Rapport HiJackThis

Résolu
Sparrow06 Messages postés 101 Statut Membre -  
pimprenelle27 Messages postés 22182 Statut Contributeur sécurité -
Bonjour,

Voici mon rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:30, on 24/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAPRPCSN.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\2\CAPPSWN.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C76EC8A-7C54-4C2B-A499-58800E4A69A9}: NameServer = 82.216.111.125,82.216.111.124
O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

--
End of file - 5025 bytes
Configuration: Windows XP
Firefox 2.0.0.12

40 réponses

  • 1
  • 2
Résumé de la discussion

Ce fil porte sur l’analyse d’un rapport HijackThis sur Windows XP SP2, extrait présentant les processus système, services et éléments de démarrage relevés et la problématique d’élimination potentielle de logiciels indésirables. Des réponses suggèrent des actions concrètes, notamment l’utilisation d’outils externes comme GenProc pour générer un rapport et RemoveIT Pro pour identifier les éléments risqués et guider le nettoyage. Le contenu recense aussi des entrées potentiellement suspectes, telles que des BHO non nommés, des éléments de démarrage et des services tiers, avec des conseils variables selon le contexte. D’autres échanges mentionnent des exemples d’entrées dans le rapport, comme Apple Mobile Device, BlueSoleil ou QuickTime Task, et indiquent que l’étape suivante consiste à générer un nouveau rapport après nettoyage.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Bonjour,

    Quel est le problème?

    Fait ceci et poste moi le rapport à la suite de la question êtes vous aider par quelqu'un, répondre oui. Merci.

    Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
    Dézippe le dossier, double-clique sur GenProc.bat
    En final, poste le contenu du rapport qui s'affiche.
    Comment utiliser GenProc

    Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

    IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvent il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement )

    1
  2. Sparrow06 Messages postés 101 Statut Membre 1
     
    Merci!!

    Voilà en fait mon pc rame énormément et reboot sans raison, je doute que ce soit un souci de température étant donné que ça arrive quelques fois dès le démarrage! Généralement c'est au moment de lancer une video facebook. Lorsque je démarre mon pc je dois également attendre une dizaine de minutes avant d'avoir une connexion internet (firefox est en échec de connexion).

    Voilà le rapport GenProc:

    Rapport GenProc 2.491 [1] - 24/03/2009 à 18:18:47 - Windows XP

    # Etape 1/ Télécharge :

    - CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

    - Brute Force Uninstaller http://merijn.geekstogo.com/files/bfu.zip (Merijn) et décompresse-le sur ton bureau.
    Fais un clic droit de souris sur ce lien : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
    et choisis "Enregistrer la cible (du lien) sous" afin de télécharger le script WinSoftware.bfu,
    que tu placeras à côté de l'icône en forme de boule noire dentée bfu.exe.

    - Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 (Team IDN) sur ton Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Administrateur *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

    # Etape 2/

    Double-clique sur le fichier BFU.exe en forme de boule noire dentée, sur ton bureau. Clique sur le petit dossier jaune,
    à la droite de la boîte "Scriptfile to execute", et double-clique sur le fichier Winsoftware.bfu qui devrait apparaître.
    - Dans la boîte "Script to execute", tu devrais maintenant voir le chemin complet du fichier Winsoftware.bfu.
    - clique sur "Execute" et laisse-le faire son travail. La réussite de l'opération sera obligatoirement sanctionnée
    par un message final "Complete script execution", si ce n'est pas le cas, il faudra le signaler.
    - Clique sur OK, puis exit pour fermer le programme BFU.
    - Recommence encore une fois.

    # Etape 3/

    Lance Toolbar-S&D situé sur le Bureau.
    Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

    # Etape 4/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 5/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport C:\TB.txt ;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ----------------------------------------------------------------------
    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    ----------------------------------------------------------------------

    ~~ Arguments de la procédure ~~

    # Détections [1] GenProc 2.491 24/03/2009 à 18:18:24
    Winsoftware:le 24/03/2009 à 18:18:28 "C:\Program Files\Fichiers communs\ErrorSafe"
    Toolbar:le 24/03/2009 à 18:18:28 "C:\Program Files\KaZaA"
    0
  3. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Tu peux déjà faire toute les étapes et me poster les rapports merci.
    0
  4. Sparrow06 Messages postés 101 Statut Membre 1
     
    Re!

    J'ai pris de l'avance, et ai suivi les étapes indiquées.

    Voilà le rapport TB:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Athlon(TM) XP 2800+ )
    BIOS : Award Modular BIOS v6.0
    USER : Administrateur ( Administrator )
    BOOT : Fail-safe boot
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:48 Go (Free:11 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    F:\ (Local Disk) - NTFS - Total:65 Go (Free:60 Go)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 24/03/2009|19:11 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\ADMINI~1\Cookies\administrateur@www.bananalotto[2].txt
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\KaZaA\db
    Supprime! - C:\Program Files\KaZaA\Db
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\KaZaA
    Supprime! - C:\Program Files\KaZaA

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "First Home Page"="http://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.au
    C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.idx

    1 - "C:\ToolBar SD\TB_1.txt" - 24/03/2009|19:13 - Option : [2]

    -----------\\ Fin du rapport a 19:13:47,01

    Et le nouveau rapport HJT:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:17:41, on 24/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Fenêtre d'état Canon LBP-800.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\2\CAPPSWN.EXE
    O4 - Global Startup: hp psc 1000 series.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8C76EC8A-7C54-4C2B-A499-58800E4A69A9}: NameServer = 82.216.111.125,82.216.111.124
    O20 - Winlogon Notify: RDM+ - C:\Program Files\RDM+\notify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RDM+ Local Service (RDMPLocalService) - Unknown owner - C:\Program Files\RDM+\rdmpserv.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Sparrow06 Messages postés 101 Statut Membre 1
     
    Up
    0
  7. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Désolé je peux manger quand même? ça à me supprimer de suite :

    C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.au
    C:\DOCUME~1\ADMINI~1\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-143c79f9-5cdc8ab2.idx

    Ensite il n'y a pas de rapport brute force?
    0
  8. Sparrow06 Messages postés 101 Statut Membre 1
     
    Re!

    Bon appétit!! Désolé je ne voulai pas mettre la pression...
    J'ai essayer de supprimer les fichiers indiqué, mais après "cache" il n'y a plus rien, or les fichiers cachés sont visibles :-s
    Je n'ai pas trouvé le rapport brute force...

    Prends ton temps...

    Merci
    0
  9. Sparrow06 Messages postés 101 Statut Membre 1
     
    Voilà le rapport brute force: (je viens de le relancer et ai sauver le log, ce que je n'avais pas fais la première fois)

    BFU v1.12.0
    Windows XP SP2 (WinNT 5.01.2600 SP2)
    Script started at 20:25:11, on 24/03/2009

    Option Unload Explorer: Yes
    Success: ProcessKillByPID 600
    Success: ProcessKill C:\WINDOWS\explorer.exe|1
    Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu
    # lazzzy 20/09/2006
    # Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect / Adsl Software Limited

    OptionUnloadShell

    # 1 - Processus

    ProcessKill \AdwareProtector.exe|1
    ProcessKill \ErrorGuard.exe|1
    ProcessKill \ERScw.exe|1
    ProcessKill \Malwarrior.exe|1
    ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
    ProcessKill \sd2006.exe|1
    ProcessKill \SDR6cw.exe|1
    ProcessKill \SDRmon.exe|1
    ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
    ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
    ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
    ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
    ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
    ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1
    ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
    ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
    ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
    ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
    ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
    ProcessKill uwasffNT.exe|1
    ProcessKill \was6.exe|1
    ProcessKill \WinAV.exe|1
    ProcessKill \WinPG2005.exe|1
    ProcessKill \WinSpywareProtect.exe|1

    # 2 - Services

    ServiceStop FWSvc
    ServiceDisable FWSvc
    ServiceDelete FWSvc

    # 3 - Registre

    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|MalWarrior
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinSpywareProtect (ver. 5.1)

    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPDefender
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|AXPFixer
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_0001_N122M2802
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6P_5555_N122M0312
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N122M1202
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N122M1912
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGDCFR_0001_N129M2006
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGESV_0001_N122M0303
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|strpmon
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005

    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner

    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\system32\drivers\uwasfsd.sys

    RegDeleteKey HKCR\antiviruscom.avofficeprotect
    RegDeleteKey HKCR\antiviruscom.avofficeprotect.1
    RegDeleteKey HKCR\avexplorer.shellextension
    RegDeleteKey HKCR\avexplorer.shellextension.2
    RegDeleteKey HKCR\avexplorer.shellextension\curver
    RegDeleteKey HKCR\checkprod.checkproduct
    RegDeleteKey HKCR\CheckProduct2.CheckProduct
    RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
    RegDeleteKey HKCR\ComCleanCor.AppCleane
    RegDeleteKey HKCR\ComCleanCor.AppCleane.1
    RegDeleteKey HKCR\ComCleanCor.CQuickScan
    RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
    RegDeleteKey HKCR\ComCleanCor.FileCleane
    RegDeleteKey HKCR\ComCleanCor.InetCleane
    RegDeleteKey HKCR\ComCleanCor.InetCleane.1
    RegDeleteKey HKCR\ComCleanCor.RegCleane
    RegDeleteKey HKCR\ComCleanCor.RegCleane.1
    RegDeleteKey HKCR\ComCleanCor.SystemCleane
    RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
    RegDeleteKey HKCR\ComCleanCore.FileClean.1
    RegDeleteKey HKCR\CompCleanCore.AppCleaner
    RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
    RegDeleteKey HKCR\CompCleanCore.CCQuickScan
    RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
    RegDeleteKey HKCR\CompCleanCore.FileCleaner
    RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
    RegDeleteKey HKCR\CompCleanCore.InetCleaner
    RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
    RegDeleteKey HKCR\CompCleanCore.RegCleaner
    RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
    RegDeleteKey HKCR\CompCleanCore.SystemCleaner
    RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
    RegDeleteKey HKCR\df_fixer.Fixer
    RegDeleteKey HKCR\df_fixer.Fixer.1
    RegDeleteKey HKCR\df_proxy.DriverManipulate
    RegDeleteKey HKCR\df_proxy.DriverManipulate.1
    RegDeleteKey HKCR\df_fix.Fix
    RegDeleteKey HKCR\df_fix.Fix.1
    RegDeleteKey HKCR\df_prx.DriverManipulat
    RegDeleteKey HKCR\df_prx.DriverManipulat.1
    RegDeleteKey HKCR\escompcleancore.esappcleaner
    RegDeleteKey HKCR\escompcleancore.esappcleaner.1
    RegDeleteKey HKCR\escompcleancore.esccquickscan
    RegDeleteKey HKCR\escompcleancore.esccquickscan.1
    RegDeleteKey HKCR\escompcleancore.esfilecleaner
    RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
    RegDeleteKey HKCR\escompcleancore.esinetcleaner
    RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
    RegDeleteKey HKCR\escompcleancore.esregcleaner
    RegDeleteKey HKCR\escompcleancore.esregcleaner.1
    RegDeleteKey HKCR\escompcleancore.essystemcleaner
    RegDeleteKey HKCR\escompcleancore.essystemcleaner.1
    RegDeleteKey HKCR\esdf_fixer.esfixer
    RegDeleteKey HKCR\esdf_fixer.esfixer.1
    RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate
    RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
    RegDeleteKey HKCR\esffwraper.esffenginwraper
    RegDeleteKey HKCR\esffwraper.esffenginwraper.1
    RegDeleteKey HKCR\esfixcore.esmmfixcore
    RegDeleteKey HKCR\esfixcore.esmmfixcore.1
    RegDeleteKey HKCR\esmmfixctrl.escofixengine
    RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
    RegDeleteKey HKCR\esspchck.esspchck
    RegDeleteKey HKCR\esspchck.esspchck.1
    RegDeleteKey HKCR\esspcheck.esspcheck
    RegDeleteKey HKCR\esspcheck.esspcheck.1
    RegDeleteKey HKCR\FFCom.FlFixer
    RegDeleteKey HKCR\FFWraper.FFEnginWraper
    RegDeleteKey HKCR\FFWrap.FEnginWrape
    RegDeleteKey HKCR\FFWrap.FEnginWrape.1
    RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
    RegDeleteKey HKCR\FFxr_21.FFixr21
    RegDeleteKey HKCR\FixCor.MMFxCor
    RegDeleteKey HKCR\FixCor.MMFxCor.1
    RegDeleteKey HKCR\FixCore.MMFixCore
    RegDeleteKey HKCR\FixCore.MMFixCore.1
    RegDeleteKey HKCR\FlFxr3.FlFixer3
    RegDeleteKey HKCR\flfxr5.flfixer5
    RegDeleteKey HKCR\FlFxr15.FlFixer15
    RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
    RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
    RegDeleteKey HKCR\FWraper.FFEnginWraper
    RegDeleteKey HKCR\FWraper.FFEnginWraper.1
    RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
    RegDeleteKey HKCR\FxCor_e.MMFixCor_e
    RegDeleteKey HKCR\FxCore.MMFixCore
    RegDeleteKey HKCR\FxCore.MMFixCore.1
    RegDeleteKey HKCR\iefwbho.iefw
    RegDeleteKey HKCR\iefwbho.iefw.2
    RegDeleteKey HKCR\Install.Install
    RegDeleteKey HKCR\Install.Install.1
    RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
    RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
    RegDeleteKey HKCR\MMFx.CoFxEngin
    RegDeleteKey HKCR\MMFx.CoFxEngin.1
    RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
    RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
    RegDeleteKey HKCR\systemdoctor.free
    RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
    RegDeleteKey HKCR\UWFXCheck.UWFXCheck
    RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
    RegDeleteKey HKCR\wap6.pcheck
    RegDeleteKey HKCR\wap6.pcheck.1
    RegDeleteKey HKCR\winpgintegrator.ieintegrator
    RegDeleteKey HKCR\winpgintegrator.ieintegrator.1

    RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
    RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
    RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
    RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
    RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
    RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
    RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
    RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
    RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
    RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
    RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
    RegDeleteKey HKCR\AppID\CheckProduct2.DLL
    RegDeleteKey HKCR\AppID\compcln.dll
    RegDeleteKey HKCR\AppID\compclr.dll
    RegDeleteKey HKCR\AppID\FFWrapr.DLL
    RegDeleteKey HKCR\AppID\FFWraper.DLL
    RegDeleteKey HKCR\AppID\FixCore.DLL
    RegDeleteKey HKCR\AppID\FxCr.DLL
    RegDeleteKey HKCR\AppID\MFix.DLL
    RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
    RegDeleteKey HKCR\AppID\winpgi.dll appid

    RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
    RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
    RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
    RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
    RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
    RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
    RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
    RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
    RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
    RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
    RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
    RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
    RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
    RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
    RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
    RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
    RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
    RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
    RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
    RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
    RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
    RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
    RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
    RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
    RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
    RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
    RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
    RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
    RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
    RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
    RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
    RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
    RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
    RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
    RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
    RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
    RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
    RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
    RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
    RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
    RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
    RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
    RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
    RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
    RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
    RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
    RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
    RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
    RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
    RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
    RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
    RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
    RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
    RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
    RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
    RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
    RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
    RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
    RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
    RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
    RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

    RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
    RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9}
    RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442}
    RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
    RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
    RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
    RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
    RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
    RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
    RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
    RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
    RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
    RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
    RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
    RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
    RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
    RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
    RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
    RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
    RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
    RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
    RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
    RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
    RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
    RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
    RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
    RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
    RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
    RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
    RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
    RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
    RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
    RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
    RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
    RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
    RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
    RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
    RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
    RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
    RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
    RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
    RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
    RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
    RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
    RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
    RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
    RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
    RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
    RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
    RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}

    RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
    RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
    RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
    RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
    RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
    RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
    RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
    RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
    RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276}
    RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
    RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9}
    RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
    RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
    RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
    RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
    RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
    RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
    RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
    RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
    RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
    RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
    RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
    RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
    RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
    RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
    RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
    RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
    RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
    RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
    RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
    RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}

    RegDeleteKey HKCU\Software\Adsl Software Limited
    RegDeleteKey HKCU\Software\ErrorGuard
    RegDeleteKey HKCU\Software\errorsafe
    RegDeleteKey HKCU\Software\error safe free
    RegDeleteKey HKCU\Software\sysprotect free
    RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
    RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
    RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
    RegDeleteKey HKCU\Software\WinFixer 2005
    RegDeleteKey HKCU\Software\WinSoftware

    RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
    RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

    RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered

    RegDeleteKey HKLM\Software\AXPFixer
    RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
    RegDeleteKey HKLM\Software\ErrorSafe
    RegDeleteKey HKLM\Software\Error Safe Free
    RegDeleteKey HKLM\Software\sysprotect
    RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
    RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
    RegDeleteKey HKLM\Software\winantivirus pro 2006
    RegDeleteKey HKLM\Software\WinSoftware

    RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
    RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1
    RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
    RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
    RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
    RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
    RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
    RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
    RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
    RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
    RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
    RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
    RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
    RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
    RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
    RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
    RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
    RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore
    RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
    RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
    RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
    RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
    RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
    RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
    RegDeleteKey HKLM\Software\Classes\UDCShell
    RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
    RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
    RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
    RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
    RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
    RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
    RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
    RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
    RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
    RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
    RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
    RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk

    RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell

    RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
    RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
    RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
    RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
    RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD}
    RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll

    RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
    RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
    RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
    RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
    RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
    RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
    RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
    RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
    RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
    RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
    RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
    RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
    RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
    RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
    RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
    RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
    RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
    RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
    RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
    RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
    RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
    RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
    RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7}
    RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
    RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
    RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
    RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
    RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
    RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
    RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
    RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
    RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
    RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
    RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
    RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
    RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
    RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
    RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
    RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
    RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
    RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
    RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
    RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
    RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
    RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
    RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
    RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
    RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
    RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
    RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
    RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4}
    RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
    RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
    RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
    RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
    RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
    RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}

    RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
    RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
    RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell

    RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
    RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
    RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell

    RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
    RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
    RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
    RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
    RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
    RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
    RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
    RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
    RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
    RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
    RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
    RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
    RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
    RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
    RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
    RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
    RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
    RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
    RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
    RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
    RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
    RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
    RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
    RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
    RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
    RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
    RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
    RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
    RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
    RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
    RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
    RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
    RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
    RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E}
    RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
    RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
    RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
    RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
    RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
    RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
    RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
    RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
    RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
    RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
    RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
    RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
    RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
    RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}

    RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell

    RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd

    RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
    RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
    RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}

    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe

    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}

    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AXPFixer
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MalWarrior 2007_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\winspywareprotect_is1

    RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
    RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys

    RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
    RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
    RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN

    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys

    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys

    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd

    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
    RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd

    RegDeleteKey HKUS\Software\DriveCleaner 2006 Free

    # 4 - ActiveX

    RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
    RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
    RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
    RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
    RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

    RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
    RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
    RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
    RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
    RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024

    # 5 - Fichiers

    DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
    DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1
    DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
    DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
    DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
    DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
    DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
    DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
    DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
    DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
    DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
    DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
    DllUnregister C:\Program Files\SysProtect\compclr.dll|1
    DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
    DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
    DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
    DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
    DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
    DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
    DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
    DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
    DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
    DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
    DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
    DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
    DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
    DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
    DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
    DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
    DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
    DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
    DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
    DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
    DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
    DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
    DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
    DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
    DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
    DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
    DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
    DllUnregister C:\Program Files\Fichiers communs\WinFixer 2005\uwappchk.dll|1
    DllUnregister C:\WINDOWS\syst32.dll|1

    FileDelete C:\Documents and Settings\All Users\Bureau\AXPFixer.lnk
    FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
    FileDelete C:\Documents and Settings\Administrateur\Application Data\*drivecleaner*.exe
    FileDelete C:\Documents and Settings\Administrateur\Application Data\*errorsafe*.exe
    FileDelete C:\Documents and Settings\Administrateur\Application Data\*winantispyware*.exe
    FileDelete C:\Documents and Settings\Administrateur\Application Data\*winantivirus*.exe
    FileDelete C:\Documents and Settings\Administrateur\Application Data\install_fr*.exe
    FileDelete C:\Documents and Settings\Administrateur\Application Data\installer_fr[1].exe
    FileDelete C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\AXPFixer.lnk
    FileDelete C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
    FileDelete C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
    FileDelete C:\Documents and Settings\Administrateur\Application Data\setup_fr[1].exe
    FileDelete C:\Documents and Settings\Administrateur\Bureau\*drivecleaner*.exe
    FileDelete C:\Documents and Settings\Administrateur\Bureau\DriveCleaner 2006 Free.lnk
    FileDelete C:\Documents and Settings\Administrateur\Bureau\ErrorGuard.lnk
    FileDelete C:\Documents and Settings\Administrateur\Bureau\ErrorSafe.lnk
    FileDelete C:\Documents and Settings\Administrateur\Bureau\ErrorSafe*.exe
    FileDelete C:\Documents and Settings\Administrateur\Bureau\SystemDoctor*.lnk
    FileDelete C:\Documents and Settings\Administrateur\Bureau\WinAntiSpyware*.lnk
    FileDelete C:\Documents and Settings\Administrateur\Bureau\WinFixer*.exe
    FileDelete C:\Documents and Settings\Administrateur\Bureau\WinFixer*.lnk
    FileDelete C:\Documents and Settings\Administrateur\Mes documents\*drivecleaner*.exe
    FileDelete C:\Documents and Settings\Administrateur\Mes documents\*SystemDoctor*.exe
    FileDelete C:\Documents and Settings\Administrateur\Mes documents\*WinAntiVirusPro*.exe
    FileDelete C:\Program Files\*drivecleaner*.exe
    FileDelete C:\Program Files\*WinAntiVirusPro*.exe
    FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
    FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
    FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
    FileDelete C:\WINDOWS\46241234110.exe
    FileDelete C:\WINDOWS\service32.exe
    FileDelete C:\WINDOWS\syst32.dll
    FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
    FileDelete C:\WINDOWS\Prefetch\AXPFIXER.EXE*.pf
    FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
    FileDelete C:\WINDOWS\system32\av.cpl
    FileDelete C:\WINDOWS\system32\blackster.scr
    FileDelete C:\WINDOWS\system32\df_kme.exe
    FileDelete C:\WINDOWS\system32\stera.exe
    FileDelete C:\WINDOWS\system32\stera.?o?
    FileDelete C:\WINDOWS\system32\drivers\ApiMon.sys
    FileDelete C:\WINDOWS\system32\drivers\df_kmd.sys
    FileDelete C:\WINDOWS\system32\drivers\ersd.sys
    FileDelete C:\WINDOWS\system32\drivers\erssdd.sys
    FileDelete C:\WINDOWS\system32\drivers\fopn.sys
    FileDelete C:\WINDOWS\system32\drivers\sscan.sys
    FileDelete C:\WINDOWS\system32\drivers\uwasfsd.sys
    FileDelete C:\WINDOWS\system32\drivers\vspf_hk5.sys
    FileDelete C:\WINDOWS\system32\drivers\vspf5.sys
    FileDelete C:\WINDOWS\system32\drivers\wasfsd.sys
    FileDelete C:\WINDOWS\system32\drivers\WFF.sys
    FileDelete C:\systemdoctor*.exe

    # 6 - Repertoires

    FolderDelete C:\Documents and Settings\Administrateur\Application Data\Adsl Software Limited
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\AXPDefender
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\AXPFixer
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\DriveCleaner Free
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\DriveCleaner 2006 Free
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\systemdoctor 2006 free
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\VirusGarde
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\WinAntiVirus Pro 2006
    FolderDelete C:\Documents and Settings\Administrateur\Application Data\WinAntiVirus Pro 2007
    FolderDelete C:\Documents and Settings\All Users\Application Data\libresystem
    FolderDelete C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
    FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
    FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
    FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Advanced XP Defender
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
    FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
    FolderDelete C:\Program Files\AXPDefender
    FolderDelete C:\Program Files\AXPFixer
    FolderDelete C:\Program Files\DriveCleaner 2006 Free
    FolderDelete C:\Program Files\erroguard
    FolderDelete C:\Program Files\Error Safe
    FolderDelete C:\Program Files\Error Safe Free
    FolderDelete C:\Program Files\ErrorSafe
    FolderDelete C:\Program Files\errorsafe free
    FolderDelete C:\Program Files\MalWarrior*
    FolderDelete C:\Program Files\SysProtect Free
    FolderDelete C:\Program Files\SystemDoctor 2006
    FolderDelete C:\Program Files\SystemDoctor 2006 Free
    FolderDelete C:\Program Files\VirusGarde
    FolderDelete C:\Program Files\WinAntiSpyware 2006
    FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
    FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
    FolderDelete C:\Program Files\WinAntiVirus 2005
    FolderDelete C:\Program Files\WinAntiVirus Pro 2006
    FolderDelete C:\Program Files\WinAntiVirus Pro 2007
    FolderDelete C:\Program Files\WinFixer 2005
    FolderDelete C:\Program Files\WinPopupGuard 2005
    FolderDelete C:\Program Files\winspywareprotect
    FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
    FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
    FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
    FolderDelete C:\Program Files\Archivos comunes\ErrClean
    FolderDelete C:\Program Files\Archivos comunes\Error Safe
    FolderDelete C:\Program Files\Archivos comunes\erroguard
    FolderDelete C:\Program Files\Archivos comunes\errorguard
    FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
    FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
    FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
    FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
    FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
    FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
    FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
    FolderDelete C:\Program Files\Archivos comunes\WinSoftware
    FolderDelete C:\Program Files\Archivos comunes\winspywareprotect
    FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
    FolderDelete C:\Program Files\Common Files\ErrClean
    FolderDelete C:\Program Files\Common Files\erroguard
    FolderDelete C:\Program Files\Common Files\errorguard
    FolderDelete C:\Program Files\Common Files\ErrorSafe
    FolderDelete C:\Program Files\Common Files\SysProtect
    FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
    FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
    FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
    FolderDelete C:\Program Files\Common Files\WinFixer 2005
    FolderDelete C:\Program Files\Common Files\WinSoftware
    FolderDelete C:\Program Files\Common Files\winspywareprotect
    FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
    FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
    FolderDelete C:\Program Files\Fichiers communs\DriveCleane
    0
  10. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    pas il à fait du nettoyage, maintenant fais ceci :

    Telecharge malwarebytes

    NB : S'il te manque COMCTL32.OCX alors télécharge le ici

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log

    Tutoriaux

    0
  11. Sparrow06 Messages postés 101 Statut Membre 1
     
    Voici le rapport:

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1892
    Windows 5.1.2600 Service Pack 2

    24/03/2009 21:58:06
    mbam-log-2009-03-24 (21-58-06).txt

    Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|)
    Eléments examinés: 137070
    Temps écoulé: 28 minute(s), 8 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 1
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
    0
  12. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    ensuite ceci :

    AD-Remover : recherche

    * Sous Vista : ▶ Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    * Clique sur Démarrer puis sur panneau de configuration
    * Double Clique sur l'icône "Comptes d'utilisateurs"
    * Clique ensuite sur désactiver et valide.
    * Redémarre le PC

    ▶ Télécharge et enregistre le fichier d installation sur ton bureau :

    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

    ▶ Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( le bureau )

    ▶ Ouvre le dossier Ad-remover présent sur ton bureau

    ▶ Double clique sur Ad-remover.bat.

    * Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"

    ▶ Au menu principal choisi l'option "A"

    ▶ Poste le rapport qui apparait à la fin.

    ( le rapport est sauvegardé aussi sous C:\Ad-report.log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note :

    Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    0
  13. Sparrow06 Messages postés 101 Statut Membre 1
     
    Re!

    J'ai suivi la procédure comme indiqué, je lance le scan ad-remover mais au bout de quelques minutes je me retrouve avec un écran violet...
    J'ai recommencé une fois, mais j'ai encore la meme chose.
    0
  14. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    tu as désactivé ton antivirus?
    0
  15. Sparrow06 Messages postés 101 Statut Membre 1
     
    J'utilise Avast, je l'ai désactivé, j'ai également désactivé le pare feu windows...
    J'ai lancé encore une fois un scan avec ad-remover, il démarre sans problème, mais se bloque une fois arrivé a "Recherche autres Adwares" (ça fait facile 15/20 minutes).
    Je suis sous windows XP je n'ai donc pas fait la manip' "compte d'utilisateurs etc.". Ai-je bien fais?
    0
  16. Sparrow06 Messages postés 101 Statut Membre 1
     
    C'est bon!! j'y suis enfin arrivé!! :-D

    Voilà le rapport:

    ------- LOGFILE OF AD-REMOVER 1.1.2.1 | ONLY XP/VISTA -------

    Updated by C_XX on 23/03/2009 at 19:00
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    Start at: 23:30:09, Mar 24/03/2009 | Boot mode: Normal Boot
    Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
    Computer Name: USER-824DOYA1TZ
    Current User: Administrateur - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - F:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 35

    +-----------------| Boonty/Boonty Games Elements Found:

    .
    HKLM\Software\Boonty
    .

    +-----------------| Eorezo Elements Found:

    HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKCR\AppID\EoRezoBHO.DLL
    HKCR\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKCR\EoRezoBHO.EoBho
    HKCR\EoRezoBHO.EoBho.1
    HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKCU\Software\EoRezo
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
    HKLM\Software\Classes\AppID\EoRezoBHO.DLL
    HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
    HKLM\Software\Classes\EoRezoBHO.EoBho
    HKLM\Software\Classes\EoRezoBHO.EoBho.1
    HKLM\Software\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
    .
    C:\Program Files\EoRezo
    C:\Documents and Settings\Administrateur\Application Data\EoRezo

    +-----------------| Infected Poker Softwares Elements Found:

    HKCU\Software\Titan Poker
    HKLM\Software\Titan Poker
    HKU\S-1-5-21-343818398-2000478354-839522115-500\Software\Titan Poker
    .

    +-----------------| FunWebProducts/MyWay/MyWebSearch Elements Found:

    .
    .

    +-----------------| It's TV Elements Found:

    HKLM\Software\ItsLabel
    .

    +-----------------| Sweetim Elements Found:

    .

    ============ Other Adwares Found ============

    .
    .

    +-----------------| Added Scan:

    ---- Mozilla FireFox Version 3.0.7 ----

    ProfilePath: 9kxh818u.default (Administrateur)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
    Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
    .
    .
    Invalidprefs.js: Browser.Search.DefaultEngineName: "Yahoo"
    Invalidprefs.js: Browser.Search.SelectedEngine: "Yahoo"
    .
    (Invalidprefs.js) FOUND: user_pref("browser.startup.homepage", "http://www.eo.st");
    .
    .

    ---- Internet Explorer Version 6.0.2900.2180 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.google.fr/
    First Home Page: hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1

    +-[HKEY_USERS\S-1-5-21-343818398-2000478354-839522115-500\..\Internet Explorer\Main]

    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.google.fr/
    First Home Page: hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
    Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
    Start page: hxxp://www.msn.com/

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    3847 Byte(s) - C:\Ad-Report-Scan-24.03.2009.log

    0 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
    0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    End at: 23:45:09 | 24/03/2009
    .
    +-----------------| E.O.F - 88 Lines
    .
    0
  17. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    Et ba y en a des choses là dedans tu va me faire ne nettoyage, ensuite ceci et je te dis à demain :

    AD-Remover : nettoyage

    ! Déconnectes toi et fermes toutes applications en cours !

    ● Relances "Ad-remover" : au menu principal choisi l'option "B" .

    ● Coche à l'écran de sélection :

    1. Suppression Boonty/BoontyGames
    2. Suppression Eorezo
    3. Suppression Everest Poker
    4. Suppression Funwebproduct/MyWay/MyWebsearch
    5. Suppression It's TV
    6. Suppression Sweetim
    7. Suppression autres adwares

    Ne cocher que ceci :

    1.Suppression Boonty/BoontyGames
    2. Suppression Eorezo
    3. Suppression Everest Poker
    5. Suppression It's TV

    Tape le chiffre correspondant à la suppression demandée et valide par ENTER pour le cocher.

    ● Puis choisi "S" , le programme va travailler,

    ● Postes le rapport qui apparait à la fin.

    ( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    /!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides)

    PS : ne mettre que les suppressions nécessaires !!

    Ensuite me faire ceci :

    Pour commencer : faire un petit nettoyage de l'ordi et du registre avec Ccleaner, regarde bien le Tuto CCleaner

    Télécharge Superantispyware (SAS)

    Choisis "enregistrer" et enregistre-le sur ton bureau.

    Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    Créé une icône sur le bureau.

    Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    - Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    - Sous Configuration and Preferences, clique sur le bouton "Preferences"
    - Clique sur l'onglet "Scanning Control "
    - Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    Close browsers before scanning
    Scan for tracking cookies
    Terminate memory threats before quarantining
    - Laisse les autres lignes décochées.

    - Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    - Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    Dans la colonne de gauche, coche C:\Fixed Drive.

    Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

    Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    Pour recopier les informations sur le forum, fais ceci :

    - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    - Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

    - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

    - Copie son contenu dans ta réponse.

    Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

    0
  18. Sparrow06 Messages postés 101 Statut Membre 1
     
    Merci!! Je fais la manip', et puis a demain! :-)

    Bye!
    0
  19. Sparrow06 Messages postés 101 Statut Membre 1
     
    Bonjour,

    Voilà la suite des rapports d'hier,

    Ad-Report clean :

    ------- LOGFILE OF AD-REMOVER 1.1.2.1 | ONLY XP/VISTA -------

    Updated by C_XX on 23/03/2009 at 19:00
    Contact: AdRemover.contact@gmail.com
    Website: http://pagesperso-orange.fr/FindyKill.Ad.Remover/

    **** LIMITED TO ****

    Boonty/BoontyGames
    Eorezo
    Infected Poker Softwares
    It's TV

    ********************

    Start at: 0:30:27, Mer 25/03/2009 | Boot mode: Normal Boot
    Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
    Operating System: Microsoft® Windows XP™ Service Pack 2 (version 5.1.2600)
    Computer Name: USER-824DOYA1TZ
    Current User: Administrateur - Administrator
    Drive(s):
    - C:\ (File System: NTFS)
    - F:\ (File System: NTFS)
    System Drive: C:\
    Windows Directory: C:\WINDOWS\
    System Directory: C:\WINDOWS\System32\

    --- Running Processes: 33

    (!) ---- IE start pages/Tabs reset

    +-----------------| Boonty/Boonty Games Elements Deleted :

    .
    .

    +-----------------| Eorezo Elements Deleted :

    .

    +-----------------| Infected Poker Softwares Elements Deleted :

    .

    +-----------------| It's TV Elements Deleted :

    .

    (!) ---- Temp files deleted.
    (!) ---- Recycle bin emptied in all drives.

    +-----------------| Added Scan :

    ---- Mozilla FireFox Version 3.0.7 ----

    ProfilePath: 9kxh818u.default (Administrateur)
    .
    Prefs.js: Browser.Search.DefaultEngineName: "Yahoo"
    Prefs.js: Browser.Search.SelectedEngine: "Yahoo"
    .
    .
    Invalidprefs.js: Browser.Search.DefaultEngineName: "Yahoo"
    Invalidprefs.js: Browser.Search.SelectedEngine: "Yahoo"
    .
    .
    .

    ---- Internet Explorer Version 6.0.2900.2180 ----

    +-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +-[HKEY_USERS\S-1-5-21-343818398-2000478354-839522115-500\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start page: hxxp://fr.msn.com/

    +-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: hxxp://ieframe.dll/tabswelcome.htm

    +---------------------------------------------------------------------------+

    2188 Byte(s) - C:\Ad-Report-Clean-24.03.2009.log
    3095 Byte(s) - C:\Ad-Report-Clean-25.03.2009.log
    4087 Byte(s) - C:\Ad-Report-Scan-24.03.2009.log

    4 File(s) - C:\Program Files\Ad-remover\TOOLS\BACKUP
    0 File(s) - C:\Program Files\Ad-remover\TOOLS\QUARANTINE

    End at: 0:31:01 | 25/03/2009
    .
    +-----------------| E.O.F - 69 Lines
    .

    SuperAntispyware :

    SUPERAntiSpyware Scan Log
    https://www.superantispyware.com/

    Generated 03/25/2009 at 01:32 AM

    Application Version : 4.25.1014

    Core Rules Database Version : 3812
    Trace Rules Database Version: 1766

    Scan type : Complete Scan
    Total Scan Time : 00:46:51

    Memory items scanned : 386
    Memory threats detected : 0
    Registry items scanned : 5713
    Registry threats detected : 14
    File items scanned : 24180
    File threats detected : 0

    Registry Cleaner Trial
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [ ]

    Trojan.Media-Codec
    HKCR\Media-Codec.Chl
    HKCR\Media-Codec.Chl\CLSID

    Trojan.ErrorSafe
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#DeviceDesc
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000#Capabilities
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSSDD\0000\LogConf
    0
  20. pimprenelle27 Messages postés 22182 Statut Contributeur sécurité 2 503
     
    pas mal, tu peux supprimer tout ce que SAS à trouvé ensuite me faire ceci :

    Télécharger RemoveIT Pro

    Fais un scan et poste moi le full rapport log.

    A la fin du 1er scan, s'il demande de faire un scan complet dite oui et à la fin du 2ème scan, si virus trouvé cliquez sur fix pour nettoyer des virus trouvés.
    0
  21. Sparrow06 Messages postés 101 Statut Membre 1
     
    J'ai lancé le scan RemoveIT, voici le rapport :

    RemoveIT Pro v4 - SE (Build date: 6.6.2008) full information log file.
    Generated at: 25/03/2009 on 11:27:51
    Microsoft Windows XP Professional Service Pack 2 (Build 2600)
    Author: Damjan Irgolic
    https://www.incodesolutions.com/
    support@incodesolutions.com

    Running processes: (25)
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CAPRPCSN.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe

    Startup files:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE
    [C:\WINDOWS\system32\ctfmon.exe]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
    ["C:\Program Files\Messenger\msmsgs.exe" /background]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\H/PC Connection Agent
    ["C:\Program Files\Microsoft ActiveSync\wcescomm.exe"]
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SUPERAntiSpyware
    [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
    ["C:\Program Files\QuickTime\qttask.exe" -atboottime]

    Detail report: (80)
    Clsid c:\program files\rdm+\notify.dll[d75a6d08308d5248b13fd202ac73f4e4][61440]
    Clsid c:\program files\superantispyware\saswinlo.dll[972edede23ac8d59aac0c09799c6f18a][356352]
    Clsid C:\WINDOWS\system32\ati2evxx.dll[fb1356fa822d188007b9de19e2e28605][86016]
    Clsid C:\WINDOWS\system32\crypt32.dll[62e4fb08c41982aca211b595b5ef4897][604672]
    Clsid C:\WINDOWS\system32\cryptnet.dll[025f99400e4b13912f6a952a3dc3a05c][63488]
    Clsid C:\WINDOWS\system32\cscdll.dll[c9e9472024ab0a5d3380753cd523b4c8][102912]
    Clsid C:\WINDOWS\system32\sclgntfy.dll[c4d404a4e5c0792fd1986beb212180c3][22016]
    Clsid C:\WINDOWS\system32\wgalogon.dll[dd8b6382e30fbb58d69610abceebd3eb][267304]
    Clsid C:\WINDOWS\system32\wlnotify.dll[63e971b0f93fa3f9b80ecb917f756188][94208]
    Clsid c:\windows\system32\wpdshserviceobj.dll[045e228f71c31901084b64be59093499][133632]
    Clsid C:\WINDOWS\system32\wrlogonntf.dll[c8e9d55b5ca06730085bc87725babdc5][492544]
    Proc C:\PROGRA~1\MICROS~3\rapimgr.exe[dcfc84480c76d862d9bfd386ea6e8de7][199464]
    Proc C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2acfc9242be81ae2356e14e5e05c02bb][106496]
    Proc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[a564a22308a3f55235ba2478ee82992d][28672]
    Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SE\removeit.exe[5f3e76c6be90c901c7a3058f05a5dc33][550912]
    Proc C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[55f24e6ec983fcc7510293b05a27ceec][110592]
    Proc C:\Program Files\Messenger\msmsgs.exe[74e6e96c6f0e2eca4edbb7f7a468f259][1694208]
    Proc C:\Program Files\Microsoft ActiveSync\wcescomm.exe[4c4cf9220e628d1378f9807ec5175488][1289000]
    Proc C:\Program Files\Mozilla Firefox\firefox.exe[762d1d11bb4e7c8d238d957e5ab60d0e][307704]
    Proc C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
    Proc C:\WINDOWS\Explorer.EXE[d0288319660edcfed07c7e74c4ea38a5][1037312]
    Proc C:\WINDOWS\System32\Ati2evxx.exe[4deaa162480367b232f3ee3a6d34084b][389120]
    Proc C:\WINDOWS\system32\CAPRPCSN.EXE[5c461076572f83a2c288bbf994c2142a][28160]
    Proc C:\WINDOWS\system32\ctfmon.exe[64e41e8fee655b03e3f19ded21ba5118][15360]
    Proc C:\WINDOWS\system32\lsass.exe[259af82a0932eea4f316f92db94707b6][13312]
    Proc C:\WINDOWS\system32\MsPMSPSv.exe[668056d5c3c11ab7d266819a96b964e8][53248]
    Proc C:\WINDOWS\system32\services.exe[63dcde1a0d86eeb8924d6738ff616ead][108544]
    Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
    Proc C:\WINDOWS\system32\svchost.exe[2979b03d5382a602623c0535b16ab9c0][14336]
    Proc C:\WINDOWS\system32\WgaTray.exe[eac5391e9f59a13dd102c02f53df5358][952360]
    Proc C:\WINDOWS\system32\wscntfy.exe[8558905ba81f6efaaf9667139bb117dd][13824]
    RegRun c:\program files\messenger\msmsgs.exe [74e6e96c6f0e2eca4edbb7f7a468f259][1694208]
    RegRun c:\program files\microsoft activesync\wcescomm.exe[4c4cf9220e628d1378f9807ec5175488][1289000]
    RegRun c:\program files\quicktime\qttask.exe [7fbe43046efdf24fc9375024e4d02ac9][282624]
    RegRun c:\program files\superantispyware\superantispyware.exe[11afbca9eac51cf988918bffe935e6ee][1830128]
    RegRun c:\windows\system32\ctfmon.exe[64e41e8fee655b03e3f19ded21ba5118][15360]
    Service c:\program files\fichiers communs\adobe systems shared\service\adobelmsvc.exe[03e85345ee24787454572350e8fb0b3e][72704]
    Service c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe[2acfc9242be81ae2356e14e5e05c02bb][106496]
    Service c:\program files\fichiers communs\symantec shared\sndsrvc.exe[443e397643965e08c5ab6a6caa732b97][206552]
    Service c:\program files\ipod\bin\ipodservice.exe[b960fa3b5a10588dc00bbecb662a9397][501048]
    Service c:\program files\ivt corporation\bluesoleil\btntservice.exe[55f24e6ec983fcc7510293b05a27ceec][110592]
    Service c:\program files\msn messenger\usnsvc.exe[c5b70a6aa947667ce0e5fc84a05ec8b6][97136]
    Service c:\program files\windows media player\wmpnetwk.exe[c9bea742ce225cc993c9465fddae4656][918016]
    Service c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe[4eabf511b1af176a971c3271e48fa3a8][33800]
    Service c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe[234b1bc2796483e1f5c3f26649fb3388][70144]
    Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\infocard.exe[e7cc3aeaed9893a88876744cd439f76c][864256]
    Service c:\windows\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe[f9102685f97f9ba85f4a70afcf722cfe][122880]
    Service c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe[993883524aa9cf1c90e1545411a9ac9c][36864]
    Service c:\windows\system32\alg.exe[b43cc0f07752d456038cd0268e4d84e9][44544]
    Service c:\windows\system32\ati2evxx.exe[4deaa162480367b232f3ee3a6d34084b][389120]
    Service c:\windows\system32\cisvc.exe[abfac5d58218c0a655dfcae2d8a535f3][5632]
    Service c:\windows\system32\clipsrv.exe[e42101918c50f754fc15367814fec11c][33280]
    Service c:\windows\system32\dllhost.exe [9b2ce161927038d4cabe0482a14fd052][5120]
    Service c:\windows\system32\dmadmin.exe [647d03a59615fee96d647d4426f1537e][225280]
    Service c:\windows\system32\hpzipm12.exe[fb03f341ff5380394bf2ee52f1979925][65795]
    Service c:\windows\system32\imapi.exe[17b7a4375868b8c38f2dfc98b3b420c6][150016]
    Service c:\windows\system32\locator.exe[dab8e0b2f07dc4d44f8f72bf3994630b][75264]
    Service c:\windows\system32\lsass.exe[259af82a0932eea4f316f92db94707b6][13312]
    Service c:\windows\system32\mnmsrvc.exe[5b219f99cf6d5be05a6c6e86c38cb7ce][32768]
    Service c:\windows\system32\msdtc.exe[11ca338b8765db8e2d1b459f2cfad147][6144]
    Service c:\windows\system32\msiexec.exe [f5f0146580e7023adb963879840777f8][78848]
    Service c:\windows\system32\mspmspsv.exe[668056d5c3c11ab7d266819a96b964e8][53248]
    Service c:\windows\system32\netdde.exe[d40598fd7b7dccbfb22d777e0dfb1cf0][114176]
    Service c:\windows\system32\rsvp.exe[414964844f4793acb868d057e8ed997e][132608]
    Service c:\windows\system32\scardsvr.exe[8866078139c403a28cb4cb460ca6dc90][100352]
    Service c:\windows\system32\services.exe[63dcde1a0d86eeb8924d6738ff616ead][108544]
    Service c:\windows\system32\sessmgr.exe[f35a23e5b6413f93ccca0d05d00183fb][142336]
    Service c:\windows\system32\smlogsvc.exe[0faad412d36e668260a6d5699875d534][93184]
    Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856]
    Service c:\windows\system32\svchost.exe [2979b03d5382a602623c0535b16ab9c0][14336]
    Service c:\windows\system32\tlntsvr.exe[d244322be1a7c8ad252ec5397ea6d296][75264]
    Service c:\windows\system32\ups.exe[394c9b28c1a97e1ae0421be88ddac102][18432]
    Service c:\windows\system32\vssvc.exe[ce38755ff8c161a66e45fc0c10cdee87][295424]
    Service c:\windows\system32\wbem\wmiapsrv.exe[93a3fc4cf42587a7ab54788f19b9259c][126464]
    Startup c:\documents and settings\administrateur\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
    Startup c:\documents and settings\all users\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84]
    Startup c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe[03163baf3a5dbf8742804093931d7d32][147456]
    Startup c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe[a564a22308a3f55235ba2478ee82992d][28672]
    Startup c:\windows\system32\spool\drivers\w32x86\2\cappswn.exe[23c2266a727e553cc176df549217f3fe][113664]
    System.ini c:\windows\system32\mspmspsv.exe[668056d5c3c11ab7d266819a96b964e8][53248]

    Startup folder: (5)
    Startup name: desktop.ini
    Command: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\desktop.ini
    Startup name: desktop.ini
    Command: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
    Startup name: Fenêtre d'état Canon LBP-800.LNK
    Command: C:\WINDOWS\system32\spool\drivers\w32x86\2\CAPPSWN.EXE
    Startup name: hp psc 1000 series.lnk
    Command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    Startup name: hpoddt01.exe.lnk
    Command: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

    Win.ini Startup: (1)
    Path: device2=us/hx73jysi7xsi5y8a9zr2+xss=

    Win.ini Startup: (1)
    Path: No additional driver found!

    Keyboard drivers: (1)
    Name: No Keyboard Filter driver found!

    Services: (97)
    Service Name: .NET Runtime Optimization Service v2.0.50727_X86 [Stopped],
    Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Service Name: Accès à distance au Registre [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k LocalService
    Service Name: Acquisition d'image Windows (WIA) [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k imgsvc
    Service Name: Adobe LM Service [Stopped],
    Path: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
    Service Name: Affichage des messages [Stopped],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Aide et support [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Appel de procédure distante (RPC) [Running],
    Path: C:\WINDOWS\system32\svchost -k rpcss
    Service Name: Apple Mobile Device [Running],
    Path: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    Service Name: Application système COM+ [Stopped],
    Path: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Service Name: ASP.NET State Service [Stopped],
    Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    Service Name: Assistance TCP/IP NetBIOS [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k LocalService
    Service Name: Ati HotKey Poller [Running],
    Path: C:\WINDOWS\System32\Ati2evxx.exe
    Service Name: Audio Windows [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Avertissement [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k LocalService
    Service Name: BlueSoleil Hid Service [Running],
    Path: C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    Service Name: Carte à puce [Stopped],
    Path: C:\WINDOWS\System32\SCardSvr.exe
    Service Name: Carte de performance WMI [Stopped],
    Path: C:\WINDOWS\System32\wbem\wmiapsrv.exe
    Service Name: Centre de sécurité [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Cliché instantané de volume [Stopped],
    Path: C:\WINDOWS\System32\vssvc.exe
    Service Name: Client de suivi de lien distribué [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Client DHCP [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Client DNS [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k NetworkService
    Service Name: Compatibilité avec le Changement rapide d'utilisateur [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Configuration automatique sans fil [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Connexion secondaire [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Connexions réseau [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: DDE réseau [Stopped],
    Path: C:\WINDOWS\system32\netdde.exe
    Service Name: Détection matériel noyau [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Distributed Transaction Coordinator [Stopped],
    Path: C:\WINDOWS\System32\msdtc.exe
    Service Name: DSDM DDE réseau [Stopped],
    Path: C:\WINDOWS\system32\netdde.exe
    Service Name: Emplacement protégé [Running],
    Path: C:\WINDOWS\system32\lsass.exe
    Service Name: Error Reporting Service [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Explorateur d'ordinateur [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Extensions du pilote WMI [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Fournisseur de la prise en charge de sécurité LM NT [Stopped],
    Path: C:\WINDOWS\System32\lsass.exe
    Service Name: Gestion d'applications [Stopped],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de comptes de sécurité [Running],
    Path: C:\WINDOWS\system32\lsass.exe
    Service Name: Gestionnaire de connexion automatique d'accès distant [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de connexions d'accès distant [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de disque logique [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Gestionnaire de l'Album [Stopped],
    Path: C:\WINDOWS\system32\clipsrv.exe
    Service Name: Gestionnaire de session d'aide sur le Bureau à distance [Stopped],
    Path: C:\WINDOWS\system32\sessmgr.exe
    Service Name: HID Input Service [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Horloge Windows [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Hôte de périphérique universel Plug-and-Play [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k LocalService
    Service Name: HTTP SSL [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    Service Name: Indexing Service [Stopped],
    Path: C:\WINDOWS\system32\cisvc.exe
    Service Name: Infrastructure de gestion Windows [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Journal des événements [Running],
    Path: C:\WINDOWS\system32\services.exe
    Service Name: Journaux et alertes de performance [Stopped],
    Path: C:\WINDOWS\system32\smlogsvc.exe
    Service Name: Lanceur de processus serveur DCOM [Running],
    Path: C:\WINDOWS\system32\svchost -k DcomLaunch
    Service Name: Localisateur d'appels de procédure distante (RPC) [Stopped],
    Path: C:\WINDOWS\System32\locator.exe
    Service Name: Mises à jour automatiques [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: MS Software Shadow Copy Provider [Stopped],
    Path: C:\WINDOWS\System32\dllhost.exe /Processid:{7F570BC6-8E72-4DFF-8DFB-7229C7A2576C}
    Service Name: Net.Tcp Port Sharing Service [Stopped],
    Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
    Service Name: NLA (Network Location Awareness) [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Notification d'événement système [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Ouverture de session réseau [Stopped],
    Path: C:\WINDOWS\system32\lsass.exe
    Service Name: Pare-feu Windows / Partage de connexion Internet [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Partage de Bureau à distance NetMeeting [Stopped],
    Path: C:\WINDOWS\System32\mnmsrvc.exe
    Service Name: Planificateur de tâches [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Plug-and-Play [Running],
    Path: C:\WINDOWS\system32\services.exe
    Service Name: Pml Driver HPZ12 [Stopped],
    Path: C:\WINDOWS\system32\HPZipm12.exe
    Service Name: QoS RSVP [Stopped],
    Path: C:\WINDOWS\System32\rsvp.exe
    Service Name: RDM+ Local Service [Stopped],
    Path: "C:\Program Files\RDM+\rdmpserv.exe"
    Service Name: Routage et accès distant [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Serveur [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Service COM de gravage de CD IMAPI [Stopped],
    Path: C:\WINDOWS\system32\imapi.exe
    Service Name: Service d'administration du Gestionnaire de disque logique [Stopped],
    Path: C:\WINDOWS\System32\dmadmin.exe /com
    Service Name: Service d'application d'assistance IPv6 [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Service d'approvisionnement réseau [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Service de découvertes SSDP [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k LocalService
    Service Name: Service de la passerelle de la couche Application [Running],
    Path: C:\WINDOWS\System32\alg.exe
    Service Name: Service de l'iPod [Stopped],
    Path: "C:\Program Files\iPod\bin\iPodService.exe"
    Service Name: Service de numéro de série du lecteur multimédia portable [Stopped],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Service de restauration système [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Service de transfert intelligent en arrière-plan [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Service Messenger Sharing Folders USN Journal Reader [Stopped],
    Path: "C:\Program Files\MSN Messenger\usnsvc.exe"
    Service Name: Service Partage réseau du Lecteur Windows Media [Stopped],
    Path: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    Service Name: Services de cryptographie [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Services IPSEC [Running],
    Path: C:\WINDOWS\system32\lsass.exe
    Service Name: Services Terminal Server [Running],
    Path: C:\WINDOWS\System32\svchost -k DComLaunch
    Service Name: Spouleur d'impression [Running],
    Path: C:\WINDOWS\system32\spoolsv.exe
    Service Name: Station de travail [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Stockage amovible [Stopped],
    Path: C:\WINDOWS\system32\svchost.exe -k netsvcs
    Service Name: Symantec Network Drivers Service [Stopped],
    Path: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
    Service Name: Système d'événements de COM+ [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Téléphonie [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Telnet [Stopped],
    Path: C:\WINDOWS\System32\tlntsvr.exe
    Service Name: Thèmes [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k netsvcs
    Service Name: Uninterruptible Power Supply [Stopped],
    Path: C:\WINDOWS\System32\ups.exe
    Service Name: WebClient [Running],
    Path: C:\WINDOWS\System32\svchost.exe -k LocalService
    Service Name: Windows CardSpace [Stopped],
    Path: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    Service Name: Windows Driver Foundation - User-mode Driver Framework [Running],
    Path: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    Service Name: Windows Installer [Stopped],
    Path: C:\WINDOWS\system32\msiexec.exe /V
    Service Name: Windows Presentation Foundation Font Cache 3.0.0.0 [Stopped],
    Path: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    Service Name: WMDM PMSP Service [Running],
    Path: C:\WINDOWS\system32\MsPMSPSv.exe
    Finished...
    0
  • 1
  • 2