lache moi trojan...pls..stp.. allez......Gné.

Question

Bonjour,bonjour les helpeurs, tout d'abord je remercie les gens qui font vivre ce forum ca aide beaucoup, grâce à plusieurs posts j'ai commencé à cleaner notre ordi familial qui en a bien besoin. J'ai pensé a une totale réinstallation mais finalement je m'amuse pas mal à essayer de résoudre mon problème^^.


   Mon souci principal, j'ai un (au bas mot hein) cheval de troie qui prend la place de l'admin. Il pop des pages internet (reglé) et il empêche la suppression des fichiers systems infectés. De plus le mode sans échec ne marche plus. le trojan "downloader.agent.nvf" semble être dans le fichier ftpdll.dll, si je le supprime en manuel ca revient, idem avec AVG Antispy. J'ai eu une fois l'accés au mode sans échec, j'en ai profité pour supprim des fichiers infectés.exe en manuel mais ca n'a pas suffit. 

  J'ai suivi la procédure: ccleaner 4 fois, ensuite avg antispy (sans faire le rapport, la je le refais pour l'avoir et le poster), ensuite j'ai utilisé Bit defender en scan (je mets le rapport en dessous apparemment il a trouvé pas mal de choses), et enfin un scan Hijack This. La aussi, pas mal de choses on dirait mais j'attends vos conseils éclairés pour savoir quoi fixer.. 

  Autre chose, Si je lance AVG Antispy en mode sans echec à t'il plus de chances de supprimer les infections ? (et dans ce cas comment arriver à relancer le mode sans echec?)
  Je posts dès que terminé le rapport AVG Antispy.

  Voila merci a ceux qui voudront bien se pencher sur mon little problème, ci dessous les rapports bit defender et hijachijack this.

  
  
  Rapport bit defender :
C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
 Infecté par: Trojan.Downloader.Small.AAKR
 
C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
 Echec de la désinfection
 
C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
 Echec de la suppression
 
C:\WINDOWS\SYSTEM32\ftpdll.dll
 Infecté par: Trojan.KillAV.NV
 
C:\WINDOWS\SYSTEM32\ftpdll.dll
 Supprimé
 
C:\WINDOWS\SYSTEM32\Hjd94fg.dll
 Infecté par: DeepScan:Generic.Malware.dld!Z.8D423BD7
 
C:\WINDOWS\SYSTEM32\Hjd94fg.dll
 Echec de la désinfection
 
C:\WINDOWS\SYSTEM32\Hjd94fg.dll
 Echec de la suppression
 
C:\WINDOWS\SYSTEM32\Kf93jfg.dll
 Suspecté de: Generic.Malware.dld!.741A7B8C
 
C:\WINDOWS\SYSTEM32\Kf93jfg.dll
 Echec de la désinfection
 
C:\WINDOWS\SYSTEM32\Kf93jfg.dll
 Echec de la suppression
 
C:\WINDOWS\SYSTEM32\atgnil.dll
 Infecté par: Win32.Worm.Locksky.CD
 
C:\WINDOWS\SYSTEM32\atgnil.dll
 Echec de la désinfection
 
C:\WINDOWS\SYSTEM32\atgnil.dll
 Echec de la suppression
 
C:\WINDOWS\SYSTEM32\elgnehgr.sys
 Infecté par: Win32.Worm.Locksky.CD
 
C:\WINDOWS\SYSTEM32\elgnehgr.sys
 Echec de la désinfection
 
C:\WINDOWS\SYSTEM32\elgnehgr.sys
 Supprimé
 
C:\WINDOWS\TEMP\csrssc.exe
 Infecté par: Generic.Dld.AKI.60710443
 
C:\WINDOWS\TEMP\csrssc.exe
 Echec de la désinfection
 
C:\WINDOWS\TEMP\csrssc.exe
 Supprimé
 
C:\WINDOWS\Installer\{f81bf63e-c760-4936-8ef5-46723271abf0}\CDRam.dll
 Infecté par: Trojan.Agent.AHFF
 
C:\WINDOWS\Installer\{f81bf63e-c760-4936-8ef5-46723271abf0}\CDRam.dll
 Supprimé
 
C:\WINDOWS\Installer\{26b99c32-bc70-4173-aee7-c08394546942}\VolumeDrv.dll
 Infecté par: Trojan.Agent.AHFF
 
C:\WINDOWS\Installer\{26b99c32-bc70-4173-aee7-c08394546942}\VolumeDrv.dll
 Supprimé
 
C:\WINDOWS\certproc32.exe
 Infecté par: Trojan.Agent.Delf.GY
 
C:\WINDOWS\certproc32.exe
 Echec de la désinfection
 
C:\WINDOWS\certproc32.exe
 Supprimé
 
  
 Rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23, on 2008-03-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\pentax\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\DOCUME~1\mic\LOCALS~1\Temp\csrssc.exe
C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\System32\dumprep.exe
C:\Program Files\Antispy\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\wscript.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: C:\WINDOWS\System32\Hjd94fg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\System32\Hjd94fg.dll
O2 - BHO: C:\WINDOWS\System32\Kf93jfg.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\System32\Kf93jfg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Multi-PC] mpc.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\pentax\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [WinMed] winmed.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\mic\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\bqtcbahk.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin4.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O21 - SSODL: JoNSYUBacLHu - {1B3C17E9-B196-BD43-4301-6F2257340EC6} - (no file)
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\System32\Hjd94fg.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\System32\Kf93jfg.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

ep44 · Answer

Bonjour omtaolys,

en effet très infectés 
on va essayer de régler ça ;-)

pour commencer Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.


C:\WINDOWS\shell.exe 

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression. 

Ensuite 


Télécharge sur le bureau [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix.zip[/url]
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport


Ensuite 

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic sur Fix Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite 
Télécharge VirtumundoBeGone  sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici
+ un nouveau rapport hijack stp
@+

ensuite

ep44 · Answer

ok pour smitfraudfix 
* Redémarre l'ordinateur en mode sans échec
(tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/


* Double clique sur smitfraudfix.cmd


* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.


A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.


A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

* Redémarre en mode normal et poste le rapport ici

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !


j'attends aussi le reste des rapports 
@+

omtaolys · Answer

DSL, le message c'est collé qu'a moitié je le renvoie..  J'arrive toujours pas a ouvrir le mode sans echec.. une astuce pour le faire ? Le lien symantec est invalide la je me ballade sur le site..  


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37, on 2008-03-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\drivers\spools.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32undll32.exe
C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32
vsvc32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\pentax\DEVDET~1\DEVDET~1.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\mic\LOCALS~1\Temp\csrssc.exe
C:\Program Files\Antispy\hijackthis\HijackThis.exe
C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\Speech\Dragon\web_ie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: C:\WINDOWS\System32\Hjd94fg.dll - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\System32\Hjd94fg.dll
O2 - BHO: C:\WINDOWS\System32\Kf93jfg.dll - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\System32\Kf93jfg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Multi-PC] mpc.exe
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\pentax\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [WinMed] winmed.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\mic\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\bqtcbahk.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin4.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O21 - SSODL: JoNSYUBacLHu - {1B3C17E9-B196-BD43-4301-6F2257340EC6} - (no file)
O22 - SharedTaskScheduler: Hkjr94jdfdgj - {B5AC49A2-94F2-42BD-F434-2604812C897D} - C:\WINDOWS\System32\Hjd94fg.dll
O22 - SharedTaskScheduler: Hjkfj93dffd - {B5AF0562-94F3-42BD-F434-2604812C797D} - C:\WINDOWS\System32\Kf93jfg.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PsExec (PSEXESVC) - Sysinternals - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe

ep44 · Answer

essaye ceci
Télécharge ELIBAGLA (de MSC HotlineSat)
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

Clique sur le bouton Descargar Elibagla 10.60
( tout en bas de la page au dessus de Tamaño Descargados Licencia Web 44,51 Kb.)
Pour télécharger le fichier sur le bureau.
Double-clique sur EliBaglA.exe.
Dans le cartouche Unidad, tu dois voir C:\

L'option en bas de la fenêtre "Eliminar Ficheros Automaticamente" doit être cochée.
Clique sur le bouton "Explorar" pour lancer l'analyse.

https://i18.servimg.com/u/f18/11/05/93/83/elibag10.jpg

poste le rapport de elibagla qui est dans c:\infosat.txt 

Puis tu postes un rapport Hijackthis et des nouvelles de ton pc après le scan Elibagla
@+

ep44 · Answer

il faut passer à l'option 2 de smitfraudfix !!!
et poster le rapport

ep44 · Answer

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

omtaolys · Answer

Bonsoir ! Je reprends aprés quelques heures de répis ^^ je ne sais pas si ca compte mais j'ai lancé combofix a partir du mode sans echec et de la session administrateur.. voici le rapport: ComboFix 08-03-03.15 - Administrateur 2008-03-09 22:57:27.4 - [color=red][b]FAT32[/b][/color]x86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.390 [GMT 1:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.\documents\settings\partnership.dll C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe . ---- Previous Run ------- . C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\autorun.exe C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons\games2.ico C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons\Registryrepair.ico C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons\wallpapere1.ico C:\Documents and Settings\Alexandra\Application Data\winantispyware2006freeinstall_fr[1].exe C:\Documents and Settings\Alexandra\Local Settings\Application Data\cftmon.exe C:\Documents and Settings\Alexandra\Menu Démarrer\Programmes\Démarrage\findfast.exe C:\Documents and Settings\All Users.\documents\settings C:\Documents and Settings\All Users.\documents\settings\config.ini C:\Documents and Settings\LocalService\Application Data\printer.exe C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe C:\Documents and Settings\mic\Menu Démarrer\Programmes\Démarrage\findfast.exe C:\Program Files\MyWay C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL C:\Program Files\MyWay\myBar\History\search C:\Program Files\MyWay\myBar\Settings\prevcfg.htm C:\Program Files\MyWay\myBar\Settings\settings.dat C:\Program Files\MyWay\myBar\Settings\settings.dat.bak C:\Program Files\MyWay\myBar\Settings\settings.htm C:\Program Files\MyWay\myBar\Settings\settings.htm.bak C:\Program Files\winantispyware 2006 scanner C:\Program Files\winantispyware 2006 scanner\database\AutoProcess.dat C:\Program Files\winantispyware 2006 scanner\database\monstate.dat C:\Program Files\winantispyware 2006 scanner\database\quaratine.dat C:\Program Files\winantispyware 2006 scanner\database\RTMonitor.dat C:\Program Files\winantispyware 2006 scanner\database\Summary.dat C:\Program Files\winantispyware 2006 scanner\database asks.dat C:\Program Files\winantispyware 2006 scanner\database hreatnet.dat C:\Program Files\winantispyware 2006 scanner\scanlog.xml C:\WINDOWS\NDNuninstall4_85.exe C:\WINDOWS\NDNuninstall6_30.exe C:\WINDOWS\shell.exe C:\WINDOWS\start.exe C:\WINDOWS\system32\dllgh8jkd1q1.exe C:\WINDOWS\system32\dllgh8jkd1q2.exe C:\WINDOWS\system32\dllgh8jkd1q5.exe C:\WINDOWS\system32\dllgh8jkd1q6.exe C:\WINDOWS\system32\dllgh8jkd1q7.exe C:\WINDOWS\system32\dllgh8jkd1q8.exe C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\printer.exe C:\WINDOWS\system32 egscan.exe C:\WINDOWS\system32\spoolvs.exe C:\WINDOWS\system32\vx.tll C:\WINDOWS\system32\winsys.exe C:\WINDOWS\Wanadoo.exe C:\WINDOWS\Web\default.htt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ICF -------\ICF ------- m -------\LEGACY_ICF -------\ICF ------- m -------\LEGACY_ICF -------\ICF ------- m -------\LEGACY_ICF -------\ICF ------- m ((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))))))) . 2008-03-09 22:54 . 2008-03-09 22:54 d---s---- C:\Documents and Settings\Administrateur\UserData 2008-03-09 19:28 . 2008-03-09 22:39 5,120 --a------ C:\WINDOWS\SYSTEM32\ftpdll.dll 2008-03-09 18:22 . 2008-03-09 22:39 5,120 --a------ C:\Documents and Settings\LocalService\ftpdll.dll 2008-03-09 17:35 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr 2008-03-09 17:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys 2008-03-09 17:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys 2008-03-09 17:35 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys 2008-03-09 17:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys 2008-03-09 17:35 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys 2008-03-09 17:34 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe 2008-03-09 17:34 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx 2008-03-09 16:06 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe 2008-03-09 16:06 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe 2008-03-09 16:06 . 2008-03-09 01:15 86,528 --a------ C:\WINDOWS\SYSTEM32\VACFix.exe 2008-03-09 16:06 . 2008-03-05 22:29 82,432 --a------ C:\WINDOWS\SYSTEM32\IEDFix.exe 2008-03-09 16:06 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe 2008-03-09 16:06 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe 2008-03-09 16:06 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe 2008-03-09 15:51 . 2008-03-09 15:51 d-------- C:\Program Files\Navilog1 2008-03-09 13:34 . 2008-03-09 13:34 d-------- C:\VundoFix Backups 2008-03-09 13:14 . 2008-03-09 13:14 d-------- C:\_OTMoveIt 2008-03-09 11:36 . 2008-03-09 11:36 d--hs---- C:\FOUND.000 2008-03-09 11:09 . 2008-03-09 11:09 d-------- C:\Rapports 2008-03-09 10:39 . 2008-03-09 10:39 d-------- C:\WINDOWS\BDOSCAN8 2008-03-08 23:52 . 2008-03-08 23:52 d-------- C:\Documents and Settings\mic\Application Data\Grisoft 2008-03-08 23:52 . 2008-03-08 23:52 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-03-08 23:52 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys 2008-03-08 17:18 . 2008-03-09 18:53 3,480 --a------ C:\WINDOWS\SYSTEM32 mp.reg 2008-03-08 17:14 . 2008-03-08 17:14 d-------- C:\Program Files\Antispy 2008-03-08 16:14 . 2004-01-08 18:22 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-03-08 16:14 . 2004-01-08 18:22 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-08 16:14 . 2004-01-08 18:22 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-03-08 16:14 . 2004-01-08 18:22 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-03-08 16:14 . 2004-01-08 18:22 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-03-08 16:14 . 2004-01-08 18:22 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-03-08 16:14 . 2004-01-08 18:22 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-03-08 15:29 . 2008-03-08 15:30 d-------- C:\WINDOWS eport 2008-03-08 15:29 . 2008-03-08 15:29 d-------- C:\WINDOWS\AU_Backup 2008-03-08 15:29 . 2008-03-08 15:29 35,479,541 --a------ C:\WINDOWS\LPT$VPN.145 2008-03-08 15:29 . 2008-03-08 15:29 1,926,288 --a------ C:\WINDOWS sc.ptn 2008-03-08 15:29 . 2008-03-08 15:29 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-03-08 15:29 . 2008-03-08 15:29 267,845 --a------ C:\WINDOWS sc.exe 2008-03-08 15:29 . 2008-03-08 15:29 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-03-08 15:29 . 2008-03-08 15:29 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-03-08 15:29 . 2008-03-08 15:57 823 --a------ C:\WINDOWS sc.ini 2008-03-08 15:28 . 2008-03-08 15:29 35,479,541 --a------ C:\WINDOWS\VPTNFILE.145 2008-03-08 15:27 . 2008-03-08 15:27 d-------- C:\WINDOWS\AU_Temp 2008-03-08 15:27 . 2008-03-08 15:27 d-------- C:\WINDOWS\AU_Log 2008-03-08 15:27 . 2008-03-08 15:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-03-08 15:27 . 2008-03-08 15:27 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-03-08 15:27 . 2008-03-08 15:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-03-08 15:27 . 2008-03-08 15:27 170 --a------ C:\WINDOWS\GetServer.ini 2008-03-08 14:55 . 2008-03-08 14:55 d--hs---- C:\FOUND.027 2008-03-08 13:13 . 2008-03-08 13:13 d--hs---- C:\FOUND.026 2008-03-08 13:06 . 2008-03-08 13:06 dr------- C:\Documents and Settings\LocalService\Favoris 2008-03-08 13:06 . 19,584 C:\WINDOWS\SYSTEM32\DRIVERS\oeredwfw.dat 2008-03-08 13:06 . 2008-03-08 13:06 29 --a------ C:\WINDOWS\SYSTEM32\upotdreg.tmp 2008-03-08 13:05 . 2008-03-09 23:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-08 13:05 . 2008-03-08 13:05 43,830 ---hs---- C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe 2008-03-08 13:05 . 2008-03-09 22:32 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-08 13:04 . 2008-03-08 13:04 10,000 --a------ C:\WINDOWS\SYSTEM32\Kf93jfg.dll 2008-03-08 13:03 . 2008-03-08 15:19 24 --a------ C:\WINDOWS\SYSTEM32\svchost.t__ 2008-03-04 11:34 . 2004-07-09 04:27 1,703,936 --a------ C:\WINDOWS\SYSTEM32\9bb33aa.dll 2008-03-04 11:34 . 2004-07-09 04:27 1,703,936 --a------ C:\WINDOWS\SYSTEM32\11374800.dll 2008-03-04 11:34 . 2001-10-02 19:19 75,264 --a------ C:\WINDOWS\SYSTEM32\af0f690.dll 2008-03-04 11:34 . 2001-10-02 19:19 75,264 --a------ C:\WINDOWS\SYSTEM32\849d3ff.dll 2008-03-04 00:31 . 2001-10-02 19:19 75,264 --a------ C:\WINDOWS\SYSTEM32\d415ea8.dll 2008-03-04 00:15 . 2001-10-02 19:19 75,264 --a------ C:\WINDOWS\SYSTEM32\203d33b5.dll 2008-03-04 00:06 . 2004-07-09 04:27 1,703,936 --a------ C:\WINDOWS\SYSTEM32\66a18.dll 2008-03-04 00:06 . 2004-07-09 04:27 1,703,936 --a------ C:\WINDOWS\SYSTEM32\217f6a20.dll 2008-03-04 00:06 . 2001-10-02 19:19 75,264 --a------ C:\WINDOWS\SYSTEM32\96e6600.dll 2008-03-04 00:06 . 2001-10-02 19:19 75,264 --a------ C:\WINDOWS\SYSTEM32\12c78b0e.dll 2008-03-03 23:53 . 2008-03-03 23:53 131,153 --a------ C:\Documents and Settings\mic\v3pro32s.dll 2008-03-03 23:52 . 2008-03-03 23:53 8,036,352 --a------ C:\Documents and Settings\mic\SFrame.exe 2008-03-03 23:52 . 2008-03-03 23:52 20,480 --a------ C:\Documents and Settings\mic\psapi.dll 2008-03-03 23:50 . 2008-03-03 23:50 d-------- C:\Documents and Settings\mic\Resource 2008-03-03 23:50 . 2008-03-03 23:50 d-------- C:\Documents and Settings\mic\HackShield 2008-03-03 23:50 . 2008-03-03 23:50 2,265,088 --a------ C:\Documents and Settings\mic\EhSvc.dll 2008-03-03 23:50 . 2008-03-03 23:50 178,273 --a------ C:\Documents and Settings\mic\EGRNAP.dll 2008-03-03 23:50 . 2008-03-03 23:50 95,232 --a------ C:\Documents and Settings\mic\EGRNAPX2.dll 2008-03-03 23:49 . 2008-03-03 23:49 573,440 --a------ C:\Documents and Settings\mic\Launcher.exe 2008-03-03 23:47 . 2008-03-03 23:47 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield 2008-03-03 23:20 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\SYSTEM32\ISUSPM.cpl 2008-03-03 21:04 . 2008-03-03 21:04 d-------- C:\Program Files\Rappelz fr 2008-03-02 21:11 . 2008-03-02 21:11 d-------- C:\Documents and Settings\Alexandra\Application Data\erreurchasseur 2008-03-02 21:06 . 2008-03-02 21:06 d-------- C:\Program Files\Fichiers communs\ErreurChasseur 2008-03-02 21:06 . 2008-03-02 21:06 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon 2008-03-02 21:06 . 2008-03-02 21:06 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\erreurchasseur 2008-03-02 20:52 . 2008-03-02 20:52 260,632 --a------ C:\Documents and Settings\Alexandra\Application Data\setup_fr[1].exe 2008-02-16 11:30 . 2008-03-09 10:35 219 --a------ C:\WINDOWS\gtiplus.ini 2008-02-15 10:39 . 2008-02-15 10:39 d--hs---- C:\FOUND.025 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-09 09:34 231,424 ----a-w C:\WINDOWS\mapisrv32.dll 2008-03-09 09:34 10,240 ----a-w C:\WINDOWS\jtcres32.dll 2007-07-20 00:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab 2007-07-20 00:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab 2007-07-20 00:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab 2007-07-20 00:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab 2007-07-20 00:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab 2007-07-20 00:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab 2007-07-20 00:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab 2007-05-13 17:57 12,500,992 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_13_15_04_04_full.dmp.zip 2007-04-05 22:02 20,942,920 ----a-w C:\Program Files\SkypeSetup.exe 2006-12-24 15:15 16,421,897 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_22_09_41_31_full.dmp.zip 2006-10-06 18:44 1,953,480 ----a-w C:\Program Files\PPVIEWER.EXE 2006-04-15 08:33 2,216 ----a-w C:\Documents and Settings\mic\Application Data\ViewerApp.dat 2006-04-09 14:30 5,862,994 ----a-w C:\Program Files s2_client_rc2_2032.exe 2004-01-08 15:39 266 --sh--w C:\Program Files\desktop.ini 2004-01-08 15:39 11,208 ---h--w C:\Program Files\folder.htt 2004-09-07 11:57 10,022 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys 1999-01-01 00:01 40,960 --sh--r C:\WINDOWS\SYSTEM32\krnj32drv.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay] @={7D688A77-C613-11D0-999B-00C04FD655E1} [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}] 2002-08-29 10:45 8393216 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 10:45 13312] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06 196608] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 08:33 8720384] "Jnskdfmf9eldfd"="C:\DOCUME~1\mic\LOCALS~1\Temp\csrssc.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemTray"="SysTray.Exe" [2001-10-02 19:19 3072 C:\WINDOWS\SYSTEM32\systray.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 12:32 5033984] "nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\SYSTEM32 wiz.exe] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01 155648] "AdslTaskBar"="stmctrl.dll" [2003-06-06 09:32 151552 C:\WINDOWS\SYSTEM32\stmctrl.dll] "Multi-PC"="mpc.exe" [] "NVCLOCK"="nvclock.dll" [2003-04-14 02:59 81920 C:\WINDOWS\SYSTEM32 vclock.dll] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-09-24 12:32 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-04 10:59 98304] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088] "Camera Detector"="C:\PROGRA~1\pentax\DEVDET~1\DEVDET~1.exe" [2003-06-23 09:48 208896] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 19:01 32768] "WinMed"="winmed.exe" [] "!AVG Anti-Spyware"="C:\Program Files\Antispy\ewido\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "avast!"="C:\PROGRA~1\Antispy\Avast\ashDisp.exe" [2007-12-04 14:00 79224] "combofix"="C:\WINDOWS\system32\CF10490.exe" [2001-10-02 19:17 388096] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45 13312] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 08:33 8720384] "Jnskdfmf9eldfd"="C:\WINDOWS\TEMP\csrssc.exe" [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "disableregistrytools"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoControlPanel"= 1 (0x1) "NoFolderOptions"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoControlPanel"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E60A0B68-353A-81DD-ED09-2A8101A6DFBA}"= C:\WINDOWS\System32\krnj32drv.dll [1999-01-01 01:01 40960] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32 vcpl.dll,NvStartup "nwiz"=nwiz.exe /install "SAIMON"=C:\WINDOWS\SYSTEM32\SaiMon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\winav.exe"= R0 miypweeo;miypweeo;C:\WINDOWS\System32\drivers\oeredwfw.dat [] R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-30 07:08] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-10-02 19:19] R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\System32\DRIVERS\V0220Dev.sys [2006-06-29 07:58] R3 V0220Vfx;V0220VFX;C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00] R3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 10:37] S3 dump_wmimmc;dump_wmimmc;C:\Documents and Settings\mic\Mes documents\My Games\CABAL online\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [] S3 jswmidin;jswmidin;C:\DOCUME~1\mic\LOCALS~1\Temp\jswmidin.sys [] S3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\System32\DRIVERS t2571.sys [2004-05-07 13:47] S3 SaiNtHid;%SAINTHID_NAME%;C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys [2003-04-10 11:42] S3 SaiNtSub;SaiNtSub;C:\WINDOWS\System32\DRIVERS\SaiNtSub.sys [2003-04-10 11:42] S4 1Google Online Search Service;1Google Online Search Service;C:\WINDOWS\System32\winlugan.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Audio Studio V2.8] C:\WINDOWS\flsmontr.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IntelliMouse Explorer V2.3] C:\WINDOWS etpefr32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Visual Enhance V2.1] C:\WINDOWS\iuntfs32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BCB50B8D-EC40-A22E-CBD0-F08F3B207000}] C:\WINDOWS\Wanadoo.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-09 23:03:18 Windows 5.1.2600 Service Pack 1 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2800.1106] -> C:\WINDOWS\System32\krnj32drv.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Antispy\Avast\aswUpdSv.exe C:\Program Files\Antispy\Avast\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32 vsvc32.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\Program Files\Antispy\Avast\ashWebSv.exe C:\Program Files\Antispy\Avast\ashMaiSv.exe C:\WINDOWS\System32 undll32.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Logitech\Video\FxSvr2.exe . ************************************************************************** . Temps d'accomplissement: 2008-03-09 23:06:03 - machine was rebooted [mic] ComboFix-quarantined-files.txt 2008-03-09 22:05:56

ep44 · Answer

j'analyse ce rapport 
pour le moment fait ce qui suit 

Télécharge Brute Force Uninstaller (de Merijn) ici: http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)
Ensuite, télécharge Winsoftware.bfu (de lazzzy) :
Fais un clik droit ici : : http://www.alt-shift-return.org/Info/Fichiers/Winsoftware.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger Winsoftware.bfu (delazzzy).
Sauvegarde dans le dossier créé (C:\BFU).
**Note : si tu utilises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : Winsoftware.bfu et BFU.exe (très important).

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Tu as une démo animée ici (merci balltrap34):
http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
- Clique sur le petit dossier jaune, et clique sur : Winsoftware.bfu
- Coches la case Show log after scrïpt ends
- Clique sur Execute pour que le fix fasse son boulot :-) Attends que le message Complete scrïpt execution apparaîsse et clique sur OK.
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
Clique Exit pour fermer le programme BFU.

ep44 · Answer

selectionne ceci

registry::

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E60A0B68-353A-81DD-ED09-2A8101A6DFBA}"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
"Jnskdfmf9eldfd"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"Jnskdfmf9eldfd"=-



File::

C:\WINDOWS\mapisrv32.dll 
C:\WINDOWS\jtcres32.dll 
C:\WINDOWS\SYSTEM32\krnj32drv.dll
C:\WINDOWS\SYSTEM32\Kf93jfg.dll
C:\WINDOWS\SYSTEM32\svchost.t__
C:\WINDOWS\SYSTEM32\9bb33aa.dll
C:\WINDOWS\SYSTEM32\11374800.dll
C:\WINDOWS\SYSTEM32\af0f690.dll
C:\WINDOWS\SYSTEM32\849d3ff.dll
C:\WINDOWS\SYSTEM32\d415ea8.dll
C:\WINDOWS\SYSTEM32\203d33b5.dll
C:\WINDOWS\SYSTEM32\66a18.dll
C:\WINDOWS\SYSTEM32\217f6a20.dll
C:\WINDOWS\SYSTEM32\96e6600.dll
C:\WINDOWS\SYSTEM32\12c78b0e.dll 


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+

Ps ton pc est toujours infecté 
il faut faire ce que je te demande 
fait dabord  ceci ensuite fait ce que je t'ai demandé plus haut

omtaolys · Answer

Ci dessous le rapport de l'avant dernière démarche, soit dit en passant si ma femme voit ce que je fais avec notre ordi ça va barder à la maison  -.ô     Bonne nuit à toi a+






BFU v1.11.0
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 01:26:16, on 10/03/2008

Option Unload Explorer: Yes
Success: ProcessKillByPID 1412
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # Winsoftware.bfu 
# lazzzy 20/09/2006 
# Ce script cible ErrorSafe / Winfixer / ErrorGuard / DriveCleaner / SystemDoctor / WinAntiVirusPro / WinAntiSpyware / SysProtect

OptionUnloadShell

# 1 - Processus

ProcessKill \AdwareProtector.exe|1
ProcessKill \ErrorGuard.exe|1
ProcessKill \ERScw.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\fat.exe|1
ProcessKill \sd2006.exe|1
ProcessKill \SDR6cw.exe|1
ProcessKill \SDRmon.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\startmon.exe|1
ProcessKill C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe|1
ProcessKill C:\Program Files\systemdoctor 2006 free\updater.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe|1
ProcessKill C:\Program Files\DriveCleaner 2006 Free\udc6cw.exe|1
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe|1 
ProcessKill C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe|1
ProcessKill C:\Program Files\WinAntiSpyware 2006 Scanner\updater.exe|1
ProcessKill C:\Program Files\SystemDoctor 2006 Free\usdr6cw.exe|1
ProcessKill C:\Program Files\SysProtect Free\USYP.exe|1
ProcessKill C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe|1
ProcessKill uwasffNT.exe|1
ProcessKill \was6.exe|1 
ProcessKill \WinAV.exe|1
ProcessKill \WinPG2005.exe|1

# 2 - Services

ServiceStop FWSvc
ServiceDisable FWSvc
ServiceDelete FWSvc

# 3 - Registre

RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|AdwareProtector
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafeFree
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1212
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect Free
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|WinPopupGuard 2005

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|cmonitor
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|CompanionWizard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|dc6v_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DC6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|DriveCleaner 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorGuard
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Error Safe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ErrorSafe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERS_check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Firewall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MDRY_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|MNI.UWFX5LP_0001_0614
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UAVIFR_0001_N105M2404
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERS_0001_NI57M1124
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N57M0112
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSM_0001_N68M1602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_LP
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_0001_N91S2108
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSV_9999_N91S1912
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UERSY_0001_N68M0602
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UGA6PV_0001_N108M0207
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|ni.usyp
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0002_N91M1708
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.USYP_0003_N91M0908
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PV_0001_N91M2107
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA6PY_0001_N73M0604
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N91M0510
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWA7PV_0001_N96M0206
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N76M1904
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6V_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWAS6Y_0001_N91M2208
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_0802
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX5V_0001_N57M1412
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|NI.UWFX6_0001_N68M2301
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PAS_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rtasks
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Salestart
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6V_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SDR6Y_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SysProtect
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SystemDoctor 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|udc6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|UERScw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uga6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|usdr6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|uwas6cw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|wa6pcw
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WA6PV_Check
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Free
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiSpyware 2006 Scanner
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirusPro2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinAntiVirus Pro 2007
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2005
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer 2006
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinFixer2005

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|fat_reinstall
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce|WinAntiSpyware 2006 Scanner

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\ErrorSafe\esPCheck.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\common files\winantivirus pro 2006\wapchk.dll
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\Program Files\WinAntiSpyware 2006 Scanner\uwasffNT.exe
RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\WINDOWS\System32\drivers\uwasfsd.sys

RegDeleteKey HKCR\antiviruscom.avofficeprotect 
RegDeleteKey HKCR\antiviruscom.avofficeprotect.1 
RegDeleteKey HKCR\avexplorer.shellextension 
RegDeleteKey HKCR\avexplorer.shellextension.2 
RegDeleteKey HKCR\avexplorer.shellextension\curver
RegDeleteKey HKCR\checkprod.checkproduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct
RegDeleteKey HKCR\CheckProduct2.CheckProduct.1
RegDeleteKey HKCR\ComCleanCor.AppCleane
RegDeleteKey HKCR\ComCleanCor.AppCleane.1
RegDeleteKey HKCR\ComCleanCor.CQuickScan
RegDeleteKey HKCR\ComCleanCor.CQuickScan.1
RegDeleteKey HKCR\ComCleanCor.FileCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane
RegDeleteKey HKCR\ComCleanCor.InetCleane.1
RegDeleteKey HKCR\ComCleanCor.RegCleane
RegDeleteKey HKCR\ComCleanCor.RegCleane.1
RegDeleteKey HKCR\ComCleanCor.SystemCleane
RegDeleteKey HKCR\ComCleanCor.SystemCleane.1
RegDeleteKey HKCR\ComCleanCore.FileClean.1
RegDeleteKey HKCR\CompCleanCore.AppCleaner
RegDeleteKey HKCR\CompCleanCore.AppCleaner.1
RegDeleteKey HKCR\CompCleanCore.CCQuickScan
RegDeleteKey HKCR\CompCleanCore.CCQuickScan.1
RegDeleteKey HKCR\CompCleanCore.FileCleaner
RegDeleteKey HKCR\CompCleanCore.FileCleaner.1
RegDeleteKey HKCR\CompCleanCore.InetCleaner
RegDeleteKey HKCR\CompCleanCore.InetCleaner.1
RegDeleteKey HKCR\CompCleanCore.RegCleaner
RegDeleteKey HKCR\CompCleanCore.RegCleaner.1
RegDeleteKey HKCR\CompCleanCore.SystemCleaner
RegDeleteKey HKCR\CompCleanCore.SystemCleaner.1
RegDeleteKey HKCR\df_fixer.Fixer
RegDeleteKey HKCR\df_fixer.Fixer.1
RegDeleteKey HKCR\df_proxy.DriverManipulate
RegDeleteKey HKCR\df_proxy.DriverManipulate.1
RegDeleteKey HKCR\df_fix.Fix
RegDeleteKey HKCR\df_fix.Fix.1
RegDeleteKey HKCR\df_prx.DriverManipulat
RegDeleteKey HKCR\df_prx.DriverManipulat.1
RegDeleteKey HKCR\escompcleancore.esappcleaner
RegDeleteKey HKCR\escompcleancore.esappcleaner.1
RegDeleteKey HKCR\escompcleancore.esccquickscan
RegDeleteKey HKCR\escompcleancore.esccquickscan.1
RegDeleteKey HKCR\escompcleancore.esfilecleaner
RegDeleteKey HKCR\escompcleancore.esfilecleaner.1
RegDeleteKey HKCR\escompcleancore.esinetcleaner
RegDeleteKey HKCR\escompcleancore.esinetcleaner.1
RegDeleteKey HKCR\escompcleancore.esregcleaner 
RegDeleteKey HKCR\escompcleancore.esregcleaner.1 
RegDeleteKey HKCR\escompcleancore.essystemcleaner 
RegDeleteKey HKCR\escompcleancore.essystemcleaner.1 
RegDeleteKey HKCR\esdf_fixer.esfixer 
RegDeleteKey HKCR\esdf_fixer.esfixer.1 
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate 
RegDeleteKey HKCR\esdf_proxy.esdrivermanipulate.1
RegDeleteKey HKCR\esffwraper.esffenginwraper 
RegDeleteKey HKCR\esffwraper.esffenginwraper.1
RegDeleteKey HKCR\esfixcore.esmmfixcore
RegDeleteKey HKCR\esfixcore.esmmfixcore.1
RegDeleteKey HKCR\esmmfixctrl.escofixengine
RegDeleteKey HKCR\esmmfixctrl.escofixengine.1
RegDeleteKey HKCR\esspchck.esspchck
RegDeleteKey HKCR\esspchck.esspchck.1
RegDeleteKey HKCR\esspcheck.esspcheck
RegDeleteKey HKCR\esspcheck.esspcheck.1
RegDeleteKey HKCR\FFCom.FlFixer
RegDeleteKey HKCR\FFWraper.FFEnginWraper
RegDeleteKey HKCR\FFWrap.FEnginWrape
RegDeleteKey HKCR\FFWrap.FEnginWrape.1
RegDeleteKey HKCR\FFWraper.FFEnginWraper.1
RegDeleteKey HKCR\FFxr_21.FFixr21
RegDeleteKey HKCR\FixCor.MMFxCor
RegDeleteKey HKCR\FixCor.MMFxCor.1
RegDeleteKey HKCR\FixCore.MMFixCore
RegDeleteKey HKCR\FixCore.MMFixCore.1
RegDeleteKey HKCR\FlFxr3.FlFixer3
RegDeleteKey HKCR\flfxr5.flfixer5
RegDeleteKey HKCR\FlFxr15.FlFixer15
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r
RegDeleteKey HKCR\FWrape_r.FFEnginWrape_r.1
RegDeleteKey HKCR\FWraper.FFEnginWraper
RegDeleteKey HKCR\FWraper.FFEnginWraper.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e.1
RegDeleteKey HKCR\FxCor_e.MMFixCor_e
RegDeleteKey HKCR\FxCore.MMFixCore
RegDeleteKey HKCR\FxCore.MMFixCore.1
RegDeleteKey HKCR\iefwbho.iefw 
RegDeleteKey HKCR\iefwbho.iefw.2
RegDeleteKey HKCR\Install.Install
RegDeleteKey HKCR\Install.Install.1
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine
RegDeleteKey HKCR\MMFixCtrl.CoFixEngine.1
RegDeleteKey HKCR\MMFx.CoFxEngin
RegDeleteKey HKCR\MMFx.CoFxEngin.1
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e
RegDeleteKey HKCR\MMFxCtr_l.CoFixEngin_e.1
RegDeleteKey HKCR\systemdoctor.free
RegDeleteKey HKCR\UWFX6PCheck.UWFX6PCheck.2
RegDeleteKey HKCR\UWFXCheck.UWFXCheck
RegDeleteKey HKCR\UWFXCheck.UWFXCheck.1
RegDeleteKey HKCR\wap6.pcheck
RegDeleteKey HKCR\wap6.pcheck.1
RegDeleteKey HKCR\winpgintegrator.ieintegrator 
RegDeleteKey HKCR\winpgintegrator.ieintegrator.1 

RegDeleteKey HKCR\AppID\{25A3C995-10C8-474B-A167-99460AB4AB2B}
RegDeleteKey HKCR\AppID\{287A2BAD-6590-4EFF-9BBC-494385664A73}
RegDeleteKey HKCR\AppID\{290B5B73-4963-4BA1-9D2D-07CB566CB7FA}
RegDeleteKey HKCR\AppID\{367a86a5-d048-4785-86be-4e2706aafdd9}
RegDeleteKey HKCR\AppID\{3C132D19-6103-4fc3-8326-34E13EE9E2C0}
RegDeleteKey HKCR\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKCR\AppID\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKCR\AppID\{AAB0BA34-6D48-425f-B4B4-98F158CB61F1}
RegDeleteKey HKCR\AppID\{DED71DE6-0575-4556-8311-A506B116A1A9}
RegDeleteKey HKCR\AppID\{E8928E69-C050-42A9-8884-94DE85E888A2}
RegDeleteKey HKCR\AppID\{E11FF09D-39AF-4613-86AD-F3217E576571}
RegDeleteKey HKCR\AppID\CheckProduct2.DLL
RegDeleteKey HKCR\AppID\compcln.dll
RegDeleteKey HKCR\AppID\compclr.dll
RegDeleteKey HKCR\AppID\FFWrapr.DLL
RegDeleteKey HKCR\AppID\FFWraper.DLL
RegDeleteKey HKCR\AppID\FixCore.DLL
RegDeleteKey HKCR\AppID\FxCr.DLL
RegDeleteKey HKCR\AppID\MFix.DLL
RegDeleteKey HKCR\AppID\MMFixCtrl.DLL
RegDeleteKey HKCR\AppID\winpgi.dll appid

RegDeleteKey HKCR\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\CLSID\{0ba379c6-0efd-4a28-932c-d20469052fd9}
RegDeleteKey HKCR\CLSID\{0bc09fc7-473d-4f9c-b49b-f4e3e244b47a}
RegDeleteKey HKCR\CLSID\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKCR\CLSID\{151a44b0-fc2d-4a02-bbbc-6b372f2f659c}
RegDeleteKey HKCR\CLSID\{1640de0e-75e4-4a83-b5d1-2492bc7eba8f}
RegDeleteKey HKCR\CLSID\{196c80cb-20a7-4cf9-9c98-9322fb1e35fb}
RegDeleteKey HKCR\CLSID\{1ac5c88a-dea7-462b-a232-04af5ca42e7e}
RegDeleteKey HKCR\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKCR\CLSID\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKCR\CLSID\{2178f3fb-2560-458f-bdee-631e2fe0dfe4}
RegDeleteKey HKCR\CLSID\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKCR\CLSID\{356af2e9-8874-4c60-a3d8-0cb516c9e747}
RegDeleteKey HKCR\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKCR\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKCR\CLSID\{5284ac2a-ef00-4750-9b82-b5b907d26536}
RegDeleteKey HKCR\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKCR\CLSID\{53ABACCB-434C-4756-A02B-8C2A3F29FB7D}
RegDeleteKey HKCR\CLSID\{5A1C8180-2A52-470c-938C-BFB4E63AA32D}
RegDeleteKey HKCR\CLSID\{5e19dee2-8d2f-4a9c-a66d-76bbeedd15cb}
RegDeleteKey HKCR\CLSID\{647b8364-79e0-48e2-a4ca-233abada0c2d}
RegDeleteKey HKCR\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKCR\CLSID\{6F85DDE5-A2DE-4217-A05D-0A7CD3C04DC2}
RegDeleteKey HKCR\CLSID\{723d54c7-7483-4eb8-8eed-ce5b2aea534d}
RegDeleteKey HKCR\CLSID\{72D597C4-2312-4116-BED4-4F9A2B2F710E}
RegDeleteKey HKCR\CLSID\{77ca442a-0c72-492b-804a-82611e558142}
RegDeleteKey HKCR\CLSID\{7e73c9db-69fb-4580-8e8e-194b34a2306c}
RegDeleteKey HKCR\CLSID\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKCR\CLSID\{861D5757-3A7E-4c46-966E-8CD53A0D0013}
RegDeleteKey HKCR\CLSID\{8E3A1531-F462-4628-ADD8-D32984637641}
RegDeleteKey HKCR\CLSID\{965a8d33-ae18-4c17-8011-fe42d81e0758}
RegDeleteKey HKCR\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKCR\CLSID\{9e87077c-380c-407d-8dab-eedad95c0a5d}
RegDeleteKey HKCR\CLSID\{9F3D2A3C-D537-482b-A91B-44EE29F09C4B}
RegDeleteKey HKCR\CLSID\{A99498D2-56E1-4e27-AC88-2328C6A87C7C}
RegDeleteKey HKCR\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKCR\CLSID\{ABC72615-4FB0-4689-AED9-AA6B89CEBC2C}
RegDeleteKey HKCR\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKCR\CLSID\{B296F12B-48A9-45fb-A860-4B98707B47AE}
RegDeleteKey HKCR\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKCR\CLSID\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\CLSID\{b5141620-c2b2-4d95-9f0f-134d99c87ab0}
RegDeleteKey HKCR\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKCR\CLSID\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKCR\CLSID\{B8CA1E6C-87E2-4435-9E56-8B791EC459D8}
RegDeleteKey HKCR\CLSID\{c033567c-68fe-419b-bcc4-135db7faf8eb}
RegDeleteKey HKCR\CLSID\{C08FA317-C152-4fea-AC0B-2EA68D2B1C84}
RegDeleteKey HKCR\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKCR\CLSID\{C427B3E3-28DC-4001-9590-D99B6776119B}
RegDeleteKey HKCR\CLSID\{c85a4afd-ff76-4661-b76a-3e9bb2ce2dab}
RegDeleteKey HKCR\CLSID\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\CLSID\{ccaabcdd-7c16-4215-b12e-150bfb994cf0}
RegDeleteKey HKCR\CLSID\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\CLSID\{e73e3959-fb15-44d7-acb9-3a75377006fc}
RegDeleteKey HKCR\CLSID\{EAB5DB02-08F5-4e7d-81F9-75B9462FAAE3}
RegDeleteKey HKCR\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKCR\CLSID\{F0ED6398-E5F8-4ef8-BAB9-FE9BBCE7EF3E}
RegDeleteKey HKCR\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\CLSID\{f63e3b76-f82f-46eb-851c-8c0a221686bb}
RegDeleteKey HKCR\CLSID\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

RegDeleteKey HKCR\Interface\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKCR\Interface\{02946fd1-2d99-46e6-a790-3a089714edd9} 
RegDeleteKey HKCR\Interface\{0b9a27eb-125f-4f3e-a35c-2769c47a1442} 
RegDeleteKey HKCR\Interface\{1CE1C25B-F8B4-4974-99D2-5D4AE96B9900}
RegDeleteKey HKCR\Interface\{35096C29-3507-4ABE-B6D8-C7CC881BE020}
RegDeleteKey HKCR\Interface\{38F743A2-210F-49DE-9B79-DCD501CED284}
RegDeleteKey HKCR\Interface\{3EEC290D-FC13-4C83-803D-4802651EEB61}
RegDeleteKey HKCR\Interface\{41A5BBF6-3C9D-4CF9-9A99-32DD37CC290B}
RegDeleteKey HKCR\Interface\{4E4F38D9-8736-41AE-B192-E829AE194398}
RegDeleteKey HKCR\Interface\{4F79D1C5-24F9-4E59-8022-604D4B41D5CA}
RegDeleteKey HKCR\Interface\{66484903-09F4-4330-927D-1F6C214221AC}
RegDeleteKey HKCR\Interface\{7FA14AD6-D8E5-465F-9BD1-A37E26C1A74F}
RegDeleteKey HKCR\Interface\{9E984934-CD94-4763-9DBC-618E483D4B7F}
RegDeleteKey HKCR\Interface\{B115BD8E-B008-46F4-B8B6-3405EB325C3C}
RegDeleteKey HKCR\Interface\{B9DFCF32-B679-4CAD-B7FC-518A48CE3922}
RegDeleteKey HKCR\Interface\{CAE8A9B1-ABBD-4159-A485-1DA045A5D4A1}
RegDeleteKey HKCR\Interface\{CBEEF194-EBC5-4758-9B51-AC34FC135E70}
RegDeleteKey HKCR\Interface\{CD3604CC-2B95-43EE-AFC9-E7444C21BE1C}
RegDeleteKey HKCR\Interface\{D21040FE-0A57-4FAB-8ED2-F0E653E55809}
RegDeleteKey HKCR\Interface\{D7A2488E-53E4-4EDD-AEAA-F24778BEB100}
RegDeleteKey HKCR\Interface\{D7A6DF8D-B6CF-4C27-8E99-ECA2CE370EA7}
RegDeleteKey HKCR\Interface\{e18b69d0-7e9e-4c6e-bdd8-879a1fff7123}
RegDeleteKey HKCR\Interface\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKCR\Interface\{F6C1582E-B11C-4724-B8F6-240457EF1D2A}
RegDeleteKey HKCR\Interface\{FB787D5E-0C7C-4BAB-B45D-20325FB886DB}
RegDeleteKey HKCR\Interface\{24F3E817-2C07-4CB5-975D-F23FCFAEDE51}
RegDeleteKey HKCR\Interface\{3BB63444-FD94-4C31-9D6F-0DA76CB11D70}
RegDeleteKey HKCR\Interface\{3C2656F4-8601-42B6-BDC3-DEC901E21C80}
RegDeleteKey HKCR\Interface\{471D3AEF-F18C-4626-A7DB-320732ACC763}
RegDeleteKey HKCR\Interface\{490E59CC-F6D5-4987-BBC8-E1A6D599C3F8}
RegDeleteKey HKCR\Interface\{68A7506D-DF03-4DF0-BE96-02BCB918EA7D}
RegDeleteKey HKCR\Interface\{74ECF6F4-62C5-48BA-945E-B20A97239A5E}
RegDeleteKey HKCR\Interface\{7A66E632-E262-4986-A936-CC636282F138}
RegDeleteKey HKCR\Interface\{7D9DFDB3-5135-4279-B365-3CEEA4AC1EAC}
RegDeleteKey HKCR\Interface\{7F208C01-1FB1-4BC8-B918-82E287B0BB79}
RegDeleteKey HKCR\Interface\{7f4e63c9-f30c-4424-9baf-b6896f5f56c4}
RegDeleteKey HKCR\Interface\{81A7D75C-9768-41C3-AE0F-8B108D802B62}
RegDeleteKey HKCR\Interface\{86786BEC-544D-473F-8D93-8E7AC0685361}
RegDeleteKey HKCR\Interface\{92B92664-32D6-4FCE-B2CE-C8519BAEFC4E}
RegDeleteKey HKCR\Interface\{94dbdb63-5f05-4c51-8b14-de0ca12ef4ca}
RegDeleteKey HKCR\Interface\{B0725565-2694-43EC-B1AB-0245762C9860}
RegDeleteKey HKCR\Interface\{B26CA1F6-2D46-49AE-9897-9C5B7CCAB9FB}
RegDeleteKey HKCR\Interface\{B36E6241-4D02-41FF-A16D-9B57E67D7B15}
RegDeleteKey HKCR\Interface\{CADCB2CC-0B7E-45B1-A689-A0AD9CE5932D}
RegDeleteKey HKCR\Interface\{D3390AE7-6F1D-464F-8921-AF9A85EED316}
RegDeleteKey HKCR\Interface\{D4EA0C00-3BC8-4B26-8D2E-C5512B07A211}
RegDeleteKey HKCR\Interface\{DB064061-95F1-4BAF-BEC9-F70792E01094}
RegDeleteKey HKCR\Interface\{F3067DE7-3DBA-4DF8-9FA0-6B0200BAA324}
RegDeleteKey HKCR\Interface\{f5ac8b35-5b15-4e8f-8046-43858973b495}
RegDeleteKey HKCR\Interface\{FE899520-E9F9-4CD9-AABB-E9074815CF50}

RegDeleteKey HKCR\TypeLib\{04392304-5221-4022-9300-be4128fb25b2}
RegDeleteKey HKCR\TypeLib\{0E9F6AC0-A21A-4591-910F-E2C6F3CA094C}
RegDeleteKey HKCR\TypeLib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKCR\TypeLib\{1b197c22-561f-455f-8511-35b1a45c5c9f}
RegDeleteKey HKCR\TypeLib\{17E55F3A-20AB-4668-A75F-DC96377AE16C}
RegDeleteKey HKCR\TypeLib\(205FF72E-CA67-11D5-99DD-444553540006)
RegDeleteKey HKCR\TypeLib\{248FDD41-4E0A-4138-9086-6CF5D6FA8179}
RegDeleteKey HKCR\TypeLib\{25BAE2A9-DF54-4927-AF6F-9963146D11D8}
RegDeleteKey HKCR\TypeLib\{2bc32ef8-bb73-4099-bb2e-0f2951b3e276} 
RegDeleteKey HKCR\TypeLib\{30ED49A5-CA6C-4918-B5F3-5E6818C91D8B}
RegDeleteKey HKCR\TypeLib\{367a86a5-d048-4785-86be-4e2706aafdd9} 
RegDeleteKey HKCR\TypeLib\{371EFE75-C183-4D0C-B8CD-2DFAFEEB34D7}
RegDeleteKey HKCR\TypeLib\{49f9ffb5-514d-4b69-b31d-2ae5a7d30ae6}
RegDeleteKey HKCR\TypeLib\{4DCEEA42-794D-4855-9ECC-20DCF5F4FEA7}
RegDeleteKey HKCR\TypeLib\{5F638503-4F2E-48F8-9210-9865AF4AD020}
RegDeleteKey HKCR\TypeLib\{68bc55e9-4d3e-4c89-89ac-7559763c98b8}
RegDeleteKey HKCR\TypeLib\{692ca430-32c8-470d-ba1f-7e15e21e7043}
RegDeleteKey HKCR\TypeLib\{6A077841-5016-42C8-92C8-F2D6B865BCD1}
RegDeleteKey HKCR\TypeLib\{6bd7e052-306e-497a-ad23-601bc6bfc305}
RegDeleteKey HKCR\TypeLib\{6F9DB588-66C5-4904-A2C7-423961358E8C}
RegDeleteKey HKCR\TypeLib\{732b6533-7f78-4c47-9c01-2979ba0829b9}
RegDeleteKey HKCR\TypeLib\{77dc6558-60e0-4644-a3df-b31f29d113bd}
RegDeleteKey HKCR\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKCR\TypeLib\{8D67C4E4-AAD6-46A1-812F-D7D21BBB4624}
RegDeleteKey HKCR\TypeLib\{9dd86cf2-8ac0-4fe0-b55a-601a302b5fd8}
RegDeleteKey HKCR\TypeLib\{a73973ab-95a6-4abe-a046-de3bab2be448}
RegDeleteKey HKCR\TypeLib\{AD70AC89-F460-4E7E-B5A5-7EAF7E207736}
RegDeleteKey HKCR\TypeLib\{B6625280-8CD8-4632-97C0-83CEC12A49A3}
RegDeleteKey HKCR\TypeLib\{D49C1A5F-26CF-482E-81EE-1D4C9B057BD2}
RegDeleteKey HKCR\TypeLib\{F458ADAE-D53B-4859-B99F-9FA127791278}
RegDeleteKey HKCR\TypeLib\{FC76A5B8-DB35-4F3E-8B9A-BF0EEA098D64}

RegDeleteKey HKCU\Software\ErrorGuard
RegDeleteKey HKCU\Software\errorsafe
RegDeleteKey HKCU\Software\error safe free
RegDeleteKey HKCU\Software\sysprotect free
RegDeleteKey HKCU\Software\SystemDoctor 2006 Free
RegDeleteKey HKCU\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKCU\Software\WinAntiVirus Pro 2006
RegDeleteKey HKCU\Software\WinFixer 2005
RegDeleteKey HKCU\Software\WinSoftware

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}

RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SystemDoctor 2006 Unregistered

RegDeleteKey HKLM\Software\DriveCleaner 2006 Free
RegDeleteKey HKLM\Software\ErrorSafe
RegDeleteKey HKLM\Software\Error Safe Free
RegDeleteKey HKLM\Software\sysprotect 
RegDeleteKey HKLM\Software\SystemDoctor 2006 Free
RegDeleteKey HKLM\Software\WinAntiSpyware 2006 Scanner
RegDeleteKey HKLM\Software\winantivirus pro 2006
RegDeleteKey HKLM\Software\WinSoftware

RegDeleteKey HKLM\Software\Classes\checkprod.checkproduct
RegDeleteKey HKLM\Software\Classes\ComCleanCore.AppCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan
RegDeleteKey HKLM\Software\Classes\ComCleanCore.CCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.FileCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner\CLSID
RegDeleteKey HKLM\Software\Classes\ComCleanCore.InetCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.RegCleaner.1
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner
RegDeleteKey HKLM\Software\Classes\ComCleanCore.SystemCleaner.1 
RegDeleteKey HKLM\Software\Classes\df_fixr.Fixer
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESAppCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESCCQuickScan.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESFileCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESInetCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESRegCleaner.1
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner
RegDeleteKey HKLM\Software\Classes\ESCompCleanCore.ESSystemCleaner.1
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer
RegDeleteKey HKLM\Software\Classes\ESdf_fixer.ESFixer.1
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate
RegDeleteKey HKLM\Software\Classes\ESdf_proxy.ESDriverManipulate.1
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper
RegDeleteKey HKLM\Software\Classes\ESFFWraper.ESFFEnginWraper.1
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore
RegDeleteKey HKLM\Software\Classes\ESFixCore.ESMMFixCore.1
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine
RegDeleteKey HKLM\Software\Classes\ESMMFixCtrl.ESCoFixEngine.1
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck
RegDeleteKey HKLM\Software\Classes\ESSPCheck.ESSPCheck.1
RegDeleteKey HKLM\Software\Classes\FFWraper.FFEnginWrapr
RegDeleteKey HKLM\Software\Classes\FixCor.MMFixCore 
RegDeleteKey HKLM\Software\Classes\FlFxr5.FlFixer5
RegDeleteKey HKLM\Software\Classes\FlFxr10.FlFixer10
RegDeleteKey HKLM\Software\Classes\MMFixCtrl.CoFixEngin2
RegDeleteKey HKLM\Software\Classes\SystemDoctor.Free
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk
RegDeleteKey HKLM\Software\Classes\UDCPChk.UDCPChk.1
RegDeleteKey HKLM\Software\Classes\UDCShell
RegDeleteKey HKLM\Software\Classes\UWAS6.UWAS6
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\uwasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook
RegDeleteKey HKLM\Software\Classes\uwashellext.ShellHook.1
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\uwashellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier
RegDeleteKey HKLM\Software\Classes\wasfsd.CreationNotifier.1
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu
RegDeleteKey HKLM\Software\Classes\washellext.WASContextMenu.1
RegDeleteKey HKLM\Software\Classes\WASPChk.WASPChk

RegDeleteKey HKLM\Software\Classes\*\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\AppID\{1C02CE6B-CC12-4ea1-B2D8-113F611F25C2}
RegDeleteKey HKLM\Software\Classes\AppID\{4f5e5d72-c915-4f3b-908b-527d064b0faa}
RegDeleteKey HKLM\Software\Classes\AppID\{8A1E94DA-725D-4f64-B110-DB3F73ADB6F7}
RegDeleteKey HKLM\Software\Classes\AppID\{E7E155EE-EEF2-46af-99B7-65F1269DC3CF}
RegDeleteKey HKLM\Software\Classes\AppID\{EE10A303-0C60-4acb-A033-95A790FA4DCD} 
RegDeleteKey HKLM\Software\Classes\AppID\checkproduct2_1.dll

RegDeleteKey HKLM\Software\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
RegDeleteKey HKLM\Software\Classes\CLSID\{05324ED1-05C0-4e3a-A34F-98BFC64426F5}
RegDeleteKey HKLM\Software\Classes\CLSID\{08C71FB1-1E66-4D22-9F32-4C045A451306}
RegDeleteKey HKLM\Software\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
RegDeleteKey HKLM\Software\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
RegDeleteKey HKLM\Software\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
RegDeleteKey HKLM\Software\Classes\CLSID\{184B0A26-4C9C-4757-ABF5-4B6AF71F9A45}
RegDeleteKey HKLM\Software\Classes\CLSID\{18A41B20-E519-47a1-B545-FFC200730E9B}
RegDeleteKey HKLM\Software\Classes\CLSID\{1CDEB41B-905A-4183-AA20-26E075419B46}
RegDeleteKey HKLM\Software\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Classes\CLSID\{22024DC7-D190-44ec-9D49-AEE5F244A466}
RegDeleteKey HKLM\Software\Classes\CLSID\{250D1063-5414-4fb0-86D5-AABB7A5D7DA7}
RegDeleteKey HKLM\Software\Classes\CLSID\{2B334C22-40CA-438f-913A-61A8105C4CCD}
RegDeleteKey HKLM\Software\Classes\CLSID\{2BF3C5AD-F9EC-49d8-8568-D7DFFC77108B}
RegDeleteKey HKLM\Software\Classes\CLSID\{38EDB9E2-D7C4-4575-8905-FE65414FFEAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{43DB73EB-4C90-4418-B6AD-10DB22016908}
RegDeleteKey HKLM\Software\Classes\CLSID\{48349992-1402-4C67-B45B-2E619E641FDB}
RegDeleteKey HKLM\Software\Classes\CLSID\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\CLSID\{4F4E2384-42AD-4fe4-B966-B6D50C7BF90A}
RegDeleteKey HKLM\Software\Classes\CLSID\{5284AC2A-EF00-4750-9B82-B5B907D26536}
RegDeleteKey HKLM\Software\Classes\CLSID\{538BC8F3-2E1E-4D2D-A261-158DF6E9B407}
RegDeleteKey HKLM\Software\Classes\CLSID\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\CLSID\{5D178DBE-C867-417f-8A4E-D5DEFA4CD4E7} 
RegDeleteKey HKLM\Software\Classes\CLSID\{66A9C4D0-BC54-4841-8FAA-DB98CBB77BAD}
RegDeleteKey HKLM\Software\Classes\CLSID\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Classes\CLSID\{6C8416A2-2408-4f4d-8D26-EC9A07E8DC98}
RegDeleteKey HKLM\Software\Classes\CLSID\{7D435027-F646-4bf9-B2C5-0EF4940D5CA2}
RegDeleteKey HKLM\Software\Classes\CLSID\{7EC618F2-C506-4221-9F56-792B92BF762E}
RegDeleteKey HKLM\Software\Classes\CLSID\{84C43108-013C-4513-8578-F50080B9C9D0}
RegDeleteKey HKLM\Software\Classes\CLSID\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\CLSID\{9C102B96-4845-4756-991E-4F9294965536}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CB12DAD-32C7-4f34-9758-C9FDD26D4D22}
RegDeleteKey HKLM\Software\Classes\CLSID\{9CC1BE04-3B42-4442-9A46-77E8BC1108F9}
RegDeleteKey HKLM\Software\Classes\CLSID\{AA69BBFC-1D28-4960-8061-93C1BB156238}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
RegDeleteKey HKLM\Software\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
RegDeleteKey HKLM\Software\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D}
RegDeleteKey HKLM\Software\Classes\CLSID\{B096A483-0ABD-4AF0-856A-CAD36145AF5C}
RegDeleteKey HKLM\Software\Classes\CLSID\{b2a3156e-3332-4b47-af5a-5b121503514f}
RegDeleteKey HKLM\Software\Classes\CLSID\{B5E427F9-AB38-4348-9076-86870C2BE860}
RegDeleteKey HKLM\Software\Classes\CLSID\{C0BC364F-AB33-4778-8047-5A2148E0ECDA}
RegDeleteKey HKLM\Software\Classes\CLSID\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\CLSID\{C3E2988E-1433-469d-BFC1-4080D131FE1A}
RegDeleteKey HKLM\Software\Classes\CLSID\{C4C4786C-9861-46d2-BB63-AC782AB07046}
RegDeleteKey HKLM\Software\Classes\CLSID\{C833A552-F5AF-4a7b-87B3-6EBDE0DB3B43}
RegDeleteKey HKLM\Software\Classes\CLSID\{CF080118-CDA5-429d-A8BD-EC7ECA74663F}
RegDeleteKey HKLM\Software\Classes\CLSID\{D3377825-230D-4a12-805C-132557FA1A8B}
RegDeleteKey HKLM\Software\Classes\CLSID\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\CLSID\{DD45A464-7763-43EE-A756-5F2C93B0CF5E}
RegDeleteKey HKLM\Software\Classes\CLSID\{E4A3F67D-5237-43fa-B3F2-41C37C1204B9}
RegDeleteKey HKLM\Software\Classes\CLSID\{E78EA05B-B6A7-4dc4-879D-444DCD224CB4} 
RegDeleteKey HKLM\Software\Classes\CLSID\{EDF78E1B-31A2-4c6e-AD40-0AFCD0D55263}
RegDeleteKey HKLM\Software\Classes\CLSID\{ef130e77-0a34-4365-bfb7-218fd3ddcd5f}
RegDeleteKey HKLM\Software\Classes\CLSID\{F41C1430-CFDE-4AD3-B38D-7890F0843E47}
RegDeleteKey HKLM\Software\Classes\CLSID\{F5AB293C-2E21-4441-9AD8-B3646EB26DF5}
RegDeleteKey HKLM\Software\Classes\CLSID\{FDA9BFC7-4ECD-43a0-AC1E-2E7DDE0C81B0}
RegDeleteKey HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\{7EC618F2-C506-4221-9F56-792B92BF762E}

RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
RegDeleteKey HKLM\Software\Classes\Drive\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\Interface\{02946FD1-2D99-46E6-A790-3A089714EDD9}
RegDeleteKey HKLM\Software\Classes\Interface\{0D146B7F-FA35-465D-B716-BCBC1F9A92D3}
RegDeleteKey HKLM\Software\Classes\Interface\{12813770-461E-4A9F-8C5B-C227A8E9FBE8}
RegDeleteKey HKLM\Software\Classes\Interface\{1562D24E-F5BF-4BB4-AF4C-BBB610B62638}
RegDeleteKey HKLM\Software\Classes\Interface\{1BEA1806-F5C7-4696-B0A0-26CFD6A958DD}
RegDeleteKey HKLM\Software\Classes\Interface\{258E07A2-FF65-493B-B6BD-421A1F2992A3}
RegDeleteKey HKLM\Software\Classes\Interface\{2A1647E8-3EC2-49FE-B632-E12D765FA0CC}
RegDeleteKey HKLM\Software\Classes\Interface\{2DECFCC9-D910-4BAC-94B8-FC006827A60F}
RegDeleteKey HKLM\Software\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
RegDeleteKey HKLM\Software\Classes\Interface\{4AA76F27-81BC-4C3F-9F24-CB99349C8CC9}
RegDeleteKey HKLM\Software\Classes\Interface\{4B6A7638-0999-4924-93B7-C5738E1BAEE1}
RegDeleteKey HKLM\Software\Classes\Interface\{5585C185-B318-4072-A00D-8385F443AE07}
RegDeleteKey HKLM\Software\Classes\Interface\{59399E33-FB54-48AB-8AE4-AE108B36DAB4}
RegDeleteKey HKLM\Software\Classes\Interface\{622423BD-B825-4989-BA65-86D0B990D328}
RegDeleteKey HKLM\Software\Classes\Interface\{6813BFFD-BE81-4613-B4E6-AA7ED0DA8659}
RegDeleteKey HKLM\Software\Classes\Interface\{7516C86C-2F3D-4724-BD4E-1608F1BDAE12}
RegDeleteKey HKLM\Software\Classes\Interface\{7CA36000-3320-49D1-BAD1-4C5169D4084A}
RegDeleteKey HKLM\Software\Classes\Interface\{7E7A1949-5C0C-45F3-A106-34FE038493EF}
RegDeleteKey HKLM\Software\Classes\Interface\{8DAE9202-0019-4D30-A5D2-AAF02D4DDC37}
RegDeleteKey HKLM\Software\Classes\Interface\{8E0A02C1-974F-4379-BFD3-69FFB9E0659D}
RegDeleteKey HKLM\Software\Classes\Interface\{9793B356-4337-44AC-9A22-DF6A7930602C}
RegDeleteKey HKLM\Software\Classes\Interface\{A1DDDD67-64B2-4CAB-BE0B-E34F3F12AED0}
RegDeleteKey HKLM\Software\Classes\Interface\{A22FBA1E-CAAF-4E45-8EFF-4A821AF03E69}
RegDeleteKey HKLM\Software\Classes\Interface\{A56B6D30-FDE0-42A9-BE6B-18B5D3F2F519}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
RegDeleteKey HKLM\Software\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
RegDeleteKey HKLM\Software\Classes\Interface\{A0E2E5AB-C02F-489B-BD7B-58C329F774F3}
RegDeleteKey HKLM\Software\Classes\Interface\{A6E398B2-A288-4D76-B0D0-8F153D14B66E}
RegDeleteKey HKLM\Software\Classes\Interface\{A92616B1-2E82-4052-B579-0A40C2304380}
RegDeleteKey HKLM\Software\Classes\Interface\{B22EE952-9A58-4495-AE78-C0146FA1A3C7}
RegDeleteKey HKLM\Software\Classes\Interface\{C1EA2421-BC9A-4546-943C-126F9D818EFB}
RegDeleteKey HKLM\Software\Classes\Interface\{C3896A1E-8ECD-490B-8A1C-39FE9F7D64A1}
RegDeleteKey HKLM\Software\Classes\Interface\{C88B2356-A6FE-41EC-B0FB-41F2C82C867E} 
RegDeleteKey HKLM\Software\Classes\Interface\{CF5C9FCE-C963-49E5-A3A4-0A81FFFE1E55}
RegDeleteKey HKLM\Software\Classes\Interface\{D090E12D-B79C-4B82-A76C-0E3BBE73C9EF}
RegDeleteKey HKLM\Software\Classes\Interface\{D7136B99-FC27-4DC1-8497-5444D49B426A}
RegDeleteKey HKLM\Software\Classes\Interface\{D80A56D7-451C-41CF-9A74-1447E0887B97}
RegDeleteKey HKLM\Software\Classes\Interface\{DE3C77B8-7378-4A4C-B6F8-4A008B4A6009}
RegDeleteKey HKLM\Software\Classes\Interface\{E0110779-5F79-4685-9C96-9D99EFD30CA2}
RegDeleteKey HKLM\Software\Classes\Interface\{E7CCBD19-2EEA-4B6A-B9BE-E8A68613809C}
RegDeleteKey HKLM\Software\Classes\Interface\{E95F8133-A554-4C0C-9B9A-EEEE3B82CEDE}
RegDeleteKey HKLM\Software\Classes\Interface\{EA0F107F-2BF6-44A0-96C4-A99B74AFBC4A}
RegDeleteKey HKLM\Software\Classes\Interface\{F18701B3-185D-42FD-A55E-F47FDAC8F362}
RegDeleteKey HKLM\Software\Classes\Interface\{F709F572-86F5-47C8-AFCF-3CEBC468FADB}
RegDeleteKey HKLM\Software\Classes\Interface\{F97E5B38-4887-444A-86F5-91C18331500B}
RegDeleteKey HKLM\Software\Classes\Interface\{F9AC5167-2C13-4607-B924-81C1C2251C84}
RegDeleteKey HKLM\Software\Classes\Interface\{FB752175-36D8-4792-9302CFB8018C0DEC}

RegDeleteKey HKLM\Software\Classes\lnkfile\shellex\ContextMenuHandlers\UDCShell

RegDeleteKey HKLM\Software\Classes\SYSTEM\ControlSet003\Services\wasfsd

RegDeleteKey HKLM\Software\Classes\TypeLib\{03A78DBD-AA12-4DB4-AB2C-564460D385DC}
RegDeleteKey HKLM\Software\Classes\TypeLib\{09AF1CF9-825C-4017-A7DC-088C68770F31}
RegDeleteKey HKLM\Software\Classes\TypeLib\{0A89FF7F-1A12-42D9-ACCB-4217112DC7E0}
RegDeleteKey HKLM\software\classes\typelib\{1234890a-5e6e-4867-8136-ca6f1456b235}
RegDeleteKey HKLM\Software\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
RegDeleteKey HKLM\Software\Classes\TypeLib\{16DEEE6B-AEFC-4BA6-9F32-57BBE6783A7C}
RegDeleteKey HKLM\Software\Classes\TypeLib\{21C724D0-B91A-4F35-99E7-55D325F00B20}
RegDeleteKey HKLM\Software\Classes\TypeLib\{223CEDCA-738B-4C4D-B8AE-C68B68C90A4A}
RegDeleteKey HKLM\Software\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
RegDeleteKey HKLM\Software\Classes\TypeLib\{5940CA88-8F1A-4A74-89E4-B3407E5E7348}
RegDeleteKey HKLM\Software\Classes\TypeLib\{61C1FC79-7120-4824-A563-D4D11D80BAFB}
RegDeleteKey HKLM\Software\Classes\TypeLib\{68BC55E9-4D3E-4C89-89AC-7559763C98B8}
RegDeleteKey HKLM\Software\Classes\TypeLib\{692CA430-32C8-470D-BA1F-7E15E21E7043}
RegDeleteKey HKLM\Software\Classes\TypeLib\{7eacf70b-302f-4049-ac68-2d62eb43e473}
RegDeleteKey HKLM\Software\Classes\TypeLib\{8ECC09E1-634B-42AC-8BE7-E6EDBB53C90E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{A8C9AD38-7708-4BEB-A20C-B79614B4F120}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
RegDeleteKey HKLM\Software\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
RegDeleteKey HKLM\Software\Classes\TypeLib\{B869788C-35DF-4104-BACB-8FDB83AFFFFD}
RegDeleteKey HKLM\Software\Classes\TypeLib\{BD9421BB-9F96-4272-802F-49BEC746056E}
RegDeleteKey HKLM\Software\Classes\TypeLib\{F874A0AE-66E8-426B-A3F5-6BA6958DCDBA}
RegDeleteKey HKLM\Software\Classes\TypeLib\{FB42F450-C8B1-4799-99F1-87FA9CA92AB9}

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\errorguard.exe

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5141620-C2B2-4D95-9F0F-134D99C87AB0}
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}

RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Error Guard
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ersu_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UDC6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UERS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USDR6V_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\usyp_is1 
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWFX_5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UWinFX6_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\wa6p_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WFX5_is1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinAntiSpyware 2006 Scanner_is1

RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\sscan.sys
RegDeleteKey HKLM\SYSTEM\ControlSet001\Control\SafeBoot\Network\sscan.sys

RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\FOPN
RegDeleteKey HKLM\SYSTEM\ControlSet001\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\ControlSet002\Services\FOPN

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\df_km.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sscan.sys

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\df_kmd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ersd.sys
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sscan.sys

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ERSD
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\enum\root\legacy_erssdd

RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\df_kmd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\ersd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\erssdd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FOPN
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\FWSvc
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\uwasfsd
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk
RegDeleteKey HKLM\SYSTEM\CurrentControlSet\Services\wasfsd

RegDeleteKey HKUS\Software\DriveCleaner 2006 Free

# 4 - ActiveX

RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540006}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}
RegDeleteKey HKLM\Software\Microsoft\Code Store Database\Distribution Units\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{205FF73B-CA67-11D5-99DD-444553540006}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A}|Compatibility Flags|1024
RegSetDwordValue HKLM\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{F919FBD3-A96B-4679-AF26-F551439BB5FD}|Compatibility Flags|1024

# 5 - Fichiers

DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCPChk.dll|1
DllUnregister C:\Program Files\DriveCleaner 2006 Free\UDCShell.dll|1 
DllUnregister C:\Program Files\ErrorSafe\df_fixer.dll|1
DllUnregister C:\Program Files\ErrorSafe\df_proxy.dll|1
DllUnregister C:\Program Files\ErrorSafe\ecc.dll|1
DllUnregister C:\Program Files\ErrorSafe\esSPCheck.dll|1
DllUnregister C:\Program Files\ErrorSafe\FFWraper.dll|1
DllUnregister C:\Program Files\ErrorSafe\FixCore.dll|1
DllUnregister C:\Program Files\ErrorSafe\FiFxr5.dll|1
DllUnregister C:\Program Files\ErrorSafe\FTRec.dll|1
DllUnregister C:\Program Files\ErrorSafe\MMFix.dll|1
DllUnregister C:\Program Files\ErrorSafe\StrRes.dll|1
DllUnregister C:\Program Files\SysProtect\compclr.dll|1
DllUnregister C:\Program Files\SysProtect\df_fixer.dll|1
DllUnregister C:\Program Files\SysProtect\df_proxy.dll|1
DllUnregister C:\Program Files\SysProtect\FFWrapr.dll|1
DllUnregister C:\Program Files\SysProtect\flfxr10.dll|1
DllUnregister C:\Program Files\SysProtect\FTRec.dll|1
DllUnregister C:\Program Files\SysProtect\FxCore.dll|1
DllUnregister C:\Program Files\SysProtect\MMFx.dll|1
DllUnregister C:\Program Files\SysProtect\StrRes.dll|1
DllUnregister C:\Program Files\SystemDoctor 2006 Free\order.dll|1
DllUnregister C:\Program Files\VirusGarde\Addons\popupg.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\AsAgents.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\shellext.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\uwas6chk.dll|1
DllUnregister C:\Program Files\WinAntiSpyware 2006 Scanner\was6chk.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\avkernel.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\IEFWBHO.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\libfn.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\rpt.dll|1
DllUnregister C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll|1
DllUnregister C:\Program Files\WinFixer 2005\compcln.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_fixer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\df_proxy.dll|1
DllUnregister C:\Program Files\WinFixer 2005\ffCom.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FFWraper.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FileTypeRecognizer.dll|1
DllUnregister C:\Program Files\WinFixer 2005\FixCore.dll|1
DllUnregister C:\Program Files\WinFixer 2005\MMFix.dll|1
DllUnregister C:\Program Files\WinFixer 2005\OEDrop.dll|1
DllUnregister C:\Program Files\WinFixer 2005\StrRes.dll|1
DllUnregister C:\Program Files\Common Files\Companion Wizard\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll|1
DllUnregister C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\CrXML.dll|1
DllUnregister C:\Program Files\Common Files\WinSoftware\PCheck.dll|1
DllUnregister C:\Program Files\Fichiers communs\WinFixer  2005\uwappchk.dll|1
DllUnregister C:\WINDOWS\System32\SpOrder.dll|1
DllUnregister C:\WINDOWS\syst32.dll|1

FileDelete C:\Documents and Settings\All Users\Bureau\WinAntiVirus*.lnk
FileDelete C:\Documents and Settings\mic\Application Data\*drivecleaner*.exe
FileDelete C:\Documents and Settings\mic\Application Data\*errorsafe*.exe
FileDelete C:\Documents and Settings\mic\Application Data\*winantispyware*.exe
FileDelete C:\Documents and Settings\mic\Application Data\*winantivirus*.exe
FileDelete C:\Documents and Settings\mic\Application Data\install_fr*.exe
FileDelete C:\Documents and Settings\mic\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\mic\Application Data\Microsoft\Internet Explorer\Quick Launch\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\mic\Bureau\*drivecleaner*.exe
FileDelete C:\Documents and Settings\mic\Bureau\DriveCleaner 2006 Free.lnk
FileDelete C:\Documents and Settings\mic\Bureau\ErrorGuard.lnk
FileDelete C:\Documents and Settings\mic\Bureau\ErrorSafe.lnk
FileDelete C:\Documents and Settings\mic\Bureau\ErrorSafe*.exe
FileDelete C:\Documents and Settings\mic\Bureau\SystemDoctor*.lnk
FileDelete C:\Documents and Settings\mic\Bureau\WinAntiSpyware*.lnk
FileDelete C:\Documents and Settings\mic\Bureau\WinFixer*.exe
FileDelete C:\Documents and Settings\mic\Bureau\WinFixer*.lnk
FileDelete C:\Documents and Settings\mic\Mes documents\*drivecleaner*.exe
FileDelete C:\Documents and Settings\mic\Mes documents\*SystemDoctor*.exe
FileDelete C:\Documents and Settings\mic\Mes documents\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\*drivecleaner*.exe
FileDelete C:\Program Files\*WinAntiVirusPro*.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\compwiz.exe
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
FileDelete C:\Program Files\Common Files\Companion Wizard\WapCHK{*}.dll
FileDelete C:\WINDOWS\46241234110.exe
FileDelete C:\WINDOWS\service32.exe
FileDelete C:\WINDOWS\syst32.dll
FileDelete C:\WINDOWS\Downloaded Program Files\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.1\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.2\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.3\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.4\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.5\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.6\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.7\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.8\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.9\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.10\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.11\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.12\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.13\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.14\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.15\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.16\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Downloaded Program Files\CONFLICT.17\U*_*_*NetInstaller.exe
FileDelete C:\WINDOWS\Prefetch\*winantispyware*.pf
FileDelete C:\WINDOWS\System32\av.cpl
FileDelete C:\WINDOWS\System32\df_kme.exe
FileDelete C:\WINDOWS\System32\SpOrder.dll
FileDelete C:\WINDOWS\System32\stera.exe
FileDelete C:\WINDOWS\System32\stera.?o?
FileDelete C:\WINDOWS\System32\drivers\ApiMon.sys
FileDelete C:\WINDOWS\System32\drivers\df_kmd.sys
FileDelete C:\WINDOWS\System32\drivers\ersd.sys
FileDelete C:\WINDOWS\System32\drivers\erssdd.sys
FileDelete C:\WINDOWS\System32\drivers\fopn.sys
FileDelete C:\WINDOWS\System32\drivers\sscan.sys
FileDelete C:\WINDOWS\System32\drivers\uwasfsd.sys
FileDelete C:\WINDOWS\System32\drivers\vspf_hk5.sys
FileDelete C:\WINDOWS\System32\drivers\vspf5.sys
FileDelete C:\WINDOWS\System32\drivers\wasfsd.sys
FileDelete C:\WINDOWS\System32\drivers\WFF.sys
FileDelete C:\systemdoctor*.exe

# 6 - Repertoires

FolderDelete C:\Documents and Settings\mic\Application Data\DriveCleaner Free
FolderDelete C:\Documents and Settings\mic\Application Data\systemdoctor 2006 free
FolderDelete C:\Documents and Settings\mic\Application Data\VirusGarde
FolderDelete C:\Documents and Settings\mic\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\mic\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Corp
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\DriveCleaner 2006 Free 
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ErrorSafe
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SystemDoctor 2006 Unregistered Version
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiSpyware 2006 Scanner
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinAntiVirus Pro 2006
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinFixer 2005
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\WinAntiVirus Pro 2007
FolderDelete C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\SysProtect
FolderDelete C:\Program Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\erroguard
FolderDelete C:\Program Files\Error Safe
FolderDelete C:\Program Files\Error Safe Free
FolderDelete C:\Program Files\ErrorSafe
FolderDelete C:\Program Files\errorsafe free
FolderDelete C:\Program Files\SysProtect Free
FolderDelete C:\Program Files\SystemDoctor 2006
FolderDelete C:\Program Files\SystemDoctor 2006 Free
FolderDelete C:\Program Files\VirusGarde
FolderDelete C:\Program Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\WinAntiSpyware 2006 Free
FolderDelete C:\Program Files\WinAntiSpyware 2006 Scanner
FolderDelete C:\Program Files\WinAntiVirus 2005
FolderDelete C:\Program Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\WinFixer 2005
FolderDelete C:\Program Files\WinPopupGuard 2005
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Archivos comunes\DriveCleaner Free
FolderDelete C:\Program Files\Archivos comunes\Error Safe
FolderDelete C:\Program Files\Archivos comunes\erroguard
FolderDelete C:\Program Files\Archivos comunes\errorguard
FolderDelete C:\Program Files\Archivos comunes\ErrorSafe
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor
FolderDelete C:\Program Files\Archivos comunes\SystemDoctor 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiSpyware 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Archivos comunes\WinAntiVirus Pro 2007
FolderDelete C:\Program Files\Archivos comunes\WinFixer 2005
FolderDelete C:\Program Files\Archivos comunes\WinSoftware
FolderDelete C:\Program Files\Common Files\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Common Files\erroguard
FolderDelete C:\Program Files\Common Files\errorguard
FolderDelete C:\Program Files\Common Files\ErrorSafe
FolderDelete C:\Program Files\Common Files\SysProtect
FolderDelete C:\Program Files\Common Files\SystemDoctor 2006
FolderDelete C:\Program Files\Common Files\WinAntiSpyware 2006
FolderDelete C:\Program Files\Common Files\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Common Files\WinFixer 2005
FolderDelete C:\Program Files\Common Files\WinSoftware
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner 2006 Free
FolderDelete C:\Program Files\Fichiers communs\DriveCleaner Free
FolderDelete C:\Program Files\Fichiers communs\Error Safe
FolderDelete C:\Program Files\Fichiers communs\erroguard
FolderDelete C:\Program Files\Fichiers communs\errorguard
FolderDelete C:\Program Files\Fichiers communs\ErrorSafe
FolderDelete C:\Program Files\Fichiers communs\ProtectionAssuree
FolderDelete C:\Program Files\Fichiers communs\SystemDoctor
FolderDelete C:\Program Files\Fichiers communs\SystemDoctor 2006
FolderDelete C:\Program Files\Fichiers communs\WinAntiSpyware 2006
FolderDelete C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
FolderDelete C:\Program Files\Fichiers communs\WinAntivirus Pro 2007
FolderDelete C:\Program Files\Fichiers communs\WinFixer  2005
FolderDelete C:\Program Files\Fichiers communs\WinFixer 2005
FolderDelete C:\Program Files\Fichiers communs\WinSoftware
FolderDelete C:\UWA7PV
FolderDelete C:\WinAntiVirus Pro 2006

# 7 - Nettoyage

Filedelete %USERPROFILE%\Cookies\*@*drivecleaner*.txt
Filedelete %USERPROFILE%\Cookies\*@*errorsafe*.txt
Filedelete %USERPROFILE%\Cookies\*@*systemdoctor*.txt
Filedelete %USERPROFILE%\Cookies\*@*WinAntiSpyware*.txt
Filedelete %USERPROFILE%\Cookies\*@*winantivirus*.txt
Filedelete %USERPROFILE%\Cookies\*@*winfixer*.txt
Filedelete %USERPROFILE%\Cookies\*@*yieldmanager*.txt

RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\drivecleanr.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\errorsafe.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\systemdoctor.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-anti-virus-pro.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispy.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantispyware.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantiviruspro.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfirewall.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winfixer2006.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winnanny.com|*|4
RegSetDwordValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winsoftware.com|*|4

RegSetDwordValue HKLM\Software\Microsoft\Windows\CurrentVersion\

omtaolys · Answer

Un petit up pour mon souci de virus, je synthétise les démarches en même temps pour faciliter la lecture du fil.
 le problème vient de chevaux de troie qui popent des pages internet et qui prennent la place de l'administrateur. Un des trojans est apparu suite à une utilisation d'msn.

            Voici une récapitulation des programmes utilisés (avec leurs rapports dans le fil) : Spybot, Ccleaner, AVG Antispyware, OtmoveIt, Smitfraudfix, virtumundoBeGone, vundofix, elibagla, bfu, navilog, un scan en ligne bitdefender. Avec rapports Hijack this, le dernier étant  posté ci-dessus.

            Un peu de résultat mais l'ordi est toujours infécté, avec des fichiers qui reviennent toujours. 

           Voil merci a ceux qui lisent ou se penchent dessus comme ep44   a+

ep44 · Answer

Voici une récapitulation des programmes utilisés (avec leurs rapports dans le fil) : Spybot, Ccleaner, AVG Antispyware, OtmoveIt, Smitfraudfix, virtumundoBeGone, vundofix, elibagla, bfu, navilog, un scan en ligne bitdefender. Avec rapports Hijack this, le dernier étant posté ci-dessus. 

Bonsoir 

et ce n'est surement pas fini 

Un peu de résultat mais l'ordi est toujours infécté, avec des fichiers qui reviennent toujours.


un peu de résultat ??
si tu regarde bien voici ce qui à été supprimé !


C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe
C:\WINDOWS\SYSTEM32\ftpdll.dll 
C:\WINDOWS\SYSTEM32\ftpdll.dll 
C:\WINDOWS\SYSTEM32\Kf93jfg.dll 
C:\WINDOWS\SYSTEM32\elgnehgr.sys 
C:\WINDOWS\TEMP\csrssc.exe 
C:\WINDOWS\Installer\{f81bf63e-c760-4936-8ef5-46723271abf0}\CDRam.dll 
C:\WINDOWS\certproc32.exe 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler­]
"{B5AC49A2-94F2-42BD-F434-2604812C897D}"="Hkjr94jdfdgj"

[HKEY_CLASSES_ROOT\CLSID\{B5AC49A2-94F2-42BD-F434-2604812C897D}\InProcServer32]
@="C:\WINDOWS\System32\Hjd94fg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B5AC49A2-94F2-42BD-F434-2604812C897D}\InProcSe­rver32]
@="C:\WINDOWS\System32\Hjd94fg.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler­]
"{B5AF0562-94F3-42BD-F434-2604812C797D}"="Hjkfj93dffd"

[HKEY_CLASSES_ROOT\CLSID\{B5AF0562-94F3-42BD-F434-2604812C797D}\InProcServer32]
@="C:\WINDOWS\System32\Kf93jfg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B5AF0562-94F3-42BD-F434-2604812C797D}\InProcSe­rver32]
@="C:\WINDOWS\System32\Kf93jfg.dll"

C:\Documents and Settings\All Users.\documents\settings\partnership.dll
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
.
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\autorun.exe
C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons
C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons\games2.ico
C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Alexandra\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Alexandra\Application Data\winantispyware2006freeinstall_fr[1].exe
C:\Documents and Settings\Alexandra\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\Alexandra\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\config.ini
C:\Documents and Settings\LocalService\Application Data\printer.exe
C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\mic\Local Settings\Application Data\cftmon.exe
C:\Documents and Settings\mic\Menu Démarrer\Programmes\Démarrage\findfast.exe
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings\settings.dat
C:\Program Files\MyWay\myBar\Settings\settings.dat.bak
C:\Program Files\MyWay\myBar\Settings\settings.htm
C:\Program Files\MyWay\myBar\Settings\settings.htm.bak
C:\Program Files\winantispyware 2006 scanner
C:\Program Files\winantispyware 2006 scanner\database\AutoProcess.dat
C:\Program Files\winantispyware 2006 scanner\database\monstate.dat
C:\Program Files\winantispyware 2006 scanner\database\quaratine.dat
C:\Program Files\winantispyware 2006 scanner\database\RTMonitor.dat
C:\Program Files\winantispyware 2006 scanner\database\Summary.dat
C:\Program Files\winantispyware 2006 scanner\database	asks.dat
C:\Program Files\winantispyware 2006 scanner\database	hreatnet.dat
C:\Program Files\winantispyware 2006 scanner\scanlog.xml
C:\WINDOWS\NDNuninstall4_85.exe
C:\WINDOWS\NDNuninstall6_30.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\start.exe
C:\WINDOWS\system32\dllgh8jkd1q1.exe
C:\WINDOWS\system32\dllgh8jkd1q2.exe
C:\WINDOWS\system32\dllgh8jkd1q5.exe
C:\WINDOWS\system32\dllgh8jkd1q6.exe
C:\WINDOWS\system32\dllgh8jkd1q7.exe
C:\WINDOWS\system32\dllgh8jkd1q8.exe
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32egscan.exe
C:\WINDOWS\system32\spoolvs.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\Wanadoo.exe
C:\WINDOWS\Web\default.htt
-------\LEGACY_ICF
-------\ICF
-------
m
-------\LEGACY_ICF
-------\ICF
-------
m
-------\LEGACY_ICF
-------\ICF
-------
m
-------\LEGACY_ICF
-------\ICF
-------
m 
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E60A0B68-353A-81DD-ED09-2A8101A6DFBA}"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Jnskdfmf9eldfd"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jnskdfmf9eldfd"=-
C:\WINDOWS\jtcres32.dll
C:\WINDOWS\mapisrv32.dll
C:\WINDOWS\SYSTEM32\11374800.dll
C:\WINDOWS\SYSTEM32\12c78b0e.dll
C:\WINDOWS\SYSTEM32\203d33b5.dll
C:\WINDOWS\SYSTEM32\217f6a20.dll
C:\WINDOWS\SYSTEM32\66a18.dll
C:\WINDOWS\SYSTEM32\849d3ff.dll
C:\WINDOWS\SYSTEM32\96e6600.dll
C:\WINDOWS\SYSTEM32\9bb33aa.dll
C:\WINDOWS\SYSTEM32\af0f690.dll
C:\WINDOWS\SYSTEM32\d415ea8.dll
C:\WINDOWS\SYSTEM32\Kf93jfg.dll
C:\WINDOWS\SYSTEM32\krnj32drv.dll
C:\WINDOWS\SYSTEM32\svchost.t__ 
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExplorerUWAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7DE254-2FBD-4C09-9077-3DC4A2DEBE9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1230649B-B980-44A5-B259-9B09EBEA6331}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1236DE55-EDED-4675-AF10-BA15EDDB4D7A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B11}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{_CLSID_WAShellExecuteCheck}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers
\ExplorerUWAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerUWAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4567AB12-A884-4CA6-B739-CEDB12FEF096}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95411}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABCD4567-D8E8-4DF1-A3EA-D0AA72F42611}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{12398A44-7DFC-4C46-BD8F-41259D169A0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4567AB12-AE24-4FD6-B479-E2B464F32DA6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37411}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UWAS6.UWAS6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwasfsd.CreationNotifier
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwasfsd.CreationNotifier.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.ShellHook
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.ShellHook.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.WASContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\uwashellext.WASContextMenu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\WinAntiSpyware 2006 Scanner_is1
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006 Scanner
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uwasfsd
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uwasfsd
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis
\ICQ
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis
\ICQ\Agent
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\Mirabilis
\ICQ\Agent\Apps
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\WinAntiSpyware 2006 Scanner
HKEY_USERS\S-1-5-21-220523388-1844823847-682003330-500\Software\WinAntiSpyware 2006 Scanner\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{ABCD4567-4D73-43E9-85E5-53A2DBD95422}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{ABCD4567-7437-43EF-AB74-4AB1D3A37422}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wasfsd.CreationNotifier
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\wasfsd.CreationNotifier.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAS_is1
HKEY_LOCAL_MACHINE\SOFTWARE\WinAntiSpyware 2006
HKEY_ALL_USERS\Software\WinAntiSpyware 2006
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wasfsd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ExplorerWAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\ExplorerWAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers
\ExplorerWAS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\UWAS6.UWAS6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\washellext.WASContextMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\washellext.WASContextMenu.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WASPChk.WASPChk
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYSTEM\ControlSet003\Services\wasfsd

omtaolys · Answer

En effet beaucoup de résultat, merci encore. Quelle est la suite de la marche a suivre ?

               a+

ep44 · Answer

.

ep44 · Answer

Bonsoir omtaolys,

Bonsoir lyonnais 
merci pour ton intervention ;-)
si erreur ton intervention seras forcément la bienvenue avec plaisir :-)

omtaolys,selectionne ceci

Driver::

oeredwfw
dump_wmimmc
jswmidin
1Google Online Search

File::

C:\WINDOWS\System32\drivers\oeredwfw.dat
C:\Documents and Settings\mic\Mes documents\My Games\CABAL online\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys 
C:\DOCUME~1\mic\LOCALS~1\Temp\jswmidin.sys 
C:\WINDOWS\System32\winlugan.exe


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Lyonnais92 · Answer

Bonsoir,

je préfère :

Driver::
oeredwfw
dump_wmimmc
jswmidin
1Google Online Search

File::
C:\WINDOWS\System32\drivers\oeredwfw.dat
C:\Documents and Settings\mic\Mes documents\My Games\CABAL online\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys
C:\DOCUME~1\mic\LOCALS~1\Temp\jswmidin.sys
C:\WINDOWS\System32\winlugan.exe 

mais je n'ai pas vérifié la légitimité des cas.

ep44 · Answer

re , ;-)

j'ai fait des recherches et apparemment c'est bon (pas légitime)
tu préfère pour les espaces ??
@+


bien sur omtaolys copie/colle  ce que vient de poster lyonnais ;-)

Lyonnais92 · Answer

Re,

tu peux recommencer avec :

Driver::
miypweeo
dump_wmimmc
jswmidin
1Google Online Search Service

File::
C:\WINDOWS\System32\drivers\oeredwfw.dat
C:\Documents and Settings\mic\Mes documents\My Games\CABAL online\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys
C:\Documents and Settings\mic\Local Settings\Temp\jswmidin.sys
C:\WINDOWS\System32\winlugan.exe


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt

Ferme toutes les applications et les fenêtres, y compris ton navigateur.
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

omtaolys · Answer

Re, c'est donc reparti ^^ (ce winlugan est increvable..) ComboFix 08-03-14.4 - mic 2008-03-15 11:06:45.9 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.189 [GMT 1:00] Endroit: C:\Documents and Settings\mic\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\mic\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C:\Documents and Settings\mic\Local Settings\Temp\jswmidin.sys C:\Documents and Settings\mic\Mes documents\My Games\CABAL online\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys C:\WINDOWS\System32\drivers\oeredwfw.dat C:\WINDOWS\System32\winlugan.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))))))) . 2008-03-10 22:06 . 2008-03-10 22:06 d-------- C:\Rapport 2008-03-10 21:19 . 2008-03-10 21:19 d-------- C:\Program Files\Navilog1 2008-03-10 19:37 . 2008-03-10 19:37 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2008-03-09 23:31 . 2008-03-09 23:31 d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2008-03-09 22:54 . 2008-03-09 22:54 d---s---- C:\Documents and Settings\Administrateur\UserData 2008-03-09 17:35 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr 2008-03-09 17:35 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys 2008-03-09 17:35 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys 2008-03-09 17:35 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys 2008-03-09 17:35 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys 2008-03-09 17:35 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys 2008-03-09 17:34 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe 2008-03-09 17:34 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx 2008-03-09 11:36 . 2008-03-09 11:36 d--hs---- C:\FOUND.000 2008-03-09 10:39 . 2008-03-09 10:39 d-------- C:\WINDOWS\BDOSCAN8 2008-03-08 23:52 . 2008-03-08 23:52 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft 2008-03-08 17:18 . 2008-03-10 21:08 3,270 --a------ C:\WINDOWS\SYSTEM32 mp.reg 2008-03-08 17:14 . 2008-03-08 17:14 d-------- C:\Program Files\Antispy 2008-03-08 16:14 . 2004-01-08 18:22 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-03-08 16:14 . 2004-01-08 18:22 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-03-08 16:14 . 2004-01-08 18:22 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-03-08 16:14 . 2004-01-08 18:22 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-03-08 16:14 . 2004-01-08 18:22 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-03-08 16:14 . 2004-01-08 18:22 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-03-08 16:14 . 2004-01-08 18:22 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-03-08 15:29 . 2008-03-08 15:30 d-------- C:\WINDOWS eport 2008-03-08 15:29 . 2008-03-08 15:29 d-------- C:\WINDOWS\AU_Backup 2008-03-08 15:29 . 2008-03-08 15:29 35,479,541 --a------ C:\WINDOWS\LPT$VPN.145 2008-03-08 15:29 . 2008-03-08 15:29 1,926,288 --a------ C:\WINDOWS sc.ptn 2008-03-08 15:29 . 2008-03-08 15:29 1,163,344 --a------ C:\WINDOWS\vsapi32.dll 2008-03-08 15:29 . 2008-03-08 15:29 267,845 --a------ C:\WINDOWS sc.exe 2008-03-08 15:29 . 2008-03-08 15:29 86,094 --a------ C:\WINDOWS\BPMNT.dll 2008-03-08 15:29 . 2008-03-08 15:29 71,749 --a------ C:\WINDOWS\hcextoutput.dll 2008-03-08 15:29 . 2008-03-08 15:57 823 --a------ C:\WINDOWS sc.ini 2008-03-08 15:28 . 2008-03-08 15:29 35,479,541 --a------ C:\WINDOWS\VPTNFILE.145 2008-03-08 15:27 . 2008-03-08 15:27 d-------- C:\WINDOWS\AU_Temp 2008-03-08 15:27 . 2008-03-08 15:27 d-------- C:\WINDOWS\AU_Log 2008-03-08 15:27 . 2008-03-08 15:27 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-03-08 15:27 . 2008-03-08 15:27 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-03-08 15:27 . 2008-03-08 15:27 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-03-08 15:27 . 2008-03-08 15:27 170 --a------ C:\WINDOWS\GetServer.ini 2008-03-08 14:55 . 2008-03-08 14:55 d--hs---- C:\FOUND.027 2008-03-08 13:13 . 2008-03-08 13:13 d--hs---- C:\FOUND.026 2008-03-08 13:06 . 2008-03-08 13:06 dr------- C:\Documents and Settings\LocalService\Favoris 2008-03-08 13:06 . 2008-03-08 13:06 29 --a------ C:\WINDOWS\SYSTEM32\upotdreg.tmp 2008-03-08 13:05 . 2008-03-15 11:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-08 13:05 . 2008-03-15 11:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-03 23:53 . 2008-03-03 23:53 131,153 --a------ C:\Documents and Settings\mic\v3pro32s.dll 2008-03-03 23:52 . 2008-03-03 23:53 8,036,352 --a------ C:\Documents and Settings\mic\SFrame.exe 2008-03-03 23:52 . 2008-03-03 23:52 20,480 --a------ C:\Documents and Settings\mic\psapi.dll 2008-03-03 23:50 . 2008-03-03 23:50 d-------- C:\Documents and Settings\mic\Resource 2008-03-03 23:50 . 2008-03-03 23:50 d-------- C:\Documents and Settings\mic\HackShield 2008-03-03 23:50 . 2008-03-03 23:50 2,265,088 --a------ C:\Documents and Settings\mic\EhSvc.dll 2008-03-03 23:50 . 2008-03-03 23:50 178,273 --a------ C:\Documents and Settings\mic\EGRNAP.dll 2008-03-03 23:50 . 2008-03-03 23:50 95,232 --a------ C:\Documents and Settings\mic\EGRNAPX2.dll 2008-03-03 23:49 . 2008-03-03 23:49 573,440 --a------ C:\Documents and Settings\mic\Launcher.exe 2008-03-03 23:47 . 2008-03-03 23:47 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield 2008-03-03 23:20 . 2005-08-11 15:29 73,728 --a------ C:\WINDOWS\SYSTEM32\ISUSPM.cpl 2008-03-03 21:04 . 2008-03-03 21:04 d-------- C:\Program Files\Rappelz fr 2008-03-02 21:11 . 2008-03-02 21:11 d-------- C:\Documents and Settings\Alexandra\Application Data\erreurchasseur 2008-03-02 21:06 . 2008-03-02 21:06 d-------- C:\Program Files\Fichiers communs\ErreurChasseur 2008-03-02 21:06 . 2008-03-02 21:06 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMon 2008-03-02 21:06 . 2008-03-02 21:06 dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\erreurchasseur 2008-03-02 20:52 . 2008-03-02 20:52 260,632 --a------ C:\Documents and Settings\Alexandra\Application Data\setup_fr[1].exe 2008-02-16 11:30 . 2008-03-09 10:35 219 --a------ C:\WINDOWS\gtiplus.ini 2008-02-15 10:39 . 2008-02-15 10:39 d--hs---- C:\FOUND.025 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-07-20 00:19 855,886 ----a-w C:\Program Files\AUG2007_d3dx10_35_x64.cab 2007-07-20 00:19 800,467 ----a-w C:\Program Files\AUG2007_d3dx10_35_x86.cab 2007-07-20 00:19 1,803,760 ----a-w C:\Program Files\AUG2007_d3dx9_35_x64.cab 2007-07-20 00:18 44,684 ----a-w C:\Program Files\dxdllreg_x86.cab 2007-07-20 00:18 201,696 ----a-w C:\Program Files\AUG2007_XACT_x64.cab 2007-07-20 00:18 156,612 ----a-w C:\Program Files\AUG2007_XACT_x86.cab 2007-07-20 00:18 1,711,752 ----a-w C:\Program Files\AUG2007_d3dx9_35_x86.cab 2007-05-13 17:57 12,500,992 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_05_13_15_04_04_full.dmp.zip 2007-04-05 22:02 20,942,920 ----a-w C:\Program Files\SkypeSetup.exe 2006-12-24 15:15 16,421,897 ------w C:\WINDOWS\Internet Logs\vsmon_on_demand_2006_12_22_09_41_31_full.dmp.zip 2006-10-06 18:44 1,953,480 ----a-w C:\Program Files\PPVIEWER.EXE 2006-04-15 08:33 2,216 ----a-w C:\Documents and Settings\mic\Application Data\ViewerApp.dat 2006-04-09 14:30 5,862,994 ----a-w C:\Program Files s2_client_rc2_2032.exe 2004-01-08 15:39 266 --sh--w C:\Program Files\desktop.ini 2004-01-08 15:39 11,208 ---h--w C:\Program Files\folder.htt 2004-09-07 11:57 10,022 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay] @={7D688A77-C613-11D0-999B-00C04FD655E1} [HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}] 2002-08-29 10:45 8393216 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 10:45 13312] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06 196608] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 08:33 8720384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemTray"="SysTray.Exe" [2001-10-02 19:19 3072 C:\WINDOWS\SYSTEM32\systray.exe] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-09-24 12:32 5033984] "nwiz"="nwiz.exe" [2004-07-15 11:42 843776 C:\WINDOWS\SYSTEM32 wiz.exe] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01 155648] "AdslTaskBar"="stmctrl.dll" [2003-06-06 09:32 151552 C:\WINDOWS\SYSTEM32\stmctrl.dll] "Multi-PC"="mpc.exe" [] "NVCLOCK"="nvclock.dll" [2003-04-14 02:59 81920 C:\WINDOWS\SYSTEM32 vclock.dll] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2003-09-24 12:32 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-04 10:59 98304] "LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24 217088] "Camera Detector"="C:\PROGRA~1\pentax\DEVDET~1\DEVDET~1.exe" [2003-06-23 09:48 208896] "AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 01:11 24576] "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 19:01 32768] "WinMed"="winmed.exe" [] "avast!"="C:\PROGRA~1\Antispy\Avast\ashDisp.exe" [2007-12-04 14:00 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45 13312] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 08:33 8720384] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\SYSTEM32 vcpl.dll,NvStartup "nwiz"=nwiz.exe /install "SAIMON"=C:\WINDOWS\SYSTEM32\SaiMon.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\winav.exe"= R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-30 07:08] R3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\System32\DRIVERS\usb8023.sys [2001-10-02 19:19] R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\System32\DRIVERS\V0220Dev.sys [2006-06-29 07:58] R3 V0220Vfx;V0220VFX;C:\WINDOWS\System32\DRIVERS\V0220Vfx.sys [2006-06-08 10:00] R3 VGAUTI;VGAUTI;C:\WINDOWS\System32\DRIVERS\VGAUTI.sys [2003-10-22 10:37] S3 rt2571;Wireless 802.11g USB Adapter Driver;C:\WINDOWS\System32\DRIVERS t2571.sys [2004-05-07 13:47] S3 SaiNtHid;%SAINTHID_NAME%;C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys [2003-04-10 11:42] S3 SaiNtSub;SaiNtSub;C:\WINDOWS\System32\DRIVERS\SaiNtSub.sys [2003-04-10 11:42] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Audio Studio V2.8] C:\WINDOWS\flsmontr.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\IntelliMouse Explorer V2.3] C:\WINDOWS etpefr32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Legacy VGA Drivers V1.0] C:\WINDOWS\certproc32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Microsoft Visual Enhance V2.1] C:\WINDOWS\iuntfs32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BCB50B8D-EC40-A22E-CBD0-F08F3B207000}] C:\WINDOWS\Wanadoo.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-15 11:13:35 Windows 5.1.2600 Service Pack 1 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Antispy\Ad aware2007\aawservice.exe C:\Program Files\Antispy\Avast\aswUpdSv.exe C:\Program Files\Antispy\Avast\ashServ.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32 vsvc32.exe C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe C:\Program Files\Antispy\Avast\ashMaiSv.exe C:\Program Files\Antispy\Avast\ashWebSv.exe C:\WINDOWS\System32 undll32.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Antispy\Avast\setup\avast.setup . ************************************************************************** . Temps d'accomplissement: 2008-03-15 11:16:11 - machine was rebooted [mic] ComboFix-quarantined-files.txt 2008-03-15 10:16:06 ComboFix4.txt 2008-03-10 00:00:36 ComboFix3.txt 2008-03-10 20:28:32 ComboFix2.txt 2008-03-12 21:47:44

ep44 · Answer

Bonjour ou en sont tes soucis ?
tu as déja avg as refait un scan en mode sans echec 
Télécharge:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
= Installer
= Le lancer
= Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
= Dans ANALYSE ( en forme de loupe )
==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
==> Clic : Analyse complète du système
En fin de scan ( qui est assez long)
==> Clic Appliquer toutes les actions <== ceci Très important
==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport

ensuite fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+

ep44 · Answer

Bonsoir 
pour vérif il faudrait poster ton rapport de avg ensuite faire un scan en ligne 
avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
 ensuite refaire un hijack pour vérif 
@+

Lache moi trojan...pls..stp.. allez......Gné.

21 réponses

Votre réponse

Discussions similaires

Newsletters