dll
      C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
      C:\Program Files\Search Settings\kb127\temp

      -----------\\ Extensions

      (Yasmina) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
      (Yasmina) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="https://www.msn.com/fr-fr"
      "Search bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\Pack.epk
      [b]==> EGDACCESS <==/b




      1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009|12:20 - Option : [1]

      -----------\\ Fin du rapport a 12:20:12,42
      0
  11. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Nettoyage avec ToolBar S&D : Redémarre en mode sans échec comme indiqué ici ; Choisis ta session courante.

    !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

    Relances Toolbar-S&D en double-cliquant sur le raccourci.
    -->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

    Note : ne touches à rien lors de la suppression !

    Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
    accompagné d'un nouveau rapport hijackthis pour analyse ...

    Ensuite :

    Télécharge :

    Brute Force Uninstaller (de Merjin).
    Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

    FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible du lien sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

    AIDE : Comment installer et utiliser BFU ?

    Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

    Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

    - Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

    EGDACCESS.bfu

    - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu

    Clique sur Execute et laisse-le faire son travail.

    Attends que Complete script execution apparaisse pour cliquer sur OK.
    Clique Exit pour fermer le programme BFU.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      voici les rapports Toolbar, suivi de hijackthis:


      -----------\\ ToolBar S&D 1.2.8 XP/Vista

      Microsoft (R) Windows Script Host Version 5.7
      Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.
      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
      BIOS : Phoenix NoteBIOS 4.0 Release 6.0
      USER : Yasmina ( Administrator )
      BOOT : Fail-safe boot
      Antivirus : avast! antivirus 4.8.1296 [VPS 090216-1] 4.8.1296 (Activated)
      C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
      D:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
      Option : [2] ( 17/02/2009|15:33 )

      -----------\\ SUPPRESSION

      Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Dealio\kb127
      Supprime! - C:\Program Files\Dealio\DealioAU.exe
      Supprime! - C:\Program Files\Dealio\kb127
      Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe
      Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Dealio
      Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar2
      Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings\kb127
      Supprime! - C:\Program Files\Search Settings\kb127
      Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
      Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Dealio
      Supprime! - C:\Program Files\Dealio
      Supprime! - C:\DOCUME~1\Yasmina\APPLIC~1\Search Settings
      Supprime! - C:\Program Files\Search Settings

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ Extensions

      (Yasmina) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
      (Yasmina) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
      "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Default_page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
      "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Start Page"="https://www.msn.com/fr-fr/"
      "Search bar"="http://www.bing.com/spresults.aspx"


      --------------------\\ Recherche d'autres infections

      C:\WINDOWS\Pack.epk
      [b]==> EGDACCESS <==/b




      1 - "C:\ToolBar SD\TB_1.txt" - 17/02/2009|12:20 - Option : [1]
      2 - "C:\ToolBar SD\TB_2.txt" - 17/02/2009|15:35 - Option : [2]

      -----------\\ Fin du rapport a 15:35:07,32



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:39:41, on 17/02/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16791)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Yasmina\Bureau\Tutu.exe
      C:\WINDOWS\system32\wuauclt.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
      O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Yasmina\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
      O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      0
  12. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Excuse moi pour le lien le voici qui marche Brute Force
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      Merci :)
      J'ai créé le nouveau dossier dans C:\, téléchargé Brute Force, je l'ai décompressé dans ce nouveau dossier. J'ai donc le dossier BFU avec BFU.exe dedans. Mais quand je fais un clic droit, il ne me propose pas "enregistrer la cible sous...".
      Que faire?
      0
  13. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    c'est quand tu es sur ccm tu clique droit sur brute force et tu as enregistrer le cible du lien sous.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      ok pour le clic droit sur ccm, mais je rencontre encore une difficulté, je n'arrive pas à obtenir de fichier EGDACCESS.bfu. Il s'enregistre en .zip, et si je l'extrais, il apparait en .exe. Donc quand je lance Brute Force, il ne reconnait pas de fichier .bfu.
      Qu'est-ce que j'ai loupé?
      Merci encore
      0
  14. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    bon essaye navilog :

    * Téléchargez et enregistrez Navilog1 sur le bureau.
    * Sous XP : double-cliquez dessus pour l'installer et le lancer.
    * Sous vista : faites un clic droit sur Navilog1 présent sur le bureau et choisissez "exécuter en tant qu'administrateur".
    * Quand il sera installé, appuyez sur F pour Français.
    * Appuyez sur une touche jusqu'à ce que vous arriviez au menu des options.
    * Tapez 1 pour exécuter une recherche.
    * Laissez le programme travailler, il pourrait durer une dizaine de minutes.
    * Un rapport va être généré dans le bloc note à la fin de l'analyse
    * Il sera aussi enregistré automatiquement sur votre disque C ( C:\fixnavi.txt )
    * Voici un tutoriel qui vous explique le fonctionnement de Navilog1 :

    http://il.mafioso.pagesperso-orange.fr/Navifix/presentation.htm

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      voici le rapport de navilog:

      Search Navipromo version 3.7.4 commencé le 19/02/2009 à 11:54:26,37

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

      Microsoft (R) Windows Script Host Version 5.7
      Copyright (C) Microsoft Corporation 1996-2001. Tous droits r‚serv‚s.

      Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
      X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.60GHz )
      BIOS : Phoenix NoteBIOS 4.0 Release 6.0
      USER : Yasmina ( Administrator )
      BOOT : Normal boot

      Antivirus : avast! antivirus 4.8.1296 [VPS 090218-0] 4.8.1296 (Activated)


      C:\ (Local Disk) - NTFS - Total:74 Go (Free:23 Go)
      D:\ (CD or DVD)


      Recherche executé en mode normal

      *** Recherche Programmes installés ***

      MailSkinner

      *** Recherche dossiers dans "C:\WINDOWS" ***


      *** Recherche dossiers dans "C:\Program Files" ***


      *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


      *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Yasmina\applic~1" ***


      *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


      *** Recherche dossiers dans "C:\Documents and Settings\Yasmina\menudm~1\progra~1" ***


      *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***


      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\WINDOWS\system32" *

      * Recherche dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" *

      * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



      *** Recherche fichiers ***


      C:\WINDOWS\pack.epk trouvé !

      *** Recherche clés spécifiques dans le Registre ***
      !! Les clés trouvées ne sont pas forcément infectées !!

      HKEY_CURRENT_USER\Software\mc

      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\WINDOWS\system32" :

      uxbbqx.dat trouvé !

      * Dans "C:\Documents and Settings\Yasmina\locals~1\applic~1" :


      * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup trouvé !
      Certificat Electronic-Group trouvé !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit trouvé !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche autres dossiers et fichiers connus :



      *** Analyse terminée le 19/02/2009 à 11:57:36,09 ***

      Aussi, Antivir me signale qu'un virus ou logiciel malveillant a été détecté dans C:\WINDOWS\Temp\_avast4_\unp86432895.tmp; il contient le cheval de troie TR/unpacked.Gen

      Dois-je désinstaller Avast, et ne garder qu'antivir?
      0
  15. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    parce qu'en plus tu as 2 antivirus? il faut absolument en supprimer 1.

    ensuite fait ceci

    désinfection automatique

    * Relancez Navilog1 comme expliqué lors de la recherche.
    * Cette fois-ci tapez 2 pour exécuter une désinfection automatique. (le bureau disparaît, c'est normal)
    * Le PC va redémarrer.
    * Après redémarrage, un rapport va être généré dans le bloc note.
    * Vérifiez que tout a bien été supprimé car il se pourrait que certains fichiers ne soient pas supprimés lors de la désinfection automatique...

    Puis lance brute force comme ceci sans renommer rien :

    Etape 1/ Télécharge [ http://merijn.geekstogo.com/files/bfu.zip Brute Force Uninstaller] (Merijn) et décompresse-le sur ton bureau.
    Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
    et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
    que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.

    Voici le Tuto

    Redémarre en mode sans échec comme indiqué ici ; . Choisis ta session courante

    # Etape 2/

    Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
    à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
    - Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
    - clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
    par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
    - Clique sur OK, puis exit pour fermer le programme BFU.
    - Recommence encore une fois.

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      ok :)
      J'ai supprimé avast, puisqu'on m'avait conseillé antivir sur ccm.
      J'ai donc fait l'opération Brute Force, mais je ne peux toujours pas désinstaller MailSkinner qui se trouve dans un endroit apparemment introuvable...
      0
  16. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    tu as le rapport brute force STP.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      oui, désolée :
      BFU v1.12.0
      Windows XP SP3 (WinNT 5.01.2600 SP3)
      Script started at 21:10:05, on 19/02/2009

      Option Unload Explorer: Yes
      Success: ProcessKillByPID 924
      Success: ProcessKill C:\WINDOWS\explorer.exe|1
      Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
      # lazzzy 20/09/2006
      # Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited

      OptionUnloadShell

      # 1 - Processus

      ProcessKill \AdwareProtector.exe|1
      ProcessKill \ErrorGuard.exe|1
      ProcessKill \ERScw.exe|1
      ProcessKill \Malwarrior.exe|1
      ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
      ProcessKill \sd2006.exe|1
      ProcessKill \SDR6cw.exe|1
      ProcessKill \SDRmon.exe|1
      ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
      ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
      ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
      ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
      ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
      ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
      ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
      ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
      ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
      ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
      ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
      ProcessKill uwasffNT.exe|1
      ProcessKill \was6.exe|1
      ProcessKill \WinAV.exe|1
      ProcessKill \WinPG2005.exe|1
      ProcessKill \WinSpywareProtect.exe|1

      # 2 - Services

      ServiceStop FWSvc
      ServiceDisable FWSvc
      ServiceDelete FWSvc

      # 3 - Registre

      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys

      RegDeleteKey HKCR\antiviruscom.avofficeprotect
      RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
      RegDeleteKey HKCR\avexplorer.shellextension
      RegDeleteKey HKCR\avexplorer.shellextension.2
      RegDeleteKey HKCR\avexplorer.shellextension\curver
      RegDeleteKey HKCR\checkprod.checkproduct
      RegDeleteKey HKCR\CheckProduct2.CheckProduct
      RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
      RegDeleteKey HKCR\ComCleanCor.AppCleane
      RegDeleteKey HKCR\ComCleanCor.AppCleane.1
      RegDeleteKey HKCR\ComCleanCor.CQuickScan
      RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
      RegDeleteKey HKCR\ComCleanCor.FileCleane
      RegDeleteKey HKCR\ComCleanCor.InetCleane
      RegDeleteKey HKCR\ComCleanCor.InetCleane.1
      RegDeleteKey HKCR\ComCleanCor.RegCleane
      RegDeleteKey HKCR\ComCleanCor.RegCleane.1
      RegDeleteKey HKCR\ComCleanCor.SystemCleane
      RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
      RegDeleteKey HKCR\ComCleanCore.FileClean.1
      RegDeleteKey HKCR\CompCleanCore.AppCleaner
      RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
      RegDeleteKey HKCR\CompCleanCore.CCQuickScan
      RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
      RegDeleteKey HKCR\CompCleanCore.FileCleaner
      RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
      RegDeleteKey HKCR\CompCleanCore.InetCleaner
      RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
      RegDeleteKey HKCR\CompCleanCore.RegCleaner
      RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
      RegDeleteKey HKCR\CompCleanCore.SystemCleaner
      RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
      RegDeleteKey HKCR\df_fixer.Fixer
      RegDeleteKey HKCR\df_fixer.Fixer.1
      RegDeleteKey HKCR\df_proxy.DriverManipulate
      RegDeleteKey HKCR\df_proxy.DriverManipulate.1
      RegDeleteKey HKCR\df_fix.Fix
      RegDeleteKey HKCR\df_fix.Fix.1
      RegDeleteKey HKCR\df_prx.DriverManipulat
      RegDeleteKey HKCR\df_prx.DriverManipulat.1
      RegDeleteKey HKCR\escompcleancore.esappcleaner
      RegDeleteKey HKCR\escompcleancore.esappcleaner.1
      RegDeleteKey HKCR\escompcleancore.esccquickscan
      RegDeleteKey HKCR\escompcleancore.esccquickscan.1
      RegDeleteKey HKCR\escompcleancore.esfilecleaner
      RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
      RegDeleteKey HKCR\escompcleancore.esinetcleaner
      RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
      RegDeleteKey HKCR\escompcleancore.esregcleaner
      RegDeleteKey HKCR\escompcleancore.esregcleaner.1
      RegDeleteKey HKCR\escompcleancore.essystemcleaner
      RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
      RegDeleteKey HKCR\esdf_fixer.esfixer
      RegDeleteKey HKCR\esdf_fixer.esfixer.1
      RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
      RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
      RegDeleteKey HKCR\esffwraper.esffenginwraper
      RegDeleteKey HKCR\esffwraper.esffenginwraper.1
      RegDeleteKey HKCR\esfixcore.esmmfixcore
      RegDeleteKey HKCR\esfixcore.esmmfixcore.1
      RegDeleteKey HKCR\esmmfixctrl.escofixengine
      RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
      RegDeleteKey HKCR\esspchck.esspchck
      RegDeleteKey HKCR\esspchck.esspchck.1
      RegDeleteKey HKCR\esspcheck.esspcheck
      RegDeleteKey HKCR\esspcheck.esspcheck.1
      RegDeleteKey HKCR\FFCom.FlFixer
      RegDeleteKey HKCR\FFWraper.FFEnginWraper
      RegDeleteKey HKCR\FFWrap.FEnginWrape
      RegDeleteKey HKCR\FFWrap.FEnginWrape.1
      RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
      RegDeleteKey HKCR\FFxr_21.FFixr21
      RegDeleteKey HKCR\FixCor.MMFxCor
      RegDeleteKey HKCR\FixCor.MMFxCor.1
      RegDeleteKey HKCR\FixCore.MMFixCore
      RegDeleteKey HKCR\FixCore.MMFixCore.1
      RegDeleteKey HKCR\FlFxr3.FlFixer3
      RegDeleteKey HKCR\flfxr5.flfixer5
      RegDeleteKey HKCR\FlFxr15.FlFixer15
      RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
      RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
      RegDeleteKey HKCR\FWraper.FFEnginWraper
      RegDeleteKey HKCR\FWraper.FFEnginWraper.1
      RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
      RegDeleteKey HKCR\FxCor_e.MMFixCor_e
      RegDeleteKey HKCR\FxCore.MMFixCore
      RegDeleteKey HKCR\FxCore.MMFixCore.1
      RegDeleteKey HKCR\iefwbho.iefw
      RegDeleteKey HKCR\iefwbho.iefw.2
      RegDeleteKey HKCR\Install.Install
      RegDeleteKey HKCR\Install.Install.1
      RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
      RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
      RegDeleteKey HKCR\MMFx.CoFxEngin
      RegDeleteKey HKCR\MMFx.CoFxEngin.1
      RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
      RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
      RegDeleteKey HKCR\systemdoctor.free
      RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
      RegDeleteKey HKCR\UWFXCheck.UWFXCheck
      RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
      RegDeleteKey HKCR\wap6.pcheck
      RegDeleteKey HKCR\wap6.pcheck.1
      RegDeleteKey HKCR\winpgintegrator.ieintegrator
      RegDeleteKey HKCR\winpgintegrator.ieintegrator.1

      RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
      RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
      RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
      RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
      RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
      RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
      RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
      RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
      RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
      RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
      RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
      RegDeleteKey HKCR\AppID\CheckProduct2.DLL
      RegDeleteKey HKCR\AppID\compcln.dll
      RegDeleteKey HKCR\AppID\compclr.dll
      RegDeleteKey HKCR\AppID\FFWrapr.DLL
      RegDeleteKey HKCR\AppID\FFWraper.DLL
      RegDeleteKey HKCR\AppID\FixCore.DLL
      RegDeleteKey HKCR\AppID\FxCr.DLL
      RegDeleteKey HKCR\AppID\MFix.DLL
      RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
      RegDeleteKey HKCR\AppID\winpgi.dll appid

      RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
      RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
      RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
      RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
      RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
      RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
      RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
      RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
      RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
      RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
      RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
      RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
      RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
      RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
      RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
      RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
      RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
      RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
      RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
      RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
      RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
      RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
      RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
      RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
      RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
      RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
      RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
      RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
      RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
      RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
      RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
      RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
      RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
      RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
      RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
      RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
      RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
      RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
      RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
      RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
      RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
      RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
      RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
      RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
      RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
      RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
      RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
      RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
      RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
      RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
      RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
      RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
      RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
      RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
      RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
      RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
      RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
      RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
      RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
      RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
      RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

      RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
      RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
      RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
      RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
      RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
      RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
      RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
      RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
      RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
      RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
      RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
      RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
      RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
      RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
      RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
      RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
      RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
      RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
      RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
      RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
      RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
      RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
      RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
      RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
      RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
      RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
      RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
      RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
      RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
      RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
      RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
      RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
      RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
      RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
      RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
      RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
      RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
      RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
      RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
      RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
      RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
      RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
      RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
      RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
      RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
      RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
      RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
      RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
      RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
      RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}

      RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
      RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
      RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
      RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
      RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
      RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
      RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
      RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
      RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
      RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
      RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
      RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
      RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
      RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
      RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
      RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
      RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
      RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
      RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
      RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
      RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
      RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
      RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
      RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
      RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
      RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
      RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
      RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
      RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
      RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
      RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}

      RegDeleteKey HKCU\Software\Adsl Software Limited
      RegDeleteKey HKCU\Software\ErrorGuard
      RegDeleteKey HKCU\Software\errorsafe
      RegDeleteKey HKCU\Software\error safe free
      RegDeleteKey HKCU\Software\sysprotect free
      RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
      RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
      RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
      RegDeleteKey HKCU\Software\WinFixer 2005
      RegDeleteKey HKCU\Software\WinSoftware

      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered

      RegDeleteKey HKLM\Software\AXPFixer
      RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
      RegDeleteKey HKLM\Software\ErrorSafe
      RegDeleteKey HKLM\Software\Error Safe Free
      RegDeleteKey HKLM\Software\sysprotect
      RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
      RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
      RegDeleteKey HKLM\Software\winantivirus pro 2006
      RegDeleteKey HKLM\Software\WinSoftware

      RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
      RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
      RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
      RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
      RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
      RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
      RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
      RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
      RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
      RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
      RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
      RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
      RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
      RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
      RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
      RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
      RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
      RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
      RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
      RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
      RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
      RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
      RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
      RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
      RegDeleteKey HKLM\Software\Classes\UDCShell
      RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
      RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
      RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
      RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
      RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
      RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
      RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
      RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
      RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
      RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
      RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
      RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk

      RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
      RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
      RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
      RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
      RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
      RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll

      RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
      RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
      RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
      RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
      RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
      RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
      RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
      RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
      RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
      RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
      RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
      RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
      RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
      RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
      RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
      RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
      RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
      RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
      RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
      RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
      RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
      RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
      RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
      RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
      RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
      RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
      RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
      RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
      RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
      RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
      RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
      RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
      RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
      RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
      RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
      RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
      RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
      RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
      RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
      RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
      RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
      RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
      RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
      RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
      RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
      RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
      RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
      RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
      RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
      RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
      RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}

      RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
      RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
      RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
      RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
      RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
      RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
      RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
      RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
      RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
      RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
      RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
      RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
      RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
      RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
      RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
      RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
      RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
      RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
      RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
      RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
      RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
      RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
      RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
      RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
      RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
      RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
      RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
      RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
      RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
      RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
      RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
      RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
      RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
      RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
      RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
      RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
      RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
      RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
      RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
      RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
      RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
      RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
      RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
      RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
      RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
      RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
      RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
      RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
      RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
      RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
      RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
      RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}

      RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell

      RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd

      RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
      RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
      RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}

      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe

      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}

      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1

      RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
      RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys

      RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
      RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
      RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd

      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
      RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd

      RegDeleteKey HKUS\Software\DriveCleaner 2006 Free

      # 4 - ActiveX

      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
      RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
      RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024

      # 5 - Fichiers

      DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
      DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
      DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
      DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
      DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
      DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
      DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
      DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
      DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
      DllUnregister C:\Program Files\SysProtect\compclr.dll|1
      DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
      DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
      DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
      DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
      DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
      DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
      DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
      DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
      DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
      DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
      DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
      DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
      DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
      DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
      DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
      DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
      DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
      DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
      DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
      DllUnregister C:\WINDOWS\syst32.dll|1

      FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
      FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
      FileDelete C:\Documents and Settings\Yasmina\Application Data\*drivecleaner*.exe
      FileDelete C:\Documents and Settings\Yasmina\Application Data\*errorsafe*.exe
      FileDelete C:\Documents and Settings\Yasmina\Application Data\*winantispyware*.exe
      FileDelete C:\Documents and Settings\Yasmina\Application Data\*winantivirus*.exe
      FileDelete C:\Documents and Settings\Yasmina\Application Data\install_fr*.exe
      FileDelete C:\Documents and Settings\Yasmina\Application Data\installer_fr[1].exe
      FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
      FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
      FileDelete C:\Documents and Settings\Yasmina\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
      FileDelete C:\Documents and Settings\Yasmina\Application Data\setup_fr[1].exe
      FileDelete C:\Documents and Settings\Yasmina\Bureau\*drivecleaner*.exe
      FileDelete C:\Documents and Settings\Yasmina\Bureau\DriveCleaner 2006 Free.lnk
      FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorGuard.lnk
      FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorSafe.lnk
      FileDelete C:\Documents and Settings\Yasmina\Bureau\ErrorSafe*.exe
      FileDelete C:\Documents and Settings\Yasmina\Bureau\SystemDoctor*.lnk
      FileDelete C:\Documents and Settings\Yasmina\Bureau\WinAntiSpyware*.lnk
      FileDelete C:\Documents and Settings\Yasmina\Bureau\WinFixer*.exe
      FileDelete C:\Documents and Settings\Yasmina\Bureau\WinFixer*.lnk
      FileDelete C:\Documents and Settings\Yasmina\Mes documents\*drivecleaner*.exe
      FileDelete C:\Documents and Settings\Yasmina\Mes documents\*SystemDoctor*.exe
      FileDelete C:\Documents and Settings\Yasmina\Mes documents\*WinAntiVirusPro*.exe
      FileDelete C:\Program Files\*drivecleaner*.exe
      FileDelete C:\Program Files\*WinAntiVirusPro*.exe
      FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
      FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
      FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
      FileDelete C:\WINDOWS\46241234110.exe
      FileDelete C:\WINDOWS\service32.exe
      FileDelete C:\WINDOWS\syst32.dll
      FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
      FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
      FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
      FileDelete C:\WINDOWS\system32\av.cpl
      FileDelete C:\WINDOWS\system32\blackster.scr
      FileDelete C:\WINDOWS\system32\df_kme.exe
      FileDelete C:\WINDOWS\system32\stera.exe
      FileDelete C:\WINDOWS\system32\stera.?o?
      FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
      FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
      FileDelete C:\WINDOWS\system32\drivers\ersd.sys
      FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
      FileDelete C:\WINDOWS\system32\drivers\fopn.sys
      FileDelete C:\WINDOWS\system32\drivers\sscan.sys
      FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
      FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
      FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
      FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
      FileDelete C:\WINDOWS\system32\drivers\WFF.sys
      FileDelete C:\systemdoctor*.exe

      # 6 - Repertoires

      FolderDelete C:\Documents and Settings\Yasmina\Application Data\Adsl Software Limited
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\AXPDefender
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\AXPFixer
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\DriveCleaner Free
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\DriveCleaner 2006 Free
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\systemdoctor 2006 free
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\VirusGarde
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\WinAntiVirus Pro 2006
      FolderDelete C:\Documents and Settings\Yasmina\Application Data\WinAntiVirus Pro 2007
      FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
      FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
      FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
      FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
      FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
      FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
      FolderDelete C:\Program Files\AXPDefender
      FolderDelete C:\Program Files\AXPFixer
      FolderDelete C:\Program Files\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\erroguard
      FolderDelete C:\Program Files\Error Safe
      FolderDelete C:\Program Files\Error Safe Free
      FolderDelete C:\Program Files\ErrorSafe
      FolderDelete C:\Program Files\errorsafe free
      FolderDelete C:\Program Files\MalWarrior*
      FolderDelete C:\Program Files\SysProtect Free
      FolderDelete C:\Program Files\SystemDoctor 2006
      FolderDelete C:\Program Files\SystemDoctor 2006 Free
      FolderDelete C:\Program Files\VirusGarde
      FolderDelete C:\Program Files\WinAntiSpyware 2006
      FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
      FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
      FolderDelete C:\Program Files\WinAntiVirus 2005
      FolderDelete C:\Program Files\WinAntiVirus Pro 2006
      FolderDelete C:\Program Files\WinAntiVirus Pro 2007
      FolderDelete C:\Program Files\WinFixer 2005
      FolderDelete C:\Program Files\WinPopupGuard 2005
      FolderDelete C:\Program Files\winspywareprotect
      FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
      FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
      FolderDelete C:\Program Files\Archivos comunes\ErrClean
      FolderDelete C:\Program Files\Archivos comunes\Error Safe
      FolderDelete C:\Program Files\Archivos comunes\erroguard
      FolderDelete C:\Program Files\Archivos comunes\errorguard
      FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
      FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
      FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
      FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
      FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
      FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
      FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
      FolderDelete C:\Program Files\Archivos comunes\WinSoftware
      FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
      FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\Common Files\ErrClean
      FolderDelete C:\Program Files\Common Files\erroguard
      FolderDelete C:\Program Files\Common Files\errorguard
      FolderDelete C:\Program Files\Common Files\ErrorSafe
      FolderDelete C:\Program Files\Common Files\SysProtect
      FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
      FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
      FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
      FolderDelete C:\Program Files\Common Files\WinFixer 2005
      FolderDelete C:\Program Files\Common Files\WinSoftware
      FolderDelete C:\Program Files\Common Files\winspywareprotect
      FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
      FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
      FolderDelete C:\Program Files\Fichiers communs\DriveCleaner Free
      FolderDelete C:\Program Files\Fichiers communs\ErrClean
      FolderDelete C:\Program Files\Fichiers communs\Error Safe
      FolderDelete C:\Program Files\Fichiers communs\erroguard
      FolderDelete C:\Program Files\Fichiers communs\errorguard
      FolderDelete C:\Program Files\Fichiers communs\ErrorSafe
      Fold
      0
    2. yayarcheo Messages postés 70 Statut Membre
       
      aussi, si je sauvegarde des données dans un disque dur externe, est-ce que je peux le contaminer?
      0
  17. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    oui tu peux toujours pas supprimer mail skinner?
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      non toujours pas. Il me met que le fichier source est introuvable:
      C:\DOCUME~1\Yasmina\LOCALS~1\Temp\IXP000\setup.msi
      Je ne comprends rien :(
      0
  18. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Fait moi un scan en ligne Merci :

    Fais un scan en ligne avec Internet explorer (merci !aur3n7=
    * Rend toi sur ce site https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    - Clique sur l'image de droite Kaspersky Online scanner

    -- Une notice s'affichera , clique sur le bouton j'accepte (après en avoir pris connaissance bien sur)
    note: Si le scanner n'a pas encore été installé (ActivX) un message te demandera si tu accepte ou non de le faire.

    -- L'installation et la mise à jour de la base antivirale se feront automatiquement.

    * Clique sur Suivant

    * Clique sur le bouton paramètres d'analyse

    -- à l'option analyser avec la base antivirus suivant :
    ---- [X] étendue
    -- dans les options d'analyse contrôle que les cases suivantes soient cochées
    ---- [X] analyser les archives
    ---- [X] analyser les bases de messagerie
    -- Clique sur le bouton OK

    * choisis Poste de travail pour lancer le scan

    * Une fois le scan terminé sauvegarde le rapport Clique sur Enregistrer rapport sous

    -- Pour le retrouver facilement met le sur le bureau

    -- dans nom de fichier entre Kaspersky

    -- A type de fichier choisis text file (*.txt) puis clique sur le bouton enregistrer

    * Fais un copier coller du contenu de ce fichier dans ta prochaine réponse.

    Note :
    - En cas de problème vérifies ces quelques points https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809
    - Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
    - En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      Impossible, il m'a mis:
      Échec du chargement du contrôle ActiveX Kaspersky On-line Scanner!

      Vous devez jouir des privilèges d'administrateur sur ce poste ;
      en outre, il faut configurer le niveau de sécurité IE sur Moyen.
      0
    2. yayarcheo Messages postés 70 Statut Membre
       
      On dirait que la vilaine bête est partie. Un ami m'a dit qu'il ne restait dans l'ordi que l'empreinte de son chemin d'acces. Comme il est supprimé, il ne le trouve plus mais continues à chercher ce .setup.msi.
      Il a réussi à l'enlever mais me conseille quand même de formater, au cas où.
      Tu en penses quoi?
      0
  19. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    as oui tu utilise firefox, il faut que tu intalle ceci, qui s'appelle IE tab car kaspersky ne marche encore qu'avec IE. Une fois cela installer, tu clique droit sur le lien kaspersky ici et tu fait ourir ace IE tab.

    Merci.

    https://addons.mozilla.org/fr/firefox/addon/1419
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      ça ne marche toujours pas.
      quand j'essaye sous internet explorer, ça me remet le message: Échec du chargement du contrôle ActiveX Kaspersky On-line Scanner!

      Vous devez jouir des privilèges d'administrateur sur ce poste ;
      en outre, il faut configurer le niveau de sécurité IE sur Moyen.

      Et quand j'essaye sous firefox, en ayant fait ce que tu m'as donné, j'accepte et puis rien ne se passe.
      0
  20. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    non pas de formatage cela ne sert à rien, me faire le scan antivirus et me répondre à ma question, on va voir avec le scan s'il est bien parti.
    0
    1. yayarcheo Messages postés 70 Statut Membre
       
      Voici le rapport du scan:

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-02-22 20:11:01
      PROTECTIONS: 1
      MALWARE: 8
      SUSPECTS: 0
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      Avira AntiVir PersonalEdition Classic 8.0.1.30 Yes Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@tradedoubler[1].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@xiti[1].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@weborama[1].txt
      00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@bluestreak[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Yasmina\Cookies\yasmina@smartadserver[2].txt
      00484705 Application/IEDefender HackTools No 0 Yes No C:\WINDOWS\system32\IEDFix.C.exe
      00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP621\A0040646.sys
      00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP620\A0040624.sys
      03587590 Adware/Yassist Adware No 0 No No C:\Documents and Settings\Yasmina\Bureau\divx_divx_6.8.3.9_francais_10144.exe[²ÇÇ\y_toolbar.exe][²èÇ]
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location |
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description |
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
    2. yayarcheo Messages postés 70 Statut Membre
       
      Et au sujet de ta question, que signifie être l'administrateur du pc? j'en suis l'utilisatrice principale, et mon ami s'en sert aussi de temps en temps.
      0
  • 1
  • 2