▶ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:
▶ Allez dans "Démarrer" puis Panneau de configuration.
▶ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
▶ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
▶ Validez par OK et redémarrez .
ensuite
▶ Télécharge
Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ clic droit sur "Ad-R.exe"
en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clic droit sur le raccourci Ad-remover
en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite :
REDEMARRE EN MODE SANS ECHEC , puis :
▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),
mais cette fois-ci :
▶ choisis l'
option 2 = Mode Destruction
laisse travailler l'outil
apres les verifications , un rapport va s'ouvrir.
▶ ferme-le.
un deuxieme rapport va s'ouvrir ,
▶ colle son contenu dans ta reponse apres avoir redemarré en mode normal
Thx to Chiquitine29.....
User : Isabelle (Utilisateurs) # PC-DE-SANDRINE
Update on 07/11/2009 by g3n-h@ckm@n ::::: 10.00
Start at: 18:10:43 | 07/11/2009
Contact : g3n-h@ckm@n sur CCM
AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled
FW : AntiVirus Firewall 7.03[ Enabled ]7.03
C:\ -> Disque fixe local | 111,7 Go (68,12 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 111,43 Go (111,34 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque amovible
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours
C:\Windows\System32\smss.exe 456
C:\Windows\system32\csrss.exe 588
C:\Windows\system32\wininit.exe 636
C:\Windows\system32\csrss.exe 648
C:\Windows\system32\services.exe 700
C:\Windows\system32\winlogon.exe 708
C:\Windows\system32\lsass.exe 736
C:\Windows\system32\lsm.exe 744
C:\Windows\system32\svchost.exe 892
C:\Windows\system32\svchost.exe 952
C:\Windows\System32\svchost.exe 988
C:\Windows\system32\Ati2evxx.exe 1084
C:\Windows\System32\svchost.exe 1104
C:\Windows\System32\svchost.exe 1128
C:\Windows\system32\svchost.exe 1156
C:\Windows\system32\svchost.exe 1236
C:\Windows\system32\SLsvc.exe 1256
C:\Windows\system32\svchost.exe 1348
C:\Windows\system32\Ati2evxx.exe 1488
C:\Windows\system32\svchost.exe 1540
C:\Windows\System32\spoolsv.exe 1760
C:\Windows\system32\svchost.exe 1784
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe 2016
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe 2032
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 380
C:\Program Files\Bonjour\mDNSResponder.exe 280
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 564
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe 1248
C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE 680
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE 792
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe 1484
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1964
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 1664
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 2068
C:\Windows\system32\svchost.exe 2272
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2292
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2320
C:\Windows\system32\svchost.exe 2364
C:\Windows\System32\svchost.exe 2408
C:\Program Files\Winsudate\gibsvc.exe 2424
C:\Windows\system32\SearchIndexer.exe 2484
C:\Windows\system32\WUDFHost.exe 2552
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 2576
C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe 2948
C:\Windows\system32\taskeng.exe 3948
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 1028
C:\Windows\system32\taskeng.exe 3708
C:\Windows\system32\Dwm.exe 3456
C:\Windows\Explorer.EXE 3688
C:\Users\Isabelle\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe 3392
C:\Program Files\Windows Defender\MSASCui.exe 2432
C:\Windows\RtHDVCpl.exe 3332
C:\Acer\Empowering Technology\SysMonitor.exe 3484
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 4128
C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe 4500
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 4572
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe 4824
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 4848
C:\Program Files\Orange\Systray\SystrayApp.exe 4892
C:\Program Files\iTunes\iTunesHelper.exe 4936
C:\Program Files\Orange\Launcher\Launcher.exe 4944
C:\Program Files\EoRezo\EoEngine.exe 4952
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 4968
C:\Program Files\Windows Sidebar\sidebar.exe 5068
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 5112
C:\Windows\ehome\ehtray.exe 5124
C:\Users\Isabelle\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe 5204
C:\Windows\ehome\ehmsas.exe 5216
C:\Program Files\Winsudate\gibusr.exe 5260
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe 5300
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE 5324
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 5928
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe 5960
C:\Users\Isabelle\AppData\Local\Google\Update\1.2.183.13\GoogleCrashHandler.exe 5996
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe 6096
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe 1092
C:\Program Files\iPod\bin\iPodService.exe 4396
C:\Windows\system32\conime.exe 4676
C:\Program Files\Windows Live\Contacts\wlcomm.exe 5544
C:\Windows\system32\SearchProtocolHost.exe 5716
C:\Program Files\Orange\Deskboard\deskboard.exe 4520
C:\Program Files\Orange\connectivity\connectivitymanager.exe 3804
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe 2380
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe 5424
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe 5804
C:\Windows\system32\wbem\wmiprvse.exe 2184
C:\Users\Isabelle\AppData\Local\Google\Chrome\Application\chrome.exe 2684
C:\Program Files\Orange\AntivirusFirewall\Common\FSLAUNCH.EXE 4088
C:\Users\Isabelle\AppData\Local\Google\Chrome\Application\chrome.exe 3224
C:\Users\Isabelle\AppData\Local\Google\Chrome\Application\chrome.exe 2964
C:\Program Files\Mozilla Firefox\firefox.exe 3944
C:\Windows\system32\SearchFilterHost.exe 3696
C:\Users\Isabelle\Downloads\List_Killem.exe 4748
C:\Windows\system32\cmd.exe 2736
C:\Windows\system32\msfeedssync.exe 2236
C:\Windows\system32\wbem\wmiprvse.exe 5688
C:\Users\Isabelle\AppData\Local\Temp\D347.tmp\pv.exe 4452
======================
Cles de demarrage "Run"
======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"Acer Tour Reminder"=""
"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"
"AnumanLive"="C:\\Users\\Isabelle\\AppData\\Roaming\\Anuman Interactive\\AnumanLive\\AnumanLive.exe"
"mmmed"="\"c:\\users\\sandrine\\appdata\\local\\mmmed.exe\" mmmed"
"Google Update"="\"C:\\Users\\Isabelle\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
"SuperCopier2.exe"="C:\\Program Files\\SuperCopier2\\SuperCopier2.exe"
"WinUsr"="C:\\Program Files\\Winsudate\\gibusr.exe"
"utbiemls"="\"c:\\users\\isabelle\\appdata\\local\\utbiemls.exe\" utbiemls"
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=hex(2):25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,\
00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,\
73,00,20,00,44,00,65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,4d,00,53,\
00,41,00,53,00,43,00,75,00,69,00,2e,00,65,00,78,00,65,00,20,00,2d,00,68,00,\
69,00,64,00,65,00,00,00
"RtHDVCpl"="RtHDVCpl.exe"
"Acer Tour"=""
"Acer Empowering Technology Monitor"="C:\\Acer\\Empowering Technology\\SysMonitor.exe"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"WarReg_PopUp"="C:\\Acer\\WR_PopUp\\WarReg_PopUp.exe"
"eRecoveryService"=""
"Acer Tour Reminder"="C:\\Acer\\AcerTour\\Reminder.exe"
"PlayMovie"="\"C:\\Program Files\\Acer Arcade Live\\Acer PlayMovie\\PMVService.exe\""
"Setresolution"="C:\\ACERSW\\config\\1680x1050.cmd"
"Apanel"="C:\\ACERSW\\config\\NewSetApanel.cmd"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"PaperPort PTD"="\"C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe\""
"IndexSearch"="\"C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe\""
"PPort11reminder"="\"C:\\Program Files\\ScanSoft\\PaperPort\\Ereg\\Ereg.exe\" -r \"C:\\ProgramData\\ScanSoft\\PaperPort\\11\\Config\\Ereg\\Ereg.ini"
"BrMfcWnd"="C:\\Program Files\\Brother\\Brmfcmon\\BrMfcWnd.exe /AUTORUN"
"ControlCenter3"="C:\\Program Files\\Brother\\ControlCenter3\\brctrcen.exe /autorun"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"ORAHSSSessionManager"="C:\\Program Files\\Orange\\SessionManager\\SessionManager.exe"
"SystrayORAHSS"="\"C:\\Program Files\\Orange\\Systray\\SystrayApp.exe\""
"F-Secure Manager"="\"C:\\Program Files\\Orange\\AntivirusFirewall\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Orange\\AntivirusFirewall\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"EoEngine"="\"C:\\Program Files\\EoRezo\\EoEngine.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"ItsTV"="\"C:\\Program Files\\ItsLabel\\ItsTV.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MyWebSearch Plugin"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\M3PLUGIN.DLL,UPF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
@=""
=====================
cles additionnelles
=====================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011
===============
===============
===============
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
===============
======
BHO :
======
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
@="Search Helper"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
@="EoBHO"
"NoExplorer"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
"NoExplorer"=dword:00000001
==========================
===============
Path : C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
===============
¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\FunWebProducts
C:\Program Files\Winsudate
C:\Windows\system32\f3PSSavr.scr
C:\Windows\Temp\Setup.exe
C:\Users\Isabelle\LOCAL Settings\Temp\FlashPlayerUpdate.exe
C:\Users\Isabelle\LOCAL Settings\Temp\FlashPlayerUpdate01.exe
C:\Users\Isabelle\LOCAL Settings\Temp\FlashPlayerUpdate02.exe
C:\Users\Isabelle\LOCAL Settings\Temp\GoogleUpdateSetup.exee3a22
C:\Users\Isabelle\LOCAL Settings\Temp\GoogleUpdateSetup.exea2da4
C:\Users\Isabelle\LOCAL Settings\Temp\GoogleUpdateSetup.exe684d8
C:\Users\Isabelle\LOCAL Settings\Temp\installation.exe
C:\Users\Isabelle\LOCAL Settings\Temp\install_flash_player.exe
C:\Users\Isabelle\LOCAL Settings\Temp\symlcsv1.exe
C:\Users\Isabelle\LOCAL Settings\Temp\wlsetup-cvr.exe
¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "Eoengine"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "MyWebSearch Plugin"
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{00A6FAF6-072E-44cf-8957-5838F569A31D}"
"HKLM\software\Fun Web Products"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}"
HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\interface\{cf54be1c-9359-4395-8533-1657cf209cfe}
HKCR\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKCU\SOFTWARE\AppDataLow\software\MyWebSearch
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\fcn
HKCU\SOFTWARE\ItsLabel
HKCU\SOFTWARE\MediaHoldings
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell
HKLM\SOFTWARE\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKLM\SOFTWARE\Classes\AppID\EoRezoBHO.dll
HKLM\Software\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
HKLM\SOFTWARE\Classes\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Classes\EoRezoBHO.EoBho
HKLM\Software\Classes\EoRezoBHO.EoBho.1
HKLM\Software\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Classes\TypeLib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\FocusInteractive
HKLM\SOFTWARE\ItsLabel
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ItsTV_is1
HKLM\SOFTWARE\MyWebSearch
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :
ACER(W~1.SCR-D538570D.pf
ACER.EMPOWERING.FRAMEWORK.SUP-54963495.pf
ACRORD32.EXE-172CF576.pf
ACRORD32INFO.EXE-1C0557AA.pf
ADOBE_UPDATER.EXE-D7992733.pf
AgAppLaunch.db
AgCx_S1_S-1-5-21-1326950795-2578172212-336930531-1000.snp.db
AgCx_S1_S-1-5-21-1326950795-2578172212-336930531-1001.snp.db
AgCx_S2_S-1-5-21-1326950795-2578172212-336930531-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC3_75C6885B.db
AgCx_SC3_B8AA4A2C.db
AgCx_SC3_C58AF798.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-1326950795-2578172212-336930531-1000.db
AgGlUAD_P_S-1-5-21-1326950795-2578172212-336930531-1001.db
AgGlUAD_S-1-5-21-1326950795-2578172212-336930531-1000.db
AgGlUAD_S-1-5-21-1326950795-2578172212-336930531-1001.db
AgRobust.db
ALERTMODULE.EXE-45931BA6.pf
ALERTMODULE.EXE-E4B297A5.pf
ATI2EVXX.EXE-0327F1E7.pf
AUPDATE.EXE-F14A3D51.pf
BROWSER.EXE-E6C3663E.pf
CHROME.EXE-264D45C1.pf
CHROME.EXE-81F0CF88.pf
CHROME_UPDATER.EXE-4B38FD68.pf
CONIME.EXE-9781FD5F.pf
CONNECTIVITYMANAGER.EXE-059BDCB3.pf
CONSENT.EXE-531BD9EA.pf
CONTROL.EXE-817F8F1D.pf
CORECOM.EXE-03624B9D.pf
CSRSS.EXE-3FE41F7E.pf
D6C53D2A212F4CCE93B7DF224DEA9-AD434735.pf
D6C53D2A212F4CCE93B7DF224DEA9-D1342AF8.pf
DEENEROSVR_1,0,1,1.EXE-DCDA63E7.pf
DESKBOARD.EXE-3A3A6BCC.pf
DLLHOST.EXE-39389E61.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-74857ABA.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-7ED62AA2.pf
DRVINST.EXE-4CB4314A.pf
DWM.EXE-6FFD3DA8.pf
EHMSAS.EXE-2D3B2F21.pf
EMULE.EXE-188E10F6.pf
EXPAND.EXE-05AD1090.pf
EXPLORER.EXE-A80E4F97.pf
FIREFOX.EXE-A606B53C.pf
FLASHUTIL10A.EXE-F38539B4.pf
FSAVAUI.EXE-2E2C8F1A.pf
FSDC.EXE-B58390D6.pf
FSGUIDLL.EXE-AC5E9C69.pf
FSWSCS.EXE-FAE0E1B3.pf
FTCOMMODULE.EXE-6C1F994F.pf
FTCOMMODULE.EXE-CD001D50.pf
GIBSVC.EXE-DA981238.pf
GIBUPT.EXE-C499EC09.pf
GIBUSR.EXE-CE45CAB6.pf
GOOGLECRASHHANDLER.EXE-8EC2051C.pf
GOOGLEUPDATE.EXE-907A8463.pf
GOOGLEUPDATE.EXE-A85C284C.pf
HELPER.EXE-8AEDE3E3.pf
HELPPANE.EXE-FEDC965B.pf
IE4UINIT.EXE-3A7E0C67.pf
IELOWUTIL.EXE-3885C25E.pf
IEXPLORE.EXE-908C99F8.pf
IPODSERVICE.EXE-37C43D64.pf
ITSTV.EXE-2DCE4D0B.pf
ITSTV.EXE-BAB17C35.pf
JNYNYDE.EXE-F36AAEC1.pf
LAUNCHER.EXE-8619A74A.pf
Layout.ini
LICMGR.EXE-4ED327FB.pf
LOGONUI.EXE-09140401.pf
LUCOMSERVER_3_2.EXE-C5DF32C7.pf
LUCOMS~1.EXE-F2E330F7.pf
MFPMP.EXE-26F35380.pf
MOBSYNC.EXE-C5E2284F.pf
MPAS-D.EXE-40FE95BA.pf
MPSIGSTUB.EXE-713EB43E.pf
MPSIGSTUB.EXE-87F65CDE.pf
MPSIGSTUB.EXE-ADF2A96A.pf
MSASCUI.EXE-07E0123F.pf
MSFEEDSSYNC.EXE-6E6FBDF4.pf
MSIEXEC.EXE-A2D55CB6.pf
MSNMSGR.EXE-9974F251.pf
MSOXMLED.EXE-E2ECD823.pf
MSWORKS.EXE-494EE618.pf
NTOSBOOT-B00DFAAD.pf
NTVDM.EXE-F6564EE5.pf
ORACONFIGRECOVER.EXE-F6B40C33.pf
PfSvPerfStats.bin
POWERPNT.EXE-1404AEAA.pf
PPTD40NT.EXE-CCFF16D6.pf
PREREQTOOL.EXE-B2D8FD61.pf
ReadyBoot
REGSVR32.EXE-8461DBEE.pf
RUNDLL32.EXE-1304AE86.pf
RUNDLL32.EXE-2618D1ED.pf
RUNDLL32.EXE-9CC17D45.pf
RUNDLL32.EXE-C211633D.pf
RUNDLL32.EXE-C24EDA47.pf
RUNDLL32.EXE-F39CF8DA.pf
RUNONCE.EXE-D0649312.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SETUP.EXE-399E70F3.pf
SETUP_WM.EXE-674F654A.pf
SMSS.EXE-E9C28FC6.pf
SNDVOL.EXE-5D4CC7D6.pf
SOFTWAREUPDATE.EXE-631B74E4.pf
SOFTWAREUPDATE.EXE-FA8765B6.pf
SOFTWAREUPDATEHP.EXE-2C56DE0E.pf
SPCLITE.EXE-C09E1E16.pf
SVCHOST.EXE-7CFEDEA3.pf
SYNERTEL (1).EXE-A021F62F.pf
SYNERTEL.EXE-3F319CED.pf
SYSTRAYAPP.EXE-D050C861.pf
TASKENG.EXE-48D4E289.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UNREGMP2.EXE-2294B148.pf
USERINIT.EXE-2257A3E7.pf
UTBAAN.EXE-51320DC3.pf
VERCLSID.EXE-7C52E31C.pf
VSSVC.EXE-B8AFC319.pf
WERFAULT.EXE-E69F695A.pf
WERMGR.EXE-0F2AC88C.pf
WEVTUTIL.EXE-EF5861C4.pf
WINLOGON.EXE-B020DC41.pf
WINMAIL.EXE-1092D371.pf
WKCALREM.EXE-28FF8702.pf
WKDSTORE.EXE-AC552969.pf
WKGDCACH.EXE-DC9F14AE.pf
WKSCAL.EXE-CB244E0D.pf
WKSWP.EXE-DFBEB44E.pf
WLCOMM.EXE-272FF9F7.pf
WLTUSER.EXE-697D492E.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIPRVSE.EXE-1628051C.pf
WMPENC.EXE-1BAD0100.pf
WMPLAYER.EXE-196C37BC.pf
WMPLAYER.EXE-BAD6BD53.pf
WMPNETWK.EXE-D9F2A96F.pf
WMPNSCFG.EXE-FC0D39BF.pf
WUAUCLT.EXE-70318591.pf
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤