Rapport HiJackThis

Résolu/Fermé

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 - 24 mars 2009 à 18:07
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 - 28 mars 2009 à 00:12

Bonjour,

Voici mon rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:30, on 24/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAPRPCSN.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\2\CAPPSWN.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C76EC8A-7C54-4C2B-A499-58800E4A69A9}: NameServer = 82.216.111.125,82.216.111.124
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

A voir également:

Rapport HiJackThis
Hijackthis windows 10 - Télécharger - Antivirus & Antimalwares
Plan rapport de stage - Guide
Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant ✓ - Forum Excel
Problém affichage du tableau croisé dynamique - Forum Excel
Rapport erreur windows - Guide

40 réponses

Réponse 1 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 18:11

Bonjour,

Quel est le problème?

Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

Réponse 2 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 18:22

Merci!!

Voilà en fait mon pc rame énormément et reboot sans raison, je doute que ce soit un souci de température étant donné que ça arrive quelques fois dès le démarrage! Généralement c'est au moment de lancer une video facebook. Lorsque je démarre mon pc je dois également attendre une dizaine de minutes avant d'avoir une connexion internet (firefox est en échec de connexion).

Voilà le rapport GenProc:

Rapport GenProc 2.491 [1] - 24/03/2009 à 18:18:47 - Windows XP

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- Brute Force Uninstaller http://merijn.geekstogo.com/files/bfu.zip (Merijn) et décompresse-le sur ton bureau.
Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.

- Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Administrateur *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

# Etape 2/

Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
- Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
- clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
- Clique sur OK, puis exit pour fermer le programme BFU.
- Recommence encore une fois.

# Etape 3/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

# Etape 4/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 5/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport C:\TB.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Arguments de la procédure ~~

# Détections [1] GenProc 2.491 24/03/2009 à 18:18:24
Winsoftware:le 24/03/2009 à 18:18:28 "C:\Program Files\Fichiers communs\ErrorSafe"
Toolbar:le 24/03/2009 à 18:18:28 "C:\Program Files\KaZaA"

Réponse 3 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 19:21

Tu peux déjà faire toute les étapes et me poster les rapports merci.

Réponse 4 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 19:25

Re!

J'ai pris de l'avance, et ai suivi les étapes indiquées.

Voilà le rapport TB:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon(TM) XP 2800+ )
BIOS : Award Modular BIOS v6.0
USER : Administrateur ( Administrator )
BOOT : Fail-safe boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:48 Go (Free:11 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (Local Disk) - NTFS - Total:65 Go (Free:60 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 24/03/2009|19:11 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bananalotto[2].txt
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\KaZaA\db
Supprime! - C:\Program Files\KaZaA\Db
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\KaZaA
Supprime! - C:\Program Files\KaZaA

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.au
C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.idx

1 - "C:\ToolBar SD\TB_1.txt" - 24/03/2009|19:13 - Option : [2]

-----------\\ Fin du rapport a 19:13:47,01

Et le nouveau rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:41, on 24/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\2\CAPPSWN.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C76EC8A-7C54-4C2B-A499-58800E4A69A9}: NameServer = 82.216.111.125,82.216.111.124
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 20:03

Réponse 6 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 20:06

Désolé je peux manger quand même? ça à me supprimer de suite :

C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.au
C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.idx

Ensite il n'y a pas de rapport brute force?

Réponse 7 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 20:11

Re!

Bon appétit!! Désolé je ne voulai pas mettre la pression...
J'ai essayer de supprimer les fichiers indiqué, mais après "cache" il n'y a plus rien, or les fichiers cachés sont visibles :-s
Je n'ai pas trouvé le rapport brute force...

Prends ton temps...

Merci

Réponse 8 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 20:29

Voilà le rapport brute force: (je viens de le relancer et ai sauver le log, ce que je n'avais pas fais la première fois)

BFU v1.12.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 20:25:11, on 24/03/2009

Option Unload Explorer: Yes
Success: ProcessKillByPID 600
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
# lazzzy 20/09/2006
# Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited

OptionUnloadShell

# 1 - Processus

ProcessKill \AdwareProtector.exe|1
ProcessKill \ErrorGuard.exe|1
ProcessKill \ERScw.exe|1
ProcessKill \Malwarrior.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
ProcessKill \sd2006.exe|1
ProcessKill \SDR6cw.exe|1
ProcessKill \SDRmon.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
ProcessKill uwasffNT.exe|1
ProcessKill \was6.exe|1
ProcessKill \WinAV.exe|1
ProcessKill \WinPG2005.exe|1
ProcessKill \WinSpywareProtect.exe|1

# 2 - Services

ServiceStop FWSvc
ServiceDisable FWSvc
ServiceDelete FWSvc

# 3 - Registre

RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys

RegDeleteKey HKCR\antiviruscom.avofficeprotect
RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
RegDeleteKey HKCR\avexplorer.shellextension
RegDeleteKey HKCR\avexplorer.shellextension.2
RegDeleteKey HKCR\avexplorer.shellextension\curver
RegDeleteKey HKCR\checkprod.checkproduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
RegDeleteKey HKCR\ComCleanCor.AppCleane
RegDeleteKey HKCR\ComCleanCor.AppCleane.1
RegDeleteKey HKCR\ComCleanCor.CQuickScan
RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
RegDeleteKey HKCR\ComCleanCor.FileCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane.1
RegDeleteKey HKCR\ComCleanCor.RegCleane
RegDeleteKey HKCR\ComCleanCor.RegCleane.1
RegDeleteKey HKCR\ComCleanCor.SystemCleane
RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
RegDeleteKey HKCR\ComCleanCore.FileClean.1
RegDeleteKey HKCR\CompCleanCore.AppCleaner
RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
RegDeleteKey HKCR\CompCleanCore.CCQuickScan
RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
RegDeleteKey HKCR\CompCleanCore.FileCleaner
RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
RegDeleteKey HKCR\CompCleanCore.InetCleaner
RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
RegDeleteKey HKCR\CompCleanCore.RegCleaner
RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
RegDeleteKey HKCR\CompCleanCore.SystemCleaner
RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
RegDeleteKey HKCR\df_fixer.Fixer
RegDeleteKey HKCR\df_fixer.Fixer.1
RegDeleteKey HKCR\df_proxy.DriverManipulate
RegDeleteKey HKCR\df_proxy.DriverManipulate.1
RegDeleteKey HKCR\df_fix.Fix
RegDeleteKey HKCR\df_fix.Fix.1
RegDeleteKey HKCR\df_prx.DriverManipulat
RegDeleteKey HKCR\df_prx.DriverManipulat.1
RegDeleteKey HKCR\escompcleancore.esappcleaner
RegDeleteKey HKCR\escompcleancore.esappcleaner.1
RegDeleteKey HKCR\escompcleancore.esccquickscan
RegDeleteKey HKCR\escompcleancore.esccquickscan.1
RegDeleteKey HKCR\escompcleancore.esfilecleaner
RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
RegDeleteKey HKCR\escompcleancore.esinetcleaner
RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
RegDeleteKey HKCR\escompcleancore.esregcleaner
RegDeleteKey HKCR\escompcleancore.esregcleaner.1
RegDeleteKey HKCR\escompcleancore.essystemcleaner
RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
RegDeleteKey HKCR\esdf_fixer.esfixer
RegDeleteKey HKCR\esdf_fixer.esfixer.1
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
RegDeleteKey HKCR\esffwraper.esffenginwraper
RegDeleteKey HKCR\esffwraper.esffenginwraper.1
RegDeleteKey HKCR\esfixcore.esmmfixcore
RegDeleteKey HKCR\esfixcore.esmmfixcore.1
RegDeleteKey HKCR\esmmfixctrl.escofixengine
RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
RegDeleteKey HKCR\esspchck.esspchck
RegDeleteKey HKCR\esspchck.esspchck.1
RegDeleteKey HKCR\esspcheck.esspcheck
RegDeleteKey HKCR\esspcheck.esspcheck.1
RegDeleteKey HKCR\FFCom.FlFixer
RegDeleteKey HKCR\FFWraper.FFEnginWraper
RegDeleteKey HKCR\FFWrap.FEnginWrape
RegDeleteKey HKCR\FFWrap.FEnginWrape.1
RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
RegDeleteKey HKCR\FFxr_21.FFixr21
RegDeleteKey HKCR\FixCor.MMFxCor
RegDeleteKey HKCR\FixCor.MMFxCor.1
RegDeleteKey HKCR\FixCore.MMFixCore
RegDeleteKey HKCR\FixCore.MMFixCore.1
RegDeleteKey HKCR\FlFxr3.FlFixer3
RegDeleteKey HKCR\flfxr5.flfixer5
RegDeleteKey HKCR\FlFxr15.FlFixer15
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
RegDeleteKey HKCR\FWraper.FFEnginWraper
RegDeleteKey HKCR\FWraper.FFEnginWraper.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e
RegDeleteKey HKCR\FxCore.MMFixCore
RegDeleteKey HKCR\FxCore.MMFixCore.1
RegDeleteKey HKCR\iefwbho.iefw
RegDeleteKey HKCR\iefwbho.iefw.2
RegDeleteKey HKCR\Install.Install
RegDeleteKey HKCR\Install.Install.1
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
RegDeleteKey HKCR\MMFx.CoFxEngin
RegDeleteKey HKCR\MMFx.CoFxEngin.1
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
RegDeleteKey HKCR\systemdoctor.free
RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
RegDeleteKey HKCR\UWFXCheck.UWFXCheck
RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
RegDeleteKey HKCR\wap6.pcheck
RegDeleteKey HKCR\wap6.pcheck.1
RegDeleteKey HKCR\winpgintegrator.ieintegrator
RegDeleteKey HKCR\winpgintegrator.ieintegrator.1

RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
RegDeleteKey HKCR\AppID\CheckProduct2.DLL
RegDeleteKey HKCR\AppID\compcln.dll
RegDeleteKey HKCR\AppID\compclr.dll
RegDeleteKey HKCR\AppID\FFWrapr.DLL
RegDeleteKey HKCR\AppID\FFWraper.DLL
RegDeleteKey HKCR\AppID\FixCore.DLL
RegDeleteKey HKCR\AppID\FxCr.DLL
RegDeleteKey HKCR\AppID\MFix.DLL
RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
RegDeleteKey HKCR\AppID\winpgi.dll appid

RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}

RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}

RegDeleteKey HKCU\Software\Adsl Software Limited
RegDeleteKey HKCU\Software\ErrorGuard
RegDeleteKey HKCU\Software\errorsafe
RegDeleteKey HKCU\Software\error safe free
RegDeleteKey HKCU\Software\sysprotect free
RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
RegDeleteKey HKCU\Software\WinFixer 2005
RegDeleteKey HKCU\Software\WinSoftware

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered

RegDeleteKey HKLM\Software\AXPFixer
RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
RegDeleteKey HKLM\Software\ErrorSafe
RegDeleteKey HKLM\Software\Error Safe Free
RegDeleteKey HKLM\Software\sysprotect
RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKLM\Software\winantivirus pro 2006
RegDeleteKey HKLM\Software\WinSoftware

RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
RegDeleteKey HKLM\Software\Classes\UDCShell
RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk

RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll

RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}

RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}

RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd

RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1

RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys

RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd

RegDeleteKey HKUS\Software\DriveCleaner 2006 Free

# 4 - ActiveX

RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024

# 5 - Fichiers

DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
DllUnregister C:\Program Files\SysProtect\compclr.dll|1
DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
DllUnregister C:\WINDOWS\syst32.dll|1

FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
FileDelete C:\Documents and Settings\Administrateur\Application Data\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Administrateur\Application Data\*errorsafe*.exe
FileDelete C:\Documents and Settings\Administrateur\Application Data\*winantispyware*.exe
FileDelete C:\Documents and Settings\Administrateur\Application Data\*winantivirus*.exe
FileDelete C:\Documents and Settings\Administrateur\Application Data\install_fr*.exe
FileDelete C:\Documents and Settings\Administrateur\Application Data\installer_fr[1].exe
FileDelete C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
FileDelete C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\Administrateur\Application Data\setup_fr[1].exe
FileDelete C:\Documents and Settings\Administrateur\Bureau\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Administrateur\Bureau\DriveCleaner 2006 Free.lnk
FileDelete C:\Documents and Settings\Administrateur\Bureau\ErrorGuard.lnk
FileDelete C:\Documents and Settings\Administrateur\Bureau\ErrorSafe.lnk
FileDelete C:\Documents and Settings\Administrateur\Bureau\ErrorSafe*.exe
FileDelete C:\Documents and Settings\Administrateur\Bureau\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\Administrateur\Bureau\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\Administrateur\Bureau\WinFixer*.exe
FileDelete C:\Documents and Settings\Administrateur\Bureau\WinFixer*.lnk
FileDelete C:\Documents and Settings\Administrateur\Mes documents\*drivecleaner*.exe
FileDelete C:\Documents and Settings\Administrateur\Mes documents\*SystemDoctor*.exe
FileDelete C:\Documents and Settings\Administrateur\Mes documents\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\*drivecleaner*.exe
FileDelete C:\Program Files\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
FileDelete C:\WINDOWS\46241234110.exe
FileDelete C:\WINDOWS\service32.exe
FileDelete C:\WINDOWS\syst32.dll
FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
FileDelete C:\WINDOWS\system32\av.cpl
FileDelete C:\WINDOWS\system32\blackster.scr
FileDelete C:\WINDOWS\system32\df_kme.exe
FileDelete C:\WINDOWS\system32\stera.exe
FileDelete C:\WINDOWS\system32\stera.?o?
FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
FileDelete C:\WINDOWS\system32\drivers\ersd.sys
FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
FileDelete C:\WINDOWS\system32\drivers\fopn.sys
FileDelete C:\WINDOWS\system32\drivers\sscan.sys
FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
FileDelete C:\WINDOWS\system32\drivers\WFF.sys
FileDelete C:\systemdoctor*.exe

# 6 - Repertoires

FolderDelete C:\Documents and Settings\Administrateur\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\Administrateur\Application Data\AXPDefender
FolderDelete C:\Documents and Settings\Administrateur\Application Data\AXPFixer
FolderDelete C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free
FolderDelete C:\Documents and Settings\Administrateur\Application Data\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\Administrateur\Application Data\systemdoctor 2006 free
FolderDelete C:\Documents and Settings\Administrateur\Application Data\VirusGarde
FolderDelete C:\Documents and Settings\Administrateur\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\Administrateur\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
FolderDelete C:\Program Files\AXPDefender
FolderDelete C:\Program Files\AXPFixer
FolderDelete C:\Program Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\erroguard
FolderDelete C:\Program Files\Error Safe
FolderDelete C:\Program Files\Error Safe Free
FolderDelete C:\Program Files\ErrorSafe
FolderDelete C:\Program Files\errorsafe free
FolderDelete C:\Program Files\MalWarrior*
FolderDelete C:\Program Files\SysProtect Free
FolderDelete C:\Program Files\SystemDoctor 2006
FolderDelete C:\Program Files\SystemDoctor 2006 Free
FolderDelete C:\Program Files\VirusGarde
FolderDelete C:\Program Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
FolderDelete C:\Program Files\WinAntiVirus 2005
FolderDelete C:\Program Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\WinFixer 2005
FolderDelete C:\Program Files\WinPopupGuard 2005
FolderDelete C:\Program Files\winspywareprotect
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
FolderDelete C:\Program Files\Archivos comunes\ErrClean
FolderDelete C:\Program Files\Archivos comunes\Error Safe
FolderDelete C:\Program Files\Archivos comunes\erroguard
FolderDelete C:\Program Files\Archivos comunes\errorguard
FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
FolderDelete C:\Program Files\Archivos comunes\WinSoftware
FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Common Files\ErrClean
FolderDelete C:\Program Files\Common Files\erroguard
FolderDelete C:\Program Files\Common Files\errorguard
FolderDelete C:\Program Files\Common Files\ErrorSafe
FolderDelete C:\Program Files\Common Files\SysProtect
FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Common Files\WinFixer 2005
FolderDelete C:\Program Files\Common Files\WinSoftware
FolderDelete C:\Program Files\Common Files\winspywareprotect
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Fichiers communs\DriveCleane

Réponse 9 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 20:48

pas il à fait du nettoyage, maintenant fais ceci :

Telecharge malwarebytes

NB : S'il te manque COMCTL32.OCX alors télécharge le ici

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

Tutoriaux

Réponse 10 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 22:02

Voici le rapport:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1892
Windows 5.1.2600 Service Pack 2

24/03/2009 21:58:06
mbam-log-2009-03-24 (21-58-06).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
Eléments examinés: 137070
Temps écoulé: 28 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.

Réponse 11 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 22:30

ensuite ceci :

AD-Remover : recherche

* Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

* Clique sur Démarrer puis sur panneau de configuration
* Double Clique sur l'icône "Comptes d'utilisateurs"
* Clique ensuite sur désactiver et valide.
* Redémarre le PC

▶ Télécharge et enregistre le fichier d installation sur ton bureau :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

▶ Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

▶ Ouvre le dossier Ad-remover présent sur ton bureau

▶ Double clique sur Ad-remover.bat.

* Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"

▶ Au menu principal choisi l'option "A"

▶ Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Réponse 12 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 22:56

Re!

J'ai suivi la procédure comme indiqué, je lance le scan ad-remover mais au bout de quelques minutes je me retrouve avec un écran violet...
J'ai recommencé une fois, mais j'ai encore la meme chose.

Réponse 13 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 23:26

tu as désactivé ton antivirus?

Réponse 14 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 23:35

J'utilise Avast, je l'ai désactivé, j'ai également désactivé le pare feu windows...
J'ai lancé encore une fois un scan avec ad-remover, il démarre sans problème, mais se bloque une fois arrivé a "Recherche autres Adwares" (ça fait facile 15/20 minutes).
Je suis sous windows XP je n'ai donc pas fait la manip' "compte d'utilisateurs etc.". Ai-je bien fais?

Réponse 15 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 23:47

C'est bon!! j'y suis enfin arrivé!! :-D

Voilà le rapport:

------- LOGFILE OF AD-REMOVER 1.1.2.1 | ONLY XP/VISTA -------

Updated by C_XX on 23/03/2009 at 19:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

Start at: 23:30:09, Mar 24/03/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: USER-824DOYA1TZ
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- F:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 35

+-----------------| Boonty/Boonty Games Elements Found:

.
HKLM\Software\Boonty
.

+-----------------| Eorezo Elements Found:

HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCU\Software\EoRezo
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\Software\Classes\AppID\EoRezoBHO.DLL
HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Program Files\EoRezo
C:\Documents and Settings\Administrateur\Application Data\EoRezo

+-----------------| Infected Poker Softwares Elements Found:

HKCU\Software\Titan Poker
HKLM\Software\Titan Poker
HKU\S-1-5-21-343818398-2000478354-839522115-500\Software\Titan Poker
.

+-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

.
.

+-----------------| It's TV Elements Found:

HKLM\Software\ItsLabel
.

+-----------------| Sweetim Elements Found:

.

============ Other Adwares Found ============

.
.

+-----------------| Added Scan:

---- Mozilla FireFox Version 3.0.7 ----

ProfilePath: 9kxh818u.default (Administrateur)
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
.
.
Invalidprefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Invalidprefs.js: Browser.Search.SelectedEngine: "Yahoo"
.
(Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://www.eo.st");
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.google.fr/
First Home Page: hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1

+-[HKEY_USERS\S-1-5-21-343818398-2000478354-839522115-500\..\Internet Explorer\Main]

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.google.fr/
First Home Page: hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

3847 Byte(s) - C:\Ad-Report-Scan-24.03.2009.log

0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 23:45:09 | 24/03/2009
.
+-----------------| E.O.F - 88 Lines
.

Réponse 16 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
24 mars 2009 à 23:51

Et ba y en a des choses là dedans tu va me faire ne nettoyage, ensuite ceci et je te dis à demain :

AD-Remover : nettoyage

! Déconnectes toi et fermes toutes applications en cours !

● Relances "Ad-remover" : au menu principal choisi l'option "B" .

● Coche à l'écran de sélection :

1. Suppression Boonty/BoontyGames
2. Suppression Eorezo
3. Suppression Everest Poker
4. Suppression Funwebproduct/MyWay/MyWebsearch
5. Suppression It's TV
6. Suppression Sweetim
7. Suppression autres adwares

Ne cocher que ceci :

1.Suppression Boonty/BoontyGames
2. Suppression Eorezo
3. Suppression Everest Poker
5. Suppression It's TV

● Tape le chiffre correspondant à la suppression demandée et valide par ENTER pour le cocher.

● Puis choisi "S" , le programme va travailler,

● Postes le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)

PS : ne mettre que les suppressions nécessaires !!

Ensuite me faire ceci :

Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

Télécharge Superantispyware (SAS)

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.

Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

Réponse 17 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
24 mars 2009 à 23:52

Merci!! Je fais la manip', et puis a demain! :-)

Bye!

Réponse 18 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
25 mars 2009 à 11:02

Bonjour,

Voilà la suite des rapports d'hier,

Ad-Report clean :

------- LOGFILE OF AD-REMOVER 1.1.2.1 | ONLY XP/VISTA -------

Updated by C_XX on 23/03/2009 at 19:00
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

**** LIMITED TO ****

Boonty/BoontyGames
Eorezo
Infected Poker Softwares
It's TV

********************

Start at: 0:30:27, Mer 25/03/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
Computer Name: USER-824DOYA1TZ
Current User: Administrateur - Administrator
Drive(s):
- C:\ (File System: NTFS)
- F:\ (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 33

(!) ---- IE start pages/Tabs reset

+-----------------| Boonty/Boonty Games Elements Deleted :

.
.

+-----------------| Eorezo Elements Deleted :

.

+-----------------| Infected Poker Softwares Elements Deleted :

.

+-----------------| It's TV Elements Deleted :

.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+-----------------| Added Scan :

---- Mozilla FireFox Version 3.0.7 ----

ProfilePath: 9kxh818u.default (Administrateur)
.
Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
.
.
Invalidprefs.js: Browser.Search.DefaultEngineName: "Yahoo"
Invalidprefs.js: Browser.Search.SelectedEngine: "Yahoo"
.
.
.

---- Internet Explorer Version 6.0.2900.2180 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-343818398-2000478354-839522115-500\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

2188 Byte(s) - C:\Ad-Report-Clean-24.03.2009.log
3095 Byte(s) - C:\Ad-Report-Clean-25.03.2009.log
4087 Byte(s) - C:\Ad-Report-Scan-24.03.2009.log

4 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

End at: 0:31:01 | 25/03/2009
.
+-----------------| E.O.F - 69 Lines
.

SuperAntispyware :

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 03/25/2009 at 01:32 AM

Application Version : 4.25.1014

Core Rules Database Version : 3812
Trace Rules Database Version: 1766

Scan type : Complete Scan
Total Scan Time : 00:46:51

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 5713
Registry threats detected : 14
File items scanned : 24180
File threats detected : 0

Registry Cleaner Trial
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [ ]

Trojan.Media-Codec
HKCR\Media-Codec.Chl
HKCR\Media-Codec.Chl\CLSID

Trojan.ErrorSafe
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000\LogConf

Réponse 19 / 40

pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
25 mars 2009 à 11:05

pas mal, tu peux supprimer tout ce que SAS à trouvé ensuite me faire ceci :

Télécharger RemoveIT Pro

Fais un scan et poste moi le full rapport log.

A la fin du 1er scan, s'il demande de faire un scan complet dite oui et à la fin du 2ème scan, si virus trouvé cliquez sur fix pour nettoyer des virus trouvés.

Réponse 20 / 40

Sparrow06 Messages postés 98 Date d'inscription dimanche 29 avril 2007 Statut Membre Dernière intervention 28 juin 2011 1
25 mars 2009 à 11:32

J'ai lancé le scan RemoveIT, voici le rapport :

RemoveIT Pro v4 - SE (Build date: 6.6.2008) full information log file.
Generated at: 25/03/2009 on 11:27:51
Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Author: Damjan Irgolic
https://www.incodesolutions.com/
support@incodesolutions.com

Running processes: (25)
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAPRPCSN.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe

Startup files:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
[C:\WINDOWS\system32\ctfmon.exe]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
["C:\Program Files\Messenger\msmsgs.exe" /background]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\H/PC Connection Agent
["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SUPERAntiSpyware
[C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
["C:\Program Files\QuickTime\qttask.exe" -atboottime]

Detail report: (80)
Clsid c:\program files\rdm+\notify.dll[d75a6d08308d5248b13fd202ac73f4e4][61440]
Clsid c:\program files\superantispyware\saswinlo.dll[972edede23ac8d59aac0c09799c6f18a][356352]
Clsid C:\WINDOWS\system32\ati2evxx.dll[fb1356fa822d188007b9de19e2e28605][86016]
Clsid C:\WINDOWS\system32\crypt32.dll[62e4fb08c41982aca211b595b5ef4897][604672]
Clsid C:\WINDOWS\system32\cryptnet.dll[025f99400e4b13912f6a952a3dc3a05c][63488]
Clsid C:\WINDOWS\system32\cscdll.dll[c9e9472024ab0a5d3380753cd523b4c8][102912]
Clsid C:\WINDOWS\system32\sclgntfy.dll[c4d404a4e5c0792fd1986beb212180c3][22016]
Clsid C:\WINDOWS\system32\wgalogon.dll[dd8b6382e30fbb58d69610abceebd3eb][267304]
Clsid C:\WINDOWS\system32\wlnotify.dll[63e971b0f93fa3f9b80ecb917f756188][94208]
Clsid c:\windows\system32\wpdshserviceobj.dll[045e228f71c31901084b64be59093499][133632]
Clsid C:\WINDOWS\system32\wrlogonntf.dll[c8e9d55b5ca06730085bc87725babdc5][492544]
Proc C:\PROGRA~1\MICROS~3\rapimgr.exe[dcfc84480c76d862d9bfd386ea6e8de7][199464]
Proc C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2acfc9242be81ae2356e14e5e05c02bb][106496]
Proc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[a564a22308a3f55235ba2478ee82992d][28672]
Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[5f3e76c6be90c901c7a3058f05a5dc33][550912]
Proc C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[55f24e6ec983fcc7510293b05a27ceec][110592]
Proc C:\Program Files\Messenger\msmsgs.exe[74e6e96c6f0e2eca4edbb7f7a468f259][1694208]
Proc C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4c4cf9220e628d1378f9807ec5175488][1289000]
Proc C:\Program Files\Mozilla Firefox\firefox.exe[762d1d11bb4e7c8d238d957e5ab60d0e][307704]
Proc C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
Proc C:\WINDOWS\Explorer.EXE[d0288319660edcfed07c7e74c4ea38a5][1037312]
Proc C:\WINDOWS\System32\Ati2evxx.exe[4deaa162480367b232f3ee3a6d34084b][389120]
Proc C:\WINDOWS\system32\CAPRPCSN.EXE[5c461076572f83a2c288bbf994c2142a][28160]
Proc C:\WINDOWS\system32\ctfmon.exe[64e41e8fee655b03e3f19ded21ba5118][15360]
Proc C:\WINDOWS\system32\lsass.exe[259af82a0932eea4f316f92db94707b6][13312]
Proc C:\WINDOWS\system32\MsPMSPSv.exe[668056d5c3c11ab7d266819a96b964e8][53248]
Proc C:\WINDOWS\system32\services.exe[63dcde1a0d86eeb8924d6738ff616ead][108544]
Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Proc C:\WINDOWS\system32\svchost.exe[2979b03d5382a602623c0535b16ab9c0][14336]
Proc C:\WINDOWS\system32\WgaTray.exe[eac5391e9f59a13dd102c02f53df5358][952360]
Proc C:\WINDOWS\system32\wscntfy.exe[8558905ba81f6efaaf9667139bb117dd][13824]
RegRun c:\program files\messenger\msmsgs.exe [74e6e96c6f0e2eca4edbb7f7a468f259][1694208]
RegRun c:\program files\microsoft activesync\wcescomm.exe[4c4cf9220e628d1378f9807ec5175488][1289000]
RegRun c:\program files\quicktime\qttask.exe [7fbe43046efdf24fc9375024e4d02ac9][282624]
RegRun c:\program files\superantispyware\superantispyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
RegRun c:\windows\system32\ctfmon.exe[64e41e8fee655b03e3f19ded21ba5118][15360]
Service c:\program files\fichiers communs\adobe systems shared\service\adobelmsvc.exe[03e85345ee24787454572350e8fb0b3e][72704]
Service c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe[2acfc9242be81ae2356e14e5e05c02bb][106496]
Service c:\program files\fichiers communs\symantec shared\sndsrvc.exe[443e397643965e08c5ab6a6caa732b97][206552]
Service c:\program files\ipod\bin\ipodservice.exe[b960fa3b5a10588dc00bbecb662a9397][501048]
Service c:\program files\ivt corporation\bluesoleil\btntservice.exe[55f24e6ec983fcc7510293b05a27ceec][110592]
Service c:\program files\msn messenger\usnsvc.exe[c5b70a6aa947667ce0e5fc84a05ec8b6][97136]
Service c:\program files\windows media player\wmpnetwk.exe[c9bea742ce225cc993c9465fddae4656][918016]
Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[4eabf511b1af176a971c3271e48fa3a8][33800]
Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[234b1bc2796483e1f5c3f26649fb3388][70144]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[e7cc3aeaed9893a88876744cd439f76c][864256]
Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[f9102685f97f9ba85f4a70afcf722cfe][122880]
Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[993883524aa9cf1c90e1545411a9ac9c][36864]
Service c:\windows\system32\alg.exe[b43cc0f07752d456038cd0268e4d84e9][44544]
Service c:\windows\system32\ati2evxx.exe[4deaa162480367b232f3ee3a6d34084b][389120]
Service c:\windows\system32\cisvc.exe[abfac5d58218c0a655dfcae2d8a535f3][5632]
Service c:\windows\system32\clipsrv.exe[e42101918c50f754fc15367814fec11c][33280]
Service c:\windows\system32\dllhost.exe [9b2ce161927038d4cabe0482a14fd052][5120]
Service c:\windows\system32\dmadmin.exe [647d03a59615fee96d647d4426f1537e][225280]
Service c:\windows\system32\hpzipm12.exe[fb03f341ff5380394bf2ee52f1979925][65795]
Service c:\windows\system32\imapi.exe[17b7a4375868b8c38f2dfc98b3b420c6][150016]
Service c:\windows\system32\locator.exe[dab8e0b2f07dc4d44f8f72bf3994630b][75264]
Service c:\windows\system32\lsass.exe[259af82a0932eea4f316f92db94707b6][13312]
Service c:\windows\system32\mnmsrvc.exe[5b219f99cf6d5be05a6c6e86c38cb7ce][32768]
Service c:\windows\system32\msdtc.exe[11ca338b8765db8e2d1b459f2cfad147][6144]
Service c:\windows\system32\msiexec.exe [f5f0146580e7023adb963879840777f8][78848]
Service c:\windows\system32\mspmspsv.exe[668056d5c3c11ab7d266819a96b964e8][53248]
Service c:\windows\system32\netdde.exe[d40598fd7b7dccbfb22d777e0dfb1cf0][114176]
Service c:\windows\system32\rsvp.exe[414964844f4793acb868d057e8ed997e][132608]
Service c:\windows\system32\scardsvr.exe[8866078139c403a28cb4cb460ca6dc90][100352]
Service c:\windows\system32\services.exe[63dcde1a0d86eeb8924d6738ff616ead][108544]
Service c:\windows\system32\sessmgr.exe[f35a23e5b6413f93ccca0d05d00183fb][142336]
Service c:\windows\system32\smlogsvc.exe[0faad412d36e668260a6d5699875d534][93184]
Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
Service c:\windows\system32\svchost.exe [2979b03d5382a602623c0535b16ab9c0][14336]
Service c:\windows\system32\tlntsvr.exe[d244322be1a7c8ad252ec5397ea6d296][75264]
Service c:\windows\system32\ups.exe[394c9b28c1a97e1ae0421be88ddac102][18432]
Service c:\windows\system32\vssvc.exe[ce38755ff8c161a66e45fc0c10cdee87][295424]
Service c:\windows\system32\wbem\wmiapsrv.exe[93a3fc4cf42587a7ab54788f19b9259c][126464]
Startup c:\documents and settings\administrateur\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\documents and settings\all users\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
Startup c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe[03163baf3a5dbf8742804093931d7d32][147456]
Startup c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe[a564a22308a3f55235ba2478ee82992d][28672]
Startup c:\windows\system32\spool\drivers\w32x86\2\cappswn.exe[23c2266a727e553cc176df549217f3fe][113664]
System.ini c:\windows\system32\mspmspsv.exe[668056d5c3c11ab7d266819a96b964e8][53248]

Startup folder: (5)
Startup name: desktop.ini
Command: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\desktop.ini
Startup name: desktop.ini
Command: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
Startup name: Fenêtre d'état Canon LBP-800.LNK
Command: C:\WINDOWS\system32\spool\drivers\w32x86\2\CAPPSWN.EXE
Startup name: hp psc 1000 series.lnk
Command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Startup name: hpoddt01.exe.lnk
Command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

Win.ini Startup: (1)
Path: device2=us/hx73jysi7xsi5y8a9zr2+xss=

Win.ini Startup: (1)
Path: No additional driver found!

Keyboard drivers: (1)
Name: No Keyboard Filter driver found!

Services: (97)
Service Name: .NET Runtime Optimization Service v2.0.50727_X86 [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Service Name: Accès à distance au Registre [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Acquisition d'image Windows (WIA) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k imgsvc
Service Name: Adobe LM Service [Stopped],
Path: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
Service Name: Affichage des messages [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Aide et support [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Appel de procédure distante (RPC) [Running],
Path: C:\WINDOWS\system32\svchost -k rpcss
Service Name: Apple Mobile Device [Running],
Path: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Service Name: Application système COM+ [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name: ASP.NET State Service [Stopped],
Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Service Name: Assistance TCP/IP NetBIOS [Running],
Path: C:\WINDOWS\system32\svchost.exe -k LocalService
Service Name: Ati HotKey Poller [Running],
Path: C:\WINDOWS\System32\Ati2evxx.exe
Service Name: Audio Windows [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Avertissement [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: BlueSoleil Hid Service [Running],
Path: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
Service Name: Carte à puce [Stopped],
Path: C:\WINDOWS\System32\SCardSvr.exe
Service Name: Carte de performance WMI [Stopped],
Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
Service Name: Centre de sécurité [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Cliché instantané de volume [Stopped],
Path: C:\WINDOWS\System32\vssvc.exe
Service Name: Client de suivi de lien distribué [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Client DHCP [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Client DNS [Running],
Path: C:\WINDOWS\System32\svchost.exe -k NetworkService
Service Name: Compatibilité avec le Changement rapide d'utilisateur [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Configuration automatique sans fil [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Connexion secondaire [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Connexions réseau [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: DDE réseau [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Détection matériel noyau [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Distributed Transaction Coordinator [Stopped],
Path: C:\WINDOWS\System32\msdtc.exe
Service Name: DSDM DDE réseau [Stopped],
Path: C:\WINDOWS\system32\netdde.exe
Service Name: Emplacement protégé [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Error Reporting Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Explorateur d'ordinateur [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Extensions du pilote WMI [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Fournisseur de la prise en charge de sécurité LM NT [Stopped],
Path: C:\WINDOWS\System32\lsass.exe
Service Name: Gestion d'applications [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Gestionnaire de comptes de sécurité [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Gestionnaire de connexion automatique d'accès distant [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Gestionnaire de connexions d'accès distant [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Gestionnaire de disque logique [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Gestionnaire de l'Album [Stopped],
Path: C:\WINDOWS\system32\clipsrv.exe
Service Name: Gestionnaire de session d'aide sur le Bureau à distance [Stopped],
Path: C:\WINDOWS\system32\sessmgr.exe
Service Name: HID Input Service [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Horloge Windows [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Hôte de périphérique universel Plug-and-Play [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: HTTP SSL [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
Service Name: Indexing Service [Stopped],
Path: C:\WINDOWS\system32\cisvc.exe
Service Name: Infrastructure de gestion Windows [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Journal des événements [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Journaux et alertes de performance [Stopped],
Path: C:\WINDOWS\system32\smlogsvc.exe
Service Name: Lanceur de processus serveur DCOM [Running],
Path: C:\WINDOWS\system32\svchost -k DcomLaunch
Service Name: Localisateur d'appels de procédure distante (RPC) [Stopped],
Path: C:\WINDOWS\System32\locator.exe
Service Name: Mises à jour automatiques [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: MS Software Shadow Copy Provider [Stopped],
Path: C:\WINDOWS\System32\dllhost.exe /Processid:{7F570BC6-8E72-4DFF-8DFB-7229C7A2576C}
Service Name: Net.Tcp Port Sharing Service [Stopped],
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Service Name: NLA (Network Location Awareness) [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Notification d'événement système [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Ouverture de session réseau [Stopped],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Pare-feu Windows / Partage de connexion Internet [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Partage de Bureau à distance NetMeeting [Stopped],
Path: C:\WINDOWS\System32\mnmsrvc.exe
Service Name: Planificateur de tâches [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Plug-and-Play [Running],
Path: C:\WINDOWS\system32\services.exe
Service Name: Pml Driver HPZ12 [Stopped],
Path: C:\WINDOWS\system32\HPZipm12.exe
Service Name: QoS RSVP [Stopped],
Path: C:\WINDOWS\System32\rsvp.exe
Service Name: RDM+ Local Service [Stopped],
Path: "C:\Program Files\RDM+\rdmpserv.exe"
Service Name: Routage et accès distant [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Serveur [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Service COM de gravage de CD IMAPI [Stopped],
Path: C:\WINDOWS\system32\imapi.exe
Service Name: Service d'administration du Gestionnaire de disque logique [Stopped],
Path: C:\WINDOWS\System32\dmadmin.exe /com
Service Name: Service d'application d'assistance IPv6 [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Service d'approvisionnement réseau [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Service de découvertes SSDP [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Service de la passerelle de la couche Application [Running],
Path: C:\WINDOWS\System32\alg.exe
Service Name: Service de l'iPod [Stopped],
Path: "C:\Program Files\iPod\bin\iPodService.exe"
Service Name: Service de numéro de série du lecteur multimédia portable [Stopped],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Service de restauration système [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Service de transfert intelligent en arrière-plan [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Service Messenger Sharing Folders USN Journal Reader [Stopped],
Path: "C:\Program Files\MSN Messenger\usnsvc.exe"
Service Name: Service Partage réseau du Lecteur Windows Media [Stopped],
Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
Service Name: Services de cryptographie [Running],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Services IPSEC [Running],
Path: C:\WINDOWS\system32\lsass.exe
Service Name: Services Terminal Server [Running],
Path: C:\WINDOWS\System32\svchost -k DComLaunch
Service Name: Spouleur d'impression [Running],
Path: C:\WINDOWS\system32\spoolsv.exe
Service Name: Station de travail [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Stockage amovible [Stopped],
Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
Service Name: Symantec Network Drivers Service [Stopped],
Path: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
Service Name: Système d'événements de COM+ [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Téléphonie [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Telnet [Stopped],
Path: C:\WINDOWS\System32\tlntsvr.exe
Service Name: Thèmes [Running],
Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
Service Name: Uninterruptible Power Supply [Stopped],
Path: C:\WINDOWS\System32\ups.exe
Service Name: WebClient [Running],
Path: C:\WINDOWS\System32\svchost.exe -k LocalService
Service Name: Windows CardSpace [Stopped],
Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Service Name: Windows Driver Foundation - User-mode Driver Framework [Running],
Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
Service Name: Windows Installer [Stopped],
Path: C:\WINDOWS\system32\msiexec.exe /V
Service Name: Windows Presentation Foundation Font Cache 3.0.0.0 [Stopped],
Path: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Service Name: WMDM PMSP Service [Running],
Path: C:\WINDOWS\system32\MsPMSPSv.exe
Finished...

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport

écrire un rapport de travail

1fichier.com et bloqueur de pub

impossible d'afficher le tableau dynamique sur un rapport existant

Accés au cloud