View original (French)

How to uninstall restoro

golfeur68 Posted messages 121 Registration date   Status Member Last intervention   -  
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   -
Hello,
I am running Windows 7.
I am subscribed to the newsletter of Comment Ça Marche, and I read an ad for "Restoro" which I downloaded and installed.
The software scanned right from the first startup, so far no issues, but after checking the scan report, since it found A LOT of issues, I did not proceed with the cleaning and decided to uninstall it.
The uninstallation went smoothly, still no issues, I wanted to check that everything had been uninstalled, I searched for "Restoro" and some files were found at the address "C:\Program Files\Restoro," but I can't delete the file "RestoroApp.exe."
Every time the computer tells me it can't delete the file because it is in use.

If anyone has a solution to delete the "Restoro" folder, I would appreciate any help, thanks in advance.

15 answers

Answer 1 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
RE_

OK, we will remove Restoro

--> Copy what is here: https://textup.fr/619608Rt from start:: to end:: (without pasting it anywhere)

--> Open FRST (or FRST64) as an administrator and click on Fix
If FRST seems to freeze or become unresponsive, let it run

--> The PC will restart

--> A fixlog file is created in the same location as FRST, post it like the other reports

--> The fix will clean the firewall, programs you launch afterwards will ask for access on the first run

--> Let me know if you still have the problem.

--
Security contributor.
1
lastar46 Posted messages 21 Status Member
 

I am entering FRST (or FRS64) and I do not have administrator mode to "fix". I cannot delete this site. Please let me know the procedure to follow. Best regards.

0
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292 > lastar46 Posted messages 21 Status Member
 

Hello,

The fix corresponds to the PC we analyzed, it is not useful for everyone, so create your own topic and we will guide you => https://forums.commentcamarche.net/forum/virus-securite-7/new

0
Answer 2 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
Hello,

For your information => https://www.malekal.com/restoro-logiciel-nettoyage-inutile-eviter/

For the file, check in the task manager if it is running, and if so, end the task

--
Security contributor.
0
Answer 3 / 15
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
Thank you for your quick response, MisteryBean.
I checked the task manager but there's no trace of "restoro"

Do you have another solution? If so, please let me know.
0
Answer 4 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
RE_

To view

Be sure to read the entire procedure before posting reports
Do not post them directly in messages as they are unreadable and incomplete

The reports FRST.txt and Addition.txt are expected

All reports must be hosted on https://security-x.fr/up/ and you should include the links obtained in your response

---------------------------------------------------------------------------------------------

--> The SmartScreen filter may trigger an alert. Click on Actions or More Info and then on Run anyway

---------------------------------------------------------------------------------------------

--> Download the FRST version of Farbar, compatible with your system and save the file on your Desktop

--> For a 32-bit system
--> For a 64-bit system

How to find out which version 32-bit or 64-bit is running on my system?

--> Wait for your browser to prompt you to download and save, without clicking anywhere, especially not on the sponsors of the page.
--> Close all applications, including your browser
--> Double-click on FRST.exe and click Yes to accept the Disclaimer
--> Under Vista, Windows 7 / 8 and 10, you need to launch the file by right-clicking -> Run as administrator
--> Wait for it to indicate The tool is ready to run
--> In the main menu, click on Scan and wait for the analysis to complete
--> At the end of the scan, the reports FRST.txt and Addition.txt are created. Post these reports in your next response.
--> The reports are saved in the same location as the tool and under C:\FRST\Logs

--
Security contributor.
0
Answer 5 / 15
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
Good evening MisteryBean,
I tried using FRST, as you indicated, but every time I try to launch my antivirus, Avast reports a malware and prevents FRST from opening.

I searched in Regedit and it found the following keys:

HKEY_CLASSES_ROOT\Restoro.Engine
HKEY_CLASSES_ROOT\Restoro.Engine\CLSID
HKEY_CLASSES_ROOT\Restoro.Engine\CurVer

HKEY_CLASSES_ROOT\Restoro.Engine.1
HKEY_CLASSES_ROOT\Restoro.Engine.1\CLSID

And each time there is 1 subkey, I don't know enough to know if I can delete them without risk.

Sorry for my lack of computer knowledge lol
0
Answer 6 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
RE_

Avast is useless on Windows 10. Oh no, you're on 7 ;-)
Add FRST to the exclusion list and it should run
https://www.malekal.com/ajouter-exception-avast/

0
Answer 7 / 15
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
I managed to run FRST

Below are the 2 requested reports:

https://up.security-x.fr/file.php?h=R43fad09b07ac699e7334f838a06ca346

https://up.security-x.fr/file.php?h=R615d8d1f57132e7f2892a65e50d6d070

I hope you receive them well.

Thank you
0
Answer 8 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
RE_

Weird your PC? You tell me that Avast blocks FRST and it's Bitdefender that's installed???

Do this:

=> Press Windows + R
=> Type services.msc
=> Look for Windows Management Instrumentation in the list
=> Double-click on it, check if the startup type is set to automatic, if not, change it to auto
=> If it's stopped, try clicking Start
=> You should have this:

If it's OK, create a Restore point and let me know if it works

-----------
------------------------

In FRST, in the Search window, type or copy/paste SearchAll: Restoro, click on Search files
A search.txt file is created, post it

0
Answer 9 / 15
golfeur68
 
Hello MisteryBean,
in services.msc, I didn't find: Windows Management Infrastructure

I did the search "SearchAll: Restoro" in FRST and here is the address:
https://up.security-x.fr/file.php?h=R125e9d520492a8fe5aef1cd28af0c42e
0
Answer 10 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
RE_ 

in services.msc, not found: Windows Management Infrastructure


Did you arrange it in alphabetical order? I checked on the VM and it is there under Win7



--
Security Contributor.
0
Answer 11 / 15
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
I looked carefully in Services.msc and after Application Information I have a line InstallDriver Table Manager which is set to manual start, should I set it to Automatic?

I wanted to take a screenshot of my Services.msc, I saved it

I don't know if you will be able to use it.
0
Answer 12 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
Ah ok, everything is in English :-)

Double click on it and check if the service name is Winmgmt, if yes, do what is indicated HERE

If not, it should be Windows Management Framework

0
Answer 13 / 15
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
No, after double-clicking as you indicated, IDriverT appears and I couldn't find the line you mentioned Windows Management Framework
I took a broader snapshot, not everything is in English, I don't understand anything lol
0
Answer 14 / 15
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292
 
RE_

I don't know if it's Restoro, but it's not normal that you don't have this service.

Try creating a restore point and we'll launch the fix to see if it works or not; there shouldn't be any problems => https://www.pcastuces.com/pratique/astuces/3383.htm

--
Security contributor.
0
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
Hello,
I have done what you told me in your message from March 25, 2022 at 20:24 and you will find below the content of the fixlog.txt file:
Results of the Farbar Recovery Scan Tool (x86) Version: 25-03-2022
Executed by DOUME (26-03-2022 11:38:51) Run:2
Executed from C:\Users\DOUME\Desktop\FRST-OlderVersion
Profiles loaded: DOUME
Boot mode: Normal

==============================================

fixlist content:

closeprocesses:
createrestorepoint:
C:\Program Files\Restoro
deletekey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Restoro.Engine
deletekey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Restoro.Engine.1
deletekey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3}
deletekey: HKEY_USERS\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Restoro
deletevalue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication|Name
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{039EA4C0-E696-11D0-878A-00A0C91EC756}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{08B6441F-9CE9-4981-81BA-454688E92A2C}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{1FA9C6D3-F941-4C68-9334-356554B7C1D4}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{2E0F4572-50A5-474F-99B6-206856DDBE69}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{399D2D21-6B8E-4782-9683-0AC942D81C72}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{5B5514EF-4417-4240-A365-85EC41D8F157}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{66FBEF4B-2837-43E0-B43A-6F014FAACD26}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{681EE9BC-D825-4A1D-BA73-A4C1C173C2DB}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{7A3059A3-CE85-46F0-9154-83E4754245D3}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{7D078B91-B597-4AA3-9DFD-1FA01B735D80}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{8212F424-661B-4125-8223-5551F154F88B}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{8257D1D6-AC65-462B-9465-3F904518AF85}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{863169D3-3558-4830-80A5-7552CD6F01EA}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{875BD22F-15AE-49EC-B6C5-9BE1156C156E}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{94DCA66A-1A3B-4A05-AB83-0E575B5316EC}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{9B521C42-B616-46F3-B898-FB83424168C6}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{A0023EBF-371E-42F4-AC0E-F003A794E7BE}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{C457ECD6-B115-4523-A098-2638CADADF76}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{C8B522CF-5CF3-11CE-ADE5-00AA0044773D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{C8B522D1-5CF3-11CE-ADE5-00AA0044773D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CEF1249C-A1E5-4401-ADA4-0551192FFE4D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DA6AF380-0B45-4217-BE6A-0CD6714213BA}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DA94B8CF-CEDD-419E-90A1-F1FA9DB9D52A}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DEE35070-506B-11CF-B1AA-00AA00B8DE95}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{E3F3F9A9-AC44-47DB-9833-8B1369F5093D}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> no file path
CustomCLSID: HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF}\InprocServer32 -> no file path
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => D:\DOUME\NETTOYEUR\MALWARESBYTES\MALWAREBYTES 2.2.1.1043\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No file
Task: {0DBE2B8A-9B87-4CEF-9467-7F773299E17D} - System32\Tasks\{52026173-12C4-4484-A903-79987A90E1DD} => C:\Users\DOUME\AppData\Roaming\ZHP\ZHPDiag3.exe [2018-11-01] ()
Task: {4FC6F30F-3EEE-42AF-865F-111F5FE6FE45} - System32\Tasks\{0B298B54-F2F7-4169-925E-15B8923E6925} => D:\DOUME\NETTOYEUR\MALWARESBYTES\MALWAREBYTES 3.5.1.2522\Anti-Malware\mbam.exe
Task: {51440A09-216F-4CAA-AA98-FA71455D6E51} - System32\Tasks\{0B9DF970-E9BC-4A26-BE2E-B98A1959B480} => D:\DOUME\NETTOYEUR\MALWARESBYTES\MALWAREBYTES 3.6.1.2711\Anti-Malware\mbam.exe
Task: {879439E1-C845-45C3-A7F9-BB0AC938B11D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-10] (Adobe Systems Incorporated)
Task: {B7C3791D-BC19-44FE-A88B-B0645DA3C427} - System32\Tasks\{8149C32D-40AF-49C6-8885-11869AF3A188} => D:\DOUME\NETTOYEUR\MALWARESBYTES\MALWAREBYTES 3.6.1.2711\Anti-Malware\mbam.exe
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Classes\.bat: batfile => <==== WARNING
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Classes\.com: comfile => <==== WARNING
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Classes\.cmd: cmdfile => <==== WARNING
BootExecute: autocheck autochk * 睁寛c￾￿ሟ睆邴睆杞Ќ滢睅郶睆駳眮킔텐$
S3 eapihdrv; \??\C:\Users\DOUME\AppData\Local\Temp\ehdrv.sys [X] <==== WARNING
U3 iswSvc; no ImagePath
S3 RtlWlanu; system32\DRIVERS\rtwlanu.sys [X]
cmd: netsh advfirewall reset
emptytemp:


Processes closed successfully.
The Restore Point was created successfully.
C:\Program Files\Restoro => moved successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Restoro.Engine => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Restoro.Engine.1 => not found
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C661BE9A-11D8-47DD-A980-6494B09F3AF3} => not found
HKEY_USERS\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Restoro => not found
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\\Name" => not found
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{00021401-0000-0000-C000-000000000046} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{039EA4C0-E696-11D0-878A-00A0C91EC756} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{08B6441F-9CE9-4981-81BA-454688E92A2C} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{1FA9C6D3-F941-4C68-9334-356554B7C1D4} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{2933BF90-7B36-11D2-B20E-00C04F983E60} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{2E0F4572-50A5-474F-99B6-206856DDBE69} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{399D2D21-6B8E-4782-9683-0AC942D81C72} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{4657278A-411B-11D2-839A-00C04FD918D0} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{5B5514EF-4417-4240-A365-85EC41D8F157} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{66FBEF4B-2837-43E0-B43A-6F014FAACD26} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{681EE9BC-D825-4A1D-BA73-A4C1C173C2DB} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{6F13DD2E-EBEE-4DD5-A72E-850B2087F5DD} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{7A3059A3-CE85-46F0-9154-83E4754245D3} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{7D078B91-B597-4AA3-9DFD-1FA01B735D80} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{8212F424-661B-4125-8223-5551F154F88B} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{8257D1D6-AC65-462B-9465-3F904518AF85} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{863169D3-3558-4830-80A5-7552CD6F01EA} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{875BD22F-15AE-49EC-B6C5-9BE1156C156E} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{94DCA66A-1A3B-4A05-AB83-0E575B5316EC} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{9B521C42-B616-46F3-B898-FB83424168C6} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{A0023EBF-371E-42F4-AC0E-F003A794E7BE} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{A38B883C-1682-497E-97B0-0A3A9E801682} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{C457ECD6-B115-4523-A098-2638CADADF76} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{C8B522CF-5CF3-11CE-ADE5-00AA0044773D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{C8B522D1-5CF3-11CE-ADE5-00AA0044773D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CEF1249C-A1E5-4401-ADA4-0551192FFE4D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{CFC399AF-D876-11D0-9C10-00C04FC99C8E} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{D0A03AD0-F49C-4E01-9C1D-CA3B7B73B08E} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{D3C25535-8D07-4A8E-B24F-B917CCD78A0F} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DA6AF380-0B45-4217-BE6A-0CD6714213BA} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DA94B8CF-CEDD-419E-90A1-F1FA9DB9D52A} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DEE35070-506B-11CF-B1AA-00AA00B8DE95} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{E3F3F9A9-AC44-47DB-9833-8B1369F5093D} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848} => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000_Classes\CLSID\{FF4FF418-2C5B-455E-B4E6-B530FABF04AF} => deleted successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\MBAMShlExt => deleted successfully
HKLM\Software\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} => deleted successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\MSSE => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DBE2B8A-9B87-4CEF-9467-7F773299E17D}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DBE2B8A-9B87-4CEF-9467-7F773299E17D}" => deleted successfully
C:\Windows\System32\Tasks\{52026173-12C4-4484-A903-79987A90E1DD} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{52026173-12C4-4484-A903-79987A90E1DD}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4FC6F30F-3EEE-42AF-865F-111F5FE6FE45}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FC6F30F-3EEE-42AF-865F-111F5FE6FE45}" => deleted successfully
C:\Windows\System32\Tasks\{0B298B54-F2F7-4169-925E-15B8923E6925} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B298B54-F2F7-4169-925E-15B8923E6925}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51440A09-216F-4CAA-AA98-FA71455D6E51}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51440A09-216F-4CAA-AA98-FA71455D6E51}" => deleted successfully
C:\Windows\System32\Tasks\{0B9DF970-E9BC-4A26-BE2E-B98A1959B480} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0B9DF970-E9BC-4A26-BE2E-B98A1959B480}" => deleted successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{879439E1-C845-45C3-A7F9-BB0AC938B11D} => not found
"C:\Windows\System32\Tasks\Adobe Flash Player Updater" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7C3791D-BC19-44FE-A88B-B0645DA3C427}" => deleted successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7C3791D-BC19-44FE-A88B-B0645DA3C427}" => deleted successfully
C:\Windows\System32\Tasks\{8149C32D-40AF-49C6-8885-11869AF3A188} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8149C32D-40AF-49C6-8885-11869AF3A188}" => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Classes\.bat => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Classes\.com => deleted successfully
HKU\S-1-5-21-1192476041-2989288956-1539854702-1000\Software\Classes\.cmd => deleted successfully
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => value restored successfully
eapihdrv => service not found.
HKLM\System\CurrentControlSet\Services\iswSvc => deleted successfully
iswSvc => service deleted successfully
HKLM\System\CurrentControlSet\Services\RtlWlanu => deleted successfully
RtlWlanu => service deleted successfully

========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5269933 B
Java, Flash, Steam htmlcache => 470 B
Windows/system/drivers => 10486 B
Edge => 0 B
Chrome => 26046033 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33125 B
LocalService => 99353 B
NetworkService => 171981 B
DOUME => 4209430 B

RecycleBin => 0 B
EmptyTemp: => 34.2 MB of temporary data deleted.

================================


The system had to restart.

End of Fixlog 11:40:05

Apparently RESTORO has been completely removed, as after searching the only 2 files found:

C:\FRST\Quarantine\C\Program Files
RestoroApp.exe

What should I do with them?

Thanks for your help,

Have a good day,
0
MisteryBean Posted messages 8948 Registration date   Status Moderator Last intervention   1 292 > golfeur68 Posted messages 121 Registration date   Status Member Last intervention  
 
RE_ 

I did what you told me in your message of March 25, 2022, at 8:24 PM, and you will find below the content of the file fixlog.txt:


Too bad, you didn't read to the end :-\ 
--> A fixlog file is created in the same location as FRST, post it like the other reports


--------------
------------------------------- 

Apparently, RESTORO has been completely erased, deleted because after searching, the only two files found are:
C:\FRST\Quarantine\C\Program Files
RestoroApp.exe

What should I do with them?


Nothing, they are in FRST's quarantine. To finish, if it's okay, do this:

To automatically delete all files/folders created by FRST and the tool itself, rename FRST/FRST64.exe to uninstall.exe and execute it.

The procedure requires a restart.

--------------
-------------------------------

PS: You can still upgrade your Win7 to Win10 for free and/or buy a Win10 license for 1 euro.
If you want to migrate, create a new topic in the Windows 7 section
0
Answer 15 / 15
golfeur68 Posted messages 121 Registration date   Status Member Last intervention   4
 
Hello MisteryBean,
The fact that in Services.msc the line you mentioned Windows Management Infrastructure does not appear cannot be due to the version of W7 that I am using since it is W7 Pro.

As for the restore point, I create them regularly, especially since the m.... with RESTORO, but thanks anyway for reminding me lol.
0