fenetres de pub temps ??

Question

bonjour 
j'ai  des pub tout le temps des que je navigue sur le net
pub pour antispyware ,mozzilla,navi shearch,et meme des fois pub pour sites pornographique
pouvez vous m'aider
salutations
Logfile of HijackThis v1.99.1
Scan saved at 18:06:51, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCOIS\LOCALS~1\Temp\Rar$EX00.079\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32\kxmqhynis.exe kxmqhynis
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

Regis59 · Answer

Salut

Télécharge Blacklight (de F-Secure) a l’une des 2 adresses : 
https://www.f-secure.com/en 
https://www.f-secure.com/en 

et sauvegarde le sur ton Bureau. 

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres). 

Copie et colle le contenu de ce rapport dans ta prochaine réponse 

a+

zzorglub · Answer

bonjour
j'ai fait ce que tu ma dit , voici le rapport de f-secure blacklight


11/11/06 09:10:02 [Info]: BlackLight Engine 1.0.47 initialized
11/11/06 09:10:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/11/06 09:10:02 [Note]: 7019 4
11/11/06 09:10:02 [Note]: 7005 0
11/11/06 09:10:09 [Note]: 7006 0
11/11/06 09:10:09 [Note]: 7011 3864
11/11/06 09:10:09 [Note]: 7026 0
11/11/06 09:10:09 [Note]: 7026 0
11/11/06 09:10:09 [Note]: 7015 232
11/11/06 09:10:09 [Note]: 7015 5
11/11/06 09:10:09 [Note]: 7015 2792
11/11/06 09:10:09 [Note]: 7015 5
11/11/06 09:10:09 [Note]: 7024 3
11/11/06 09:10:09 [Info]: Hidden process: C:\windows\system32\vmtjurokw.exe
11/11/06 09:10:09 [Note]: FSRAW library version 1.7.1020
11/11/06 09:19:47 [Info]: Hidden file: c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
11/11/06 09:19:47 [Note]: 10002 1
11/11/06 09:20:16 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw.dat
11/11/06 09:20:16 [Note]: 10002 1
11/11/06 09:20:17 [Info]: Hidden file: C:\windows\system32\vmtjurokw.exe
11/11/06 09:20:18 [Note]: 10002 1
11/11/06 09:20:18 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw_nav.dat
11/11/06 09:20:18 [Note]: 10002 1
11/11/06 09:20:19 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw_navps.dat
11/11/06 09:20:19 [Note]: 10002 1

salutations et à+

Regis59 · Answer

Salut ; 

Télécharge Brute Force Uninstaller (de Merijn) ici: 
http://www.merijn.org/files/bfu.zip 
Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. 
Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU) 

Ensuite, télécharge EGDACCESS.bfu (de Metallica) :

Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu  et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).
 
Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers". 
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU) 
- Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu 
- Coches la case Show log after script ends 
- Clique sur Execute pour que le fix fasse son boulot :-) 

Attends que le message Complete script execution apparaîsse et clique sur OK. 
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum. 
Clique Exit pour fermer le programme BFU. 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence. 
Clique sur Scan pour lancer l'analyse. 
Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME" 
Puis valide. 
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc. 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Après le reboot du pc, les fichiers : 

c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf 
c:\WINDOWS\system32\vmtjurokw.dat 
C:\windows\system32\vmtjurokw.exe 
c:\WINDOWS\system32\vmtjurokw_nav.dat 
c:\WINDOWS\system32\vmtjurokw_navps.dat 


devraient être visible et pouvoir être supprimés sans aucuns soucis. 
Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même: 
Va dans C:\windows\system32\ et recherches et effaces: 

vmtjurokw.dat.ren
vmtjurokw.exe.ren
vmtjurokw_nav.dat.ren
vmtjurokw_navps.dat.ren

Une fois fait, reposte un rapport hijackthis + le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight. 
Juste pour info, tu as eu installé le logiciel mailskinner ? (emoticone pour la messagerie) 
Tu peux verifier s il est dans ajout/suppression de programme? 

bon nettoyage et bon courage ;-)

Séb08 · Answer

slt ,

Pour avancer remet un rapport Blacklight pour vérif que tu as bien fait la manip cité et remet un log Hijack STP

a+

zzorglub · Answer

coucou 
je ne trouve pas les fichiers
vmtjurokw.dat.ren 
vmtjurokw.exe.ren 
vmtjurokw_nav.dat.ren 
vmtjurokw_navps.dat.ren 
voici un rapport blacklight
11/11/06 18:01:21 [Info]: BlackLight Engine 1.0.47 initialized
11/11/06 18:01:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/11/06 18:01:21 [Note]: 7019 4
11/11/06 18:01:21 [Note]: 7005 0
11/11/06 18:01:24 [Note]: 7006 0
11/11/06 18:01:24 [Note]: 7011 3284
11/11/06 18:01:24 [Note]: 7026 0
11/11/06 18:01:24 [Note]: 7026 0
11/11/06 18:01:24 [Note]: 7024 3
11/11/06 18:01:24 [Info]: Hidden process: C:\windows\system32\kxmqhynis.exe
11/11/06 18:01:24 [Note]: 7015 1316
11/11/06 18:01:24 [Note]: 7015 5
11/11/06 18:01:24 [Note]: 7015 1844
11/11/06 18:01:24 [Note]: 7015 5
11/11/06 18:01:24 [Note]: FSRAW library version 1.7.1020
11/11/06 18:05:17 [Note]: 4013 72943
11/11/06 18:05:17 [Note]: 4020 94076 2686976
11/11/06 18:05:17 [Note]: 4018 94076 2686976
11/11/06 18:05:17 [Note]: 4013 72943
11/11/06 18:05:17 [Note]: 4020 94076 2686976
11/11/06 18:05:17 [Note]: 4018 94076 2686976
11/11/06 18:05:23 [Note]: 4013 72889
11/11/06 18:05:23 [Note]: 4020 94074 2621440
11/11/06 18:05:23 [Note]: 4018 94074 2621440
11/11/06 18:05:23 [Note]: 4013 72889
11/11/06 18:05:23 [Note]: 4020 94074 2621440
11/11/06 18:05:23 [Note]: 4018 94074 2621440
11/11/06 18:10:39 [Info]: Hidden file: c:\WINDOWS\Prefetch\KXMQHYNIS.EXE-134092B0.pf
11/11/06 18:10:39 [Note]: 10002 1
11/11/06 18:10:47 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis.dat
11/11/06 18:10:47 [Note]: 10002 1
11/11/06 18:10:48 [Info]: Hidden file: C:\windows\system32\kxmqhynis.exe
11/11/06 18:10:48 [Note]: 10002 1
11/11/06 18:10:48 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis_nav.dat
11/11/06 18:10:48 [Note]: 10002 1
11/11/06 18:10:48 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis_navps.dat
11/11/06 18:10:48 [Note]: 10002 1
11/11/06 18:14:27 [Note]: 7007 0


et voila le hijack
Logfile of HijackThis v1.99.1
Scan saved at 18:33:19, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCOIS\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32\kxmqhynis.exe kxmqhynis
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe


voicile rapport BFU
# For use with Merijn's Brute Force Uninstaller
# available from http://merijn.org/
#
# Script Name: EGDACCESS.BFU
# This script combines the old EGDACCESS.bfu and P2EClient.BFU
# Author: Pieter Arntz
#
# Thanks to ~Mark and Moe31 for their contributions


ProcessKill \mailskinner.exe|1
ProcessKill %WINDIR%\iedisco.exe|1
ProcessKill \GoAstro.exe|1
ProcessKill \MessengerSkinner.exe|1
ProcessKill \system32mwsrvacc.exe|1

ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml


RegDeleteKey HKCR\egdhtml.egdialhtml
RegDeleteKey HKCR\egdhtml.egdialhtml.1
RegDeleteKey HKCR\egdialobject.egdial
RegDeleteKey HKCR\EGDialObject.EGDial.1
RegDeleteKey HKCR\eghtmldialer.htmldialer
RegDeleteKey HKCR\eghtmldialer.htmldialer.1
RegDeleteKey HKCR\ieaccess2.iedial
RegDeleteKey HKCR\ieaccess2.iedial.1
RegDeleteKey HKCR\P2ECOM.EGP2ECOM
RegDeleteKey HKCR\P2ECOM.EGP2ECOM.1
RegDeleteKey HKCR\EGAUTH.EGEGAUTH
RegDeleteKey HKCR\EGAUTH.EGEGAUTH.1
RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc
RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc.1
RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2 
RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2.1
RegDeleteKey HKCR\EGCOMLIB.EGComLibrary
RegDeleteKey HKCR\EGCOMLIB.EGComLibrary.1
RegDeleteKey HKCR\Webcam2.VideoProducer
RegDeleteKey HKCR\Webcam2.VideoProducer.1

RegDeleteKey HKCR\CLSID\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
RegDeleteKey HKCR\CLSID\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
RegDeleteKey HKCR\CLSID\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
RegDeleteKey HKCR\CLSID\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
RegDeleteKey HKCR\CLSID\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
RegDeleteKey HKCR\CLSID\{0878F049-D33E-45E0-A157-C36A6683CF25}
RegDeleteKey HKCR\CLSID\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
RegDeleteKey HKCR\CLSID\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
RegDeleteKey HKCR\CLSID\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
RegDeleteKey HKCR\CLSID\{0E79192A-C52C-4260-920F-639AC2296203}
RegDeleteKey HKCR\CLSID\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
RegDeleteKey HKCR\CLSID\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
RegDeleteKey HKCR\CLSID\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
RegDeleteKey HKCR\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
RegDeleteKey HKCR\CLSID\{1CD49DC9-FD88-41FA-B892-47E037267D45}
RegDeleteKey HKCR\CLSID\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
RegDeleteKey HKCR\CLSID\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
RegDeleteKey HKCR\CLSID\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
RegDeleteKey HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}
RegDeleteKey HKCR\CLSID\{2A3DFC59-8A87-49A1-85D1-42903410911F}
RegDeleteKey HKCR\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}
RegDeleteKey HKCR\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
RegDeleteKey HKCR\CLSID\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
RegDeleteKey HKCR\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
RegDeleteKey HKCR\CLSID\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
RegDeleteKey HKCR\CLSID\{3616F4B5-F6AD-4E67-966A-C218673648A0}
RegDeleteKey HKCR\CLSID\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
RegDeleteKey HKCR\CLSID\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}
RegDeleteKey HKCR\CLSID\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}
RegDeleteKey HKCR\CLSID\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
RegDeleteKey HKCR\CLSID\{469C7080-8EC8-43A6-AD97-45848113743C}
RegDeleteKey HKCR\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
RegDeleteKey HKCR\CLSID\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
RegDeleteKey HKCR\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
RegDeleteKey HKCR\CLSID\{54579C3D-A58D-4623-B5B5-465552BDA45B}
RegDeleteKey HKCR\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
RegDeleteKey HKCR\CLSID\{5FD9726A-4977-449D-8352-25FDD8A510B5}
RegDeleteKey HKCR\CLSID\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
RegDeleteKey HKCR\CLSID\{624321F1-0581-49D8-99BD-2E952C2DF31B}
RegDeleteKey HKCR\CLSID\{6AA85413-165C-4200-8154-71166077B22E}
RegDeleteKey HKCR\CLSID\{6AA93DF6-6757-4338-9087-F7601DE18402}
RegDeleteKey HKCR\CLSID\{71CBDCD9-0830-4470-A890-35D364DA352C}
RegDeleteKey HKCR\CLSID\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
RegDeleteKey HKCR\CLSID\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
RegDeleteKey HKCR\CLSID\{77EF6DBF-3929-4081-AF2E-178D387E211C}
RegDeleteKey HKCR\CLSID\{78F584DF-BBF5-4296-839C-31DE60914DBC}
RegDeleteKey HKCR\CLSID\{82FC4503-8459-4239-9B85-0617BEAA950A}
RegDeleteKey HKCR\CLSID\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
RegDeleteKey HKCR\CLSID\{87C1805D-C5AE-4455-AB39-E245BB516136}
RegDeleteKey HKCR\CLSID\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
RegDeleteKey HKCR\CLSID\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
RegDeleteKey HKCR\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
RegDeleteKey HKCR\CLSID\{95460ABD-946A-46FF-9F56-268718323EEE}
RegDeleteKey HKCR\CLSID\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}
RegDeleteKey HKCR\CLSID\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
RegDeleteKey HKCR\CLSID\{A02780C3-7F77-4E28-855B-28890F3CF37A}
RegDeleteKey HKCR\CLSID\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
RegDeleteKey HKCR\CLSID\{AF7410C1-FBA3-415E-800A-4110CED40536}
RegDeleteKey HKCR\CLSID\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
RegDeleteKey HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
RegDeleteKey HKCR\CLSID\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
RegDeleteKey HKCR\CLSID\{B843DA96-2B2D-447E-90AB-B92929AA11AF}
RegDeleteKey HKCR\CLSID\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
RegDeleteKey HKCR\CLSID\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
RegDeleteKey HKCR\CLSID\{BD3653E4-884B-43C4-970B-670802501B7F}
RegDeleteKey HKCR\CLSID\{BE5A7132-329F-4319-B781-2A83BFE51534}
RegDeleteKey HKCR\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
RegDeleteKey HKCR\CLSID\{C2481ED1-9896-4D49-AE90-69858DFDE446}
RegDeleteKey HKCR\CLSID\{C6760A07-A574-4705-B113-7856315922C3}
RegDeleteKey HKCR\CLSID\{C80B7FF6-CE60-4079-935E-520C045C30A6}
RegDeleteKey HKCR\CLSID\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
RegDeleteKey HKCR\CLSID\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
RegDeleteKey HKCR\CLSID\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
RegDeleteKey HKCR\CLSID\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
RegDeleteKey HKCR\CLSID\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
RegDeleteKey HKCR\CLSID\{D24A1963-9951-4153-A340-6648759EB77D}
RegDeleteKey HKCR\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
RegDeleteKey HKCR\CLSID\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
RegDeleteKey HKCR\CLSID\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
RegDeleteKey HKCR\CLSID\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
RegDeleteKey HKCR\CLSID\{E1D20694-74D9-472D-AF03-08C26173A67F}
RegDeleteKey HKCR\CLSID\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
RegDeleteKey HKCR\CLSID\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
RegDeleteKey HKCR\CLSID\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
RegDeleteKey HKCR\CLSID\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
RegDeleteKey HKCR\CLSID\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
RegDeleteKey HKCR\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
RegDeleteKey HKCR\CLSID\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
RegDeleteKey HKCR\CLSID\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
RegDeleteKey HKCR\CLSID\{F4653484-F38C-455F-BB15-1175E527754E}
RegDeleteKey HKCR\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
RegDeleteKey HKCR\CLSID\{FA1D6D8F-C6ED-4752-8512-A33283240130}
RegDeleteKey HKCR\CLSID\{FA605711-8E72-46B2-AE49-BED11B2E729D}
RegDeleteKey HKCR\CLSID\{FA83E942-B796-46DE-9155-1632ECC5473B}
RegDeleteKey HKCR\CLSID\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
RegDeleteKey HKCR\CLSID\{FF521631-31DA-48AC-B4E9-390A7694C906}

RegDeleteKey HKCR\TypeLib\{06EC63CC-4823-4836-ABB8-AB5F3971FA5C}
RegDeleteKey HKCR\TypeLib\{0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C}
RegDeleteKey HKCR\TypeLib\{1F445F82-42C0-46F3-9A2E-6ADB79046D41}
RegDeleteKey HKCR\TypeLib\{7699AEF9-F83A-44FA-B374-AA02CEDF247D}
RegDeleteKey HKCR\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
RegDeleteKey HKCR\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}
RegDeleteKey HKCR\TypeLib\{E8C88115-4951-425B-8C45-4DFC5A5540EE}
RegDeleteKey HKCR\TypeLib\{F3A257E6-FA04-4B30-A1B6-6B89EB814544}

RegDeleteKey HKCR\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}
RegDeleteKey HKCR\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
RegDeleteKey HKCR\Interface\{3947AC1D-DB09-4353-BBCC-55B97F5035EF}
RegDeleteKey HKCR\Interface\{62BFAEC2-82A5-4117-A98B-FEA89413D924}
RegDeleteKey HKCR\Interface\{7B1B5E44-8E90-4EE2-9049-CC0C5D8A918F}
RegDeleteKey HKCR\Interface\{81C2F7F3-F930-455E-9AA5-0876D387C787}
RegDeleteKey HKCR\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
RegDeleteKey HKCR\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED}
RegDeleteKey HKCR\Interface\{A58F3D09-4543-4396-8BE7-105F14DD6ED5}
RegDeleteKey HKCR\Interface\{A7B323DA-0D0C-4298-8DE0-4F2AC4773284}
RegDeleteKey HKCR\Interface\{C13FA88A-D264-4BC8-92ED-52EB8181E209}
RegDeleteKey HKCR\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}

RegDeleteKey HKCU\Software\livesvc
RegDeleteKey HKCU\Software\EGDHTML
RegDeleteKey HKCU\Software\egroup
RegDeleteKey HKCU\Software\P2EClient
RegDeleteKey HKCU\software\egdhtml
RegDeleteKey HKCU\Software\epk_extr
RegDeleteKey HKCU\software\mc
RegDeleteKey HKUS\software\egdhtml
RegDeleteKey HKLM\SOFTWARE\InternetGameBox
RegDeleteKey HKLM\SOFTWARE\GoRecord
RegDeleteKey HKLM\SOFTWARE\GoAstro
RegDeleteKey HKLM\SOFTWARE\SudoPlanet
RegDeleteKey HKLM\SOFTWARE\WebMediaPlayer
RegDeleteKey HKLM\SOFTWARE\MessengerSkinner

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878F049-D33E-45E0-A157-C36A6683CF25}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E79192A-C52C-4260-920F-639AC2296203}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD49DC9-FD88-41FA-B892-47E037267D45}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26D73573-F1B3-48C9-A989-E6CE071957A1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2A3DFC59-8A87-49A1-85D1-42903410911F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3616F4B5-F6AD-4E67-966A-C218673648A0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54579C3D-A58D-4623-B5B5-465552BDA45B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5FD9726A-4977-449D-8352-25FDD8A510B5}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{624321F1-0581-49D8-99BD-2E952C2DF31B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA85413-165C-4200-8154-71166077B22E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA93DF6-6757-4338-9087-F7601DE18402}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71CBDCD9-0830-4470-A890-35D364DA352C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77EF6DBF-3929-4081-AF2E-178D387E211C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78F584DF-BBF5-4296-839C-31DE60914DBC}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{82FC4503-8459-4239-9B85-0617BEAA950A}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87C1805D-C5AE-4455-AB39-E245BB516136}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95460ABD-946A-46FF-9F56-268718323EEE}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AF7410C1-FBA3-415E-800A-4110CED40536}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD3653E4-884B-43C4-970B-670802501B7F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE5A7132-329F-4319-B781-2A83BFE51534}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2481ED1-9896-4D49-AE90-69858DFDE446}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C6760A07-A574-4705-B113-7856315922C3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C80B7FF6-CE60-4079-935E-520C045C30A6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E1D20694-74D9-472D-AF03-08C26173A67F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F4653484-F38C-455F-BB15-1175E527754E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA1D6D8F-C6ED-4752-8512-A33283240130}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA605711-8E72-46B2-AE49-BED11B2E729D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA83E942-B796-46DE-9155-1632ECC5473B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF521631-31DA-48AC-B4E9-390A7694C906}

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01BE5BD7-B2DD-48B3-A759-59265A91E787}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0878F049-D33E-45E0-A157-C36A6683CF25}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E79192A-C52C-4260-920F-639AC2296203}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14325268-79E0-4D2A-89A4-FFFC6E22741E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD49DC9-FD88-41FA-B892-47E037267D45}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1EB17D1C-141D-4D9D-91CB-24D99215851D}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26D73573-F1B3-48C9-A989-E6CE071957A1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A3DFC59-8A87-49A1-85D1-42903410911F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ABE804B-4D3A-41BF-A172-304627874B45}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F668A6D-2EC7-4E3A-A485-819E210738D6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3616F4B5-F6AD-4E67-966A-C218673648A0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{469C7080-8EC8-43A6-AD97-45848113743C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{486E48B5-ABF2-42BB-A327-2679DF3FB822}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{505098FD-5D61-4BC2-9B82-F969D0E932A2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54579C3D-A58D-4623-B5B5-465552BDA45B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5FD9726A-4977-449D-8352-25FDD8A510B5}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{624321F1-0581-49D8-99BD-2E952C2DF31B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA85413-165C-4200-8154-71166077B22E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA93DF6-6757-4338-9087-F7601DE18402}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71CBDCD9-0830-4470-A890-35D364DA352C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7504F0D5-644A-4103-9D02-95488B6CB9A1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77EF6DBF-3929-4081-AF2E-178D387E211C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F584DF-BBF5-4296-839C-31DE60914DBC}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{82FC4503-8459-4239-9B85-0617BEAA950A}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87C1805D-C5AE-4455-AB39-E245BB516136}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95460ABD-946A-46FF-9F56-268718323EEE}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A02780C3-7F77-4E28-855B-28890F3CF37A}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7410C1-FBA3-415E-800A-4110CED40536}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD3653E4-884B-43C4-970B-670802501B7F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE5A7132-329F-4319-B781-2A83BFE51534}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2481ED1-9896-4D49-AE90-69858DFDE446}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6760A07-A574-4705-B113-7856315922C3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C80B7FF6-CE60-4079-935E-520C045C30A6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CB5D474E-A510-40A4-B5A4-838933BCBA64}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E1D20694-74D9-472D-AF03-08C26173A67F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3943A24-2F83-4505-9AE5-F705E81B50CB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4653484-F38C-455F-BB15-1175E527754E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F72BC3F0-6C20-4793-9DDA-258589D8A907}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1D6D8F-C6ED-4752-8512-A33283240130}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA605711-8E72-46B2-AE49-BED11B2E729D}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA83E942-B796-46DE-9155-1632ECC5473B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF521631-31DA-48AC-B4E9-390A7694C906}|Compatibility Flags|1024

RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cpntmgc
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MailSkinner
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MC
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|go-astro
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|messengerskinner
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupd
RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialDllName32|wininet.dll
RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialFcnName32|InternetAutodialCallback
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailSkinner
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoRecord
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoAstro
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SudoPlanet
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebMediaPlayer
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MessengerSkinner

RegDeleteKey HKCR\AxInst.IgbInstall
RegDeleteKey HKCR\AxInst.IgbInstall.1
RegDeleteKey HKCR\CLSID\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
RegDeleteKey HKCR\AppID\AppID\AxInst.EXE
RegDeleteKey HKCR\AppID\{7AA54C6E-DBF0-4A63-AFE0-6582094C46DE}
RegDeleteKey HKCR\Interface\{66C13795-9AA0-4244-B1A8-37F9E99FB079}
RegDeleteKey HKCR\Interface\{9E03C295-4FDF-4828-A99C-85EB0D848DC0}
RegDeleteKey HKCR\TypeLib\{C9F88FA1-51F1-43C8-A0FC-EAC4537D8392}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E68718BB-5451-4F6F-B8B8-41B4AB672747}|Compatibility Flags|1024
RegDelValue HKCU\software\microsoft\windows\currentversion\wintrust	rust providers\software publishing	rust database\0|ELECTRONIC GROUP
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoAstro.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SudoPlanet.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoRecord.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MessengerSkinner.exe

DllUnregister %SYSDIR%\MSWBM32.DLL|1
DllUnregister %PROGRAMFILES%\MailSkinner\OESkinner.dll|1

ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

FileDelete %SYSTEMDRIVE%\dfuck.ico
FileDelete %SYSTEMDRIVE%\Video Party.ico

FileDelete %ALLUSERSDESKTOP%\Instant Access.lnk
FileDelete %ALLUSERSDESKTOP%\NoCreditCard.lnk
FileDelete %ALLUSERSDESKTOP%\Join The Orgy.lnk
FileDelete %ALLUSERSDESKTOP%\GoRecord.lnk
FileDelete %ALLUSERSDESKTOP%\GoAstro.lnk
FileDelete %ALLUSERSDESKTOP%\InternetGameBox.lnk
FileDelete %ALLUSERSDESKTOP%\SudoPlanet.lnk
FileDelete %ALLUSERSDESKTOP%\WebMediaPlayer.lnk

FileDelete %DESKTOP%\Instant Access.lnk
FileDelete %DESKTOP%\NoCreditCard.lnk
FileDelete %DESKTOP%\Join The Orgy.lnk
FileDelete %DESKTOP%\GoRecord.lnk
FileDelete %DESKTOP%\GoAstro.lnk
FileDelete %DESKTOP%\InternetGameBox.lnk
FileDelete %DESKTOP%\SudoPlanet.lnk
FileDelete %DESKTOP%\WebMediaPlayer.lnk

FileDelete %PROGRAMS%\GoRecord 2
FileDelete %PROGRAMS%\GoAstro
FileDelete %PROGRAMS%\InternetGameBox
FileDelete %PROGRAMS%\SudoPlanet
FileDelete %PROGRAMS%\WebMediaPlayer
FileDelete %PROGRAMS%\MessengerSkinner

FileDelete %ALLUSERSSTARTMENU%\Instant access
FileDelete %ALLUSERSSTARTMENU%\NoCreditCard
FileDelete %ALLUSERSSTARTMENU%\Join The Orgy
FileDelete %ALLUSERSSTARTMENU%\GoRecord 2
FileDelete %ALLUSERSSTARTMENU%\GoAstro
FileDelete %ALLUSERSSTARTMENU%\InternetGameBox
FileDelete %ALLUSERSSTARTMENU%\SudoPlanet
FileDelete %ALLUSERSSTARTMENU%\WebMediaPlayer

FileDelete %WINDIR%\Downloaded Program Files\dhtmlaccess.inf
FileDelete %WINDIR%\Downloaded Program Files\dtc32.inf
FileDelete %WINDIR%\Downloaded Program Files\EGAUTH.inf
FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS.inf
FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS_ASPIV4.inf
FileDelete %WINDIR%\Downloaded Program Files\EGCOMSERVICE_pack.inf 
FileDelete %WINDIR%\Downloaded Program Files\egdhtml.inf
FileDelete %WINDIR%\Downloaded Program Files\egdial.dll
FileDelete %WINDIR%\Downloaded Program Files\egdhtml_****.dll
FileDelete %WINDIR%\Downloaded Program Files\egdhtml_pack.inf
FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.inf
FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.dll
FileDelete %WINDIR%\Downloaded Program Files\eglivecam_****.dll
FileDelete %WINDIR%\Downloaded Program Files\eglivecam.dll
FileDelete %WINDIR%\Downloaded Program Files\ia.inf
FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.inf
FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.dll
FileDelete %WINDIR%\Downloaded Program Files
etcmp32.inf
FileDelete %WINDIR%\Downloaded Program Files
etia32.inf
FileDelete %WINDIR%\Downloaded Program Files\Netslv32.inf
FileDelete %WINDIR%\Downloaded Program Files\Netslv32.dll
FileDelete %WINDIR%\Downloaded Program Files
etpe32.inf
FileDelete %WINDIR%\Downloaded Program Files
ethv32.inf
FileDelete %WINDIR%\Downloaded Program Files\LiveService.inf
FileDelete %WINDIR%\Downloaded Program Files\one2oneSvc.inf
FileDelete %WINDIR%\Downloaded Program Files\sysnetsvc32.inf
FileDelete %WINDIR%\Downloaded Program Files\syswbsvc32.inf
FileDelete %WINDIR%\Downloaded Program Files\sysinetsvc32.inf
FileDelete %WINDIR%\Downloaded Program Files\sysiasvc32.inf

FileDelete %WINDIR%\access.exe
FileDelete %WINDIR%\dialx.exe
FileDelete %WINDIR%\ExeDialer.exe
FileDelete %WINDIR%\msupd.exe
FileDelete %WINDIR%\system32mwsrvacc.exe

FileDelete %WINDIR%	mlpcert2005
FileDelete %WINDIR%	mlpcert2007

FileDelete %WINDIR%\eg_auth_*.dll
FileDelete %WINDIR%\eg_auth_srv_10*.dll
FileDelete %WINDIR%\eg_auth_srv_mut0*.dll
FileDelete %WINDIR%\ieaccess2.dll
FileDelete %WINDIR%\system\eghtmldialer.dll
FileDelete %WINDIR%\System\ieaccess2.dll
FileDelete %WINDIR%\System\egdial.dll
FileDelete %WINDIR%\p2esocks_10*.dll


FileDelete %SYSDIR%\authclient.exe
FileDelete %SYSDIR%\dhtmlexe.exe
FileDelete %SYSDIR%\eglivecam.exe
FileDelete %SYSDIR%\P2EClient.exe
FileDelete %SYSDIR%\AxInst.exe
FileDelete %SYSDIR%\axsetup.dll
FileDelete %SYSDIR%\EGACCESS.dll
FileDelete %SYSDIR%\EGACCESS*.dll
FileDelete %SYSDIR%\egaccess4.DLL
FileDelete %SYSDIR%\egaccess4_10*.dll
FileDelete %SYSDIR%\EGDACCESS_*10*.dll
FileDelete %SYSDIR%\EGDACCESS.dll
FileDelete %SYSDIR%\egaccess*.inf
FileDelete %SYSDIR%\EGDACCESS*.inf
FileDelete %SYSDIR%\EGDHTML2.DLL
FileDelete %SYSDIR%\EGDHTML_*.dll 
FileDelete %SYSDIR%\EGAUTH.dll
FileDelete %SYSDIR%\eg_auth_srv_10*.dll
FileDelete %SYSDIR%\EGCOMLIB*.dll
FileDelete %SYSDIR%\EGCOMSERVICE2.dll 
FileDelete %SYSDIR%\EGCOMSERVICE_*.dll
FileDelete %SYSDIR%\EGDownloader.dll
FileDelete %SYSDIR%\EGLIVECAM_10*.DLL 
FileDelete %SYSDIR%\egdial.dll
FileDelete %SYSDIR%\eglivecam.dll
FileDelete %SYSDIR%\ia.dll
FileDelete %SYSDIR%\ieaccess2.dll
FileDelete %SYSDIR%\IaLdr32.exe
FileDelete %SYSDIR%\IaLdr32.inf
FileDelete %SYSDIR%\LiveService_*.dll
FileDelete %SYSDIR%\msegcompid.dll
FileDelete %SYSDIR%\msclock32.dll
FileDelete %SYSDIR%\msclock32*.dll
FileDelete %SYSDIR%\mservice.dll
FileDelete %SYSDIR%\msplock32.dll
FileDelete %SYSDIR%\msplock32*.dll
FileDelete %SYSDIR%\mswbm32.dll
FileDelete %SYSDIR%\mseggrpid.dll
FileDelete %SYSDIR%
etia32.dll
FileDelete %SYSDIR%
ethv32.dll
FileDelete %SYSDIR%\Netslv32.dll
FileDelete %SYSDIR%\One2OneService.dll
FileDelete %SYSDIR%\one2oneSvc.dll
FileDelete %SYSDIR%\p2esocks_*.dll 
FileDelete %SYSDIR%\P2ECOM.dll
FileDelete %SYSDIR%\svcia32.dll
FileDelete %SYSDIR%\syswbsvc32.dll
FileDelete %SYSDIR%\sysiasvc32.dll
FileDelete %SYSDIR%\sysia32svc.dll
FileDelete %SYSDIR%\sysinetsvc32.dll 
FileDelete %SYSDIR%\svcsysnet32.dll
FileDelete %SYSDIR%\sysnetsvc32.dll
FileDelete %SYSDIR%\*_navps.dat
FileDelete %SYSDIR%\*_nav.dat
FileDelete %SYSDIR%
vs2.inf
FileDelete %SYSDIR%\linewsrv.exe
FileDelete %SYSDIR%\mwsrvacc.exe

FileDelete %SYSDIR%\backgrd.jpg
FileDelete %SYSDIR%\baground.jpg

FolderDelete %PROGRAMFILES%\dialpass
FolderDelete %PROGRAMFILES%\eghtmldialer
FolderDelete %PROGRAMFILES%\egroup
FolderDelete %PROGRAMFILES%\Instant Access
FolderDelete %PROGRAMFILES%\MailSkinner
FolderDelete %PROGRAMFILES%\InternetGameBox
FolderDelete %PROGRAMFILES%\GoRecord2
FolderDelete %PROGRAMFILES%\GoAstro
FolderDelete %PROGRAMFILES%\SudoPlanet
FolderDelete %PROGRAMFILES%\WebMediaPlayer
FolderDelete %PROGRAMFILES%\MessengerSkinner

# mslagent block

DllUnregister %WINDIR%\mslagent\2_mslagent.dll|1
DllUnregister %WINDIR%
avmpc\2_navmpc.dll|1

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
RegDeleteKey HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}
RegDeleteKey HKCR\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}
RegDeleteKey HKCR\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}
RegDeleteKey HKCR\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}
RegDeleteKey HKCR\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}
RegDeleteKey HKCR\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}
RegDeleteKey HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}
RegDeleteKey HKCR\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}
RegDeleteKey HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}
RegDeleteKey HKCR\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}
RegDeleteKey HKCR\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}
RegDeleteKey HKCR\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021BB032-80A8-4FB6-B3D5-CF27B1553B95}
RegDeleteKey HKCR\MagicControl.MagicComponent
RegDeleteKey HKCR\MagicControl.MagicComponent.1
RegDeleteKey HKCR\mslagent.3
RegDeleteKey HKCR\mslagent.3.1
RegDeleteKey HKCR\NaviHelper.NaviHelperObject
RegDeleteKey HKCR\NaviHelper.NaviHelperObject.1
RegDeleteKey HKCR\NaviPromo.EGNaviScoring
RegDeleteKey HKCR\NaviPromo.EGNaviScoring.1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
avmpc
FolderDelete %WINDIR%\mslagent
FolderDelete %WINDIR%
avmpc
FolderDelete %WINDIR%\msskinner
FolderDelete %WINDIR%\wintrim
FolderDelete %WINDIR%\wincomp
FolderDelete %WINDIR%\winmgts
FolderDelete %WINDIR%\simcss
FolderDelete %WINDIR%\mc
FileDelete %SYSDIR%\msklive.dll

SystemEmptyTempFolder

OptionUseRecycleBin
FileDeleteIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te
FileDeleteIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml
FileDeleteIfContainsText %SYSDIR%\*.exe|iedisco

FileDeleteIfMD5Match %SYSDIR%\*.exe|60000E6EBEFF360898E43A6E2685E1B0
FileDeleteIfContainsText %SYSDIR%\*.dat|42.sa
FileDeleteIfContainsText %SYSDIR%\*.dat|PNDOCDT@
FileDeleteIfMD5Match %SYSDIR%\*.dat|C87EE35149404EA3C7AC361130E121FA

FolderCreate %SYSDIR%\bfubackups
FileMoveIfContainsHex %SYSDIR%\*.exe|%SYSDIR%\bfubackups|50,45,00,00,4C,01,04,00,8A,04,3D,44

FileDelete %SYSDIR%\*_navps.dat
FileDelete %SYSDIR%\*_nav.dat

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0


salutations
salutations

Séb08 · Answer

Ne met qu'un rapport Blacklight STP.

Tu es toujours infecté c'est que la manip n'a pas été bien faite..

a+

Séb08 · Answer

Rapport blacklight pas Egdacess...

;-)

Séb08 · Answer

Si tu as fait un copier/coller de l'ancien ce n'est pas bon ...

Réinstalle et relance le. et colle le nouveau rapport.

a+

Séb08 · Answer

fais cette manip moins lourde mais peut être moins radicale :

Télécharge: Pocket Killbox ici 
http://www.downloads.subratam.org/KillBox.exe 

Démo d utilisation (merci a Balltrap34 pour cette réalisation) :: 
http://pageperso.aol.fr/balltrap34/killbox.htm 

Regarde la méthode du bloc note et fais pareil avec cette liste: 

c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
c:\WINDOWS\system32\vmtjurokw.dat
C:\windows\system32\vmtjurokw.exe
c:\WINDOWS\system32\vmtjurokw_nav.dat
c:\WINDOWS\system32\vmtjurokw_navps.dat


Ensuite, redemarre ton PC et remet un rapport Blacklight.

a+

Regis59 · Answer

Salut

Double clic sur killbox.exe (Pocket Killbox) 

- coche: delete on reboot 
- Dans "Full Path of File to Delete" 
-Sélectionne "single File"

-copie et colle: C:\windows\system32\vmtjurokw.exe 

- clique sur la croix rouge 
- une fenêtre va apparaître pour confirmation clique sur YES 
- une seconde fenêtre te demande si tu veux redémarrer clique sur YES 

Si ce message s’affiche ignore le :
http://tinypic.com/images/goodbye.jpg 
Laisse le pc redémarrer.
Et après reposte un log HijackThis + un black light

A+

Regis59 · Answer

Salut

redemarre le manuellement et redonne nous les rapports stp

a+

Séb08 · Answer

Tu n'as pas du faire la manip avec Killbox avant le rapport Hijack ...


Remet un log Hijack STP et dis nous ou en sont tes probs.

a+

Regis59 · Answer

Salut

Fais ceci deja:

¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O4 - HKLM\..\Run: [vmtjurokw] c:\windows\system32\vmtjurokw.exe vmtjurokw 

O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32

O4 - Startup: desktop(2)(2).ini 
O4 - Startup: desktop(2).ini 
O4 - Startup: desktop(3).ini 
O4 - Global Startup: desktop(2)(2).ini 
O4 - Global Startup: desktop(2).ini 
O4 - Global Startup: desktop(3).ini 

Ferme HJT.Redemarre ton pc et remet un HJT

A+

zzorglub · Answer

coucou
les2 premiers sont parti, mais les 3startup,et les3 global startup ne sont pas parti
un message s'affichait" oui ou non " j'ai essayer les 2 mais rien àfaire
Logfile of HijackThis v1.99.1
Scan saved at 20:51:45, on 13/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\FRANCOIS\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin
pjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

salutations

Regis59 · Answer

Salut,

Telecharge ceci
https://www.silentrunners.org/Silent%20Runners.vbs 
Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

A+

Regis59 · Answer

Salut

Essai ceci stp:

Demarer < rechercher < tape: csntv.exe
Dans tous les fichiers.

Dis moi juste s'il trouve quelque chose.

A+

Regis59 · Answer

Salut,

¤Affiche tous les fichiers et dossiers : 
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage 

Coche « afficher les fichiers et dossiers cachés » 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décoche « masquer les extensions dont le type est connu » 
Puis fais «Ok» pour valider les changements. 

Et appliquer !

Trouves tu ceci?

C:\Documents and Settings\FRANCOIS\Menu Démarrer\Programmes\Démarrage 

desktop(2)(2).ini
desktop(2).ini
desktop(3).ini

A+

Regis59 · Answer

Salut

ok a l endroit ou tu les a trouvé, clik droit et supprime les !
Vide ensuite ta corbeille.

Tu redemarres ton pc et tu mets un HijackThis + un silent runner stp

a+

zzorglub · Answer

bonjour
j'ai tout supprimer
il reste des "backup"faut t'il les supprimer??
voici les rapports

"Silent Runners.vbs", revision 49, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"notepad.exe" = "(empty string)" [file not found]
"winlogon.exe" = "(empty string)" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
"USB Storage RW" = ""C:\Program Files\USB Storage RW\DskWatch.exe"" [null data]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"PCMService" = ""C:\Program Files\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"OEM-Reset" = "(empty string)" [file not found]
"KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"CARPService" = "carpserv.exe" ["Conexant Systems, Inc."]
"DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"
-> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 DragDrop Shell Extension"
-> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Context Menu Shell Extension"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Property Sheet Shell Extension"
-> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{780BCB64-0CAF-473c-A9FC-E08C03D75515}" = "Matroska Shell Extension, Properties Page CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Prop Page CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
"{78DC191E-EFC1-4532-9A71-224577A86A7D}" = "Matroska Shell Extension, Thumbnail Handler CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Thumbnail Handler CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
"{794D04CA-70AC-4020-80EB-FFD59DEF8027}" = "Matroska Shell Extension, Tooltip Provider CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Tooltip Provider CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
"{789111D8-68A3-46a3-9663-145A3FF4C9C9}" = "Matroska Shell Extension, ContextMenu CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
"{781395AF-A127-469f-A06F-59B482AF4F3F}" = "Matroska Shell Extension, Column Provider CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "System" = "csntv.exe" [file not found]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{781395AF-A127-469f-A06F-59B482AF4F3F}\(Default) = "The Matroska Shell Extension, Column Provider CLSID"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
MatroskaContextMenu\(Default) = "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"
-> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
\InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
-> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
\InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

Default executables:
--------------------

HKCU\Software\Classes\.bat\(Default) = (value not set)

HKCU\Software\Classes\.cmd\(Default) = (value not set)

HKCU\Software\Classes\.com\(Default) = (value not set)

HKCU\Software\Classes\.exe\(Default) = (value not set)

HKCU\Software\Classes\.hta\(Default) = (value not set)

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\FRANCOIS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = ""
"Source" = "http://www.toquentete.net/style/objet/lexique.gif"
"SubscribedURL" = "http://www.toquentete.net/style/objet/lexique.gif"

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
"FriendlyName" = ""
"Source" = "http://www.creapoemes.com/Mon_Chien.gif"
"SubscribedURL" = "http://www.creapoemes.com/Mon_Chien.gif"

Startup items in "FRANCOIS" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 34
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string]
kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
Service d'application d'assistance IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 44 seconds, including 4 seconds for message boxes)

Logfile of HijackThis v1.99.1
Scan saved at 20:13:46, on 16/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\FRANCOIS\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

salutations

Regis59 · Answer

Salut

Y'a du mieux ;-)

Demarrer < executer < tape : Regedit
Le registre s'ouvre !
 /!\ Soit prudent et n y fait pas n'importe quoi, c'est un lieu "sensible"/!\

Rend toi a cette clé:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

Dans la case de droite, y vois tu ceci?
"notepad.exe" 
"winlogon.exe"

Ferme le Registre.

A+

Regis59 · Answer

Re,

et celui ci?

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ 
"System" = "csntv.exe"

A+

zzorglub · Answer

bonsoir et à plus tard
merci pour tout
salutations

Regis59 · Answer

Salut

Ok !
As tu un nettoyeur de registre stp?

Dis moi également ou en sont tes soucis?

a+

Regis59 · Answer

Bonsoir

Ou habites tu pour dire que le temps n est pas bon?
La pierre? Ah bon, que fais tu?

jv16 

(ancienne version gratuite) https://puntocr.it/index.php?module=downloads_riz&func=display&pid=3&lid=26 

Dans les options, met le en francais
là tu le lances tu cliques sur outil registre/outil/nettoyage de registre/continuer /démarrer 
là tu le laisses faire c’est un peu long 
quand il a fini
tu sélectionnes les ronds verts par paquet de 20 ou 30 
une fois que tu les a sélectionnés tu cliques sur supprimer en bas à droite 
et tu continues jusqu’à ce qu’il ne reste plus de ronds verts

A+

zzorglub · Answer

coucou
et les points rouge , j'en fait quoi???
SALUTATIONS

Regis59 · Answer

Salut

Les points rouges tu les laisses car leur suppression pourrait causer des soucis a ton pc; tout simplement.

Ou en sont tes soucis?

a+

Regis59 · Answer

Salut

As tu regardé dans ajout/suppression de programmes pour la supprimer?

a+

Regis59 · Answer

Bonjour zzorglub,

Content que tout soit resolu.

Bonne continuation a toi et si tu as besoin, n hesites pas

a+

Fenetres de pub temps ??

28 réponses

Votre réponse

Discussions similaires

Newsletters