Fenetres de pub temps ??

zzorglub Messages postés 87 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
bonjour
j'ai des pub tout le temps des que je navigue sur le net
pub pour antispyware ,mozzilla,navi shearch,et meme des fois pub pour sites pornographique
pouvez vous m'aider
salutations
Logfile of HijackThis v1.99.1
Scan saved at 18:06:51, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\USB Storage RW\DskWatch.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\FRANCOIS\LOCALS~1\Temp\Rar$EX00.079\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32\kxmqhynis.exe kxmqhynis
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: desktop(2)(2).ini
O4 - Startup: desktop(2).ini
O4 - Startup: desktop(3).ini
O4 - Global Startup: desktop(2)(2).ini
O4 - Global Startup: desktop(2).ini
O4 - Global Startup: desktop(3).ini
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

28 réponses

  • 1
  • 2
Résumé de la discussion

Plusieurs publicités intempestives et des redirections apparaissent lors de la navigation, et l’analyse HijackThis révèle de multiples éléments malveillants et entrées de démarrage suspectes sous Windows XP et Internet Explorer. La meilleure réponse propose une procédure en deux étapes: d’abord Brute Force Uninstaller et BlackLight pour supprimer les éléments résiduels, puis la suppression manuelle de fichiers et la vérification des programmes indésirables comme mailskinner. Des échanges indiquent aussi qu’une barre Yahoo s’est infiltrée dans Internet Explorer et que certains répondants proposent des nettoyeurs de registre ou la suppression via Ajout/Suppression de programme. En cas de persistance, certains participants évoquent l’utilisation de jv16 PowerTools pour nettoyer le registre et d’autres pistes comme la vérification des éléments cachés dans le système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
    https://www.f-secure.com/en
    https://www.f-secure.com/en

    et sauvegarde le sur ton Bureau.

    Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse

    a+
    0
  2. zzorglub Messages postés 87 Statut Membre 1
     
    bonjour
    j'ai fait ce que tu ma dit , voici le rapport de f-secure blacklight

    11/11/06 09:10:02 [Info]: BlackLight Engine 1.0.47 initialized
    11/11/06 09:10:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    11/11/06 09:10:02 [Note]: 7019 4
    11/11/06 09:10:02 [Note]: 7005 0
    11/11/06 09:10:09 [Note]: 7006 0
    11/11/06 09:10:09 [Note]: 7011 3864
    11/11/06 09:10:09 [Note]: 7026 0
    11/11/06 09:10:09 [Note]: 7026 0
    11/11/06 09:10:09 [Note]: 7015 232
    11/11/06 09:10:09 [Note]: 7015 5
    11/11/06 09:10:09 [Note]: 7015 2792
    11/11/06 09:10:09 [Note]: 7015 5
    11/11/06 09:10:09 [Note]: 7024 3
    11/11/06 09:10:09 [Info]: Hidden process: C:\windows\system32\vmtjurokw.exe
    11/11/06 09:10:09 [Note]: FSRAW library version 1.7.1020
    11/11/06 09:19:47 [Info]: Hidden file: c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
    11/11/06 09:19:47 [Note]: 10002 1
    11/11/06 09:20:16 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw.dat
    11/11/06 09:20:16 [Note]: 10002 1
    11/11/06 09:20:17 [Info]: Hidden file: C:\windows\system32\vmtjurokw.exe
    11/11/06 09:20:18 [Note]: 10002 1
    11/11/06 09:20:18 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw_nav.dat
    11/11/06 09:20:18 [Note]: 10002 1
    11/11/06 09:20:19 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw_navps.dat
    11/11/06 09:20:19 [Note]: 10002 1

    salutations et à+
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut ;

    Télécharge Brute Force Uninstaller (de Merijn) ici:
    http://www.merijn.org/files/bfu.zip
    Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU.
    Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

    Ensuite, télécharge EGDACCESS.bfu (de Metallica) :

    Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers".
    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
    - Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
    - Coches la case Show log after script ends
    - Clique sur Execute pour que le fix fasse son boulot :-)

    Attends que le message Complete script execution apparaîsse et clique sur OK.
    Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
    Clique Exit pour fermer le programme BFU.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
    Clique sur Scan pour lancer l'analyse.
    Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME"
    Puis valide.
    Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

    Après le reboot du pc, les fichiers :

    c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
    c:\WINDOWS\system32\vmtjurokw.dat
    C:\windows\system32\vmtjurokw.exe
    c:\WINDOWS\system32\vmtjurokw_nav.dat
    c:\WINDOWS\system32\vmtjurokw_navps.dat

    devraient être visible et pouvoir être supprimés sans aucuns soucis.
    Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même:
    Va dans C:\windows\system32\ et recherches et effaces:

    vmtjurokw.dat.ren
    vmtjurokw.exe.ren
    vmtjurokw_nav.dat.ren
    vmtjurokw_navps.dat.ren

    Une fois fait, reposte un rapport hijackthis + le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight.
    Juste pour info, tu as eu installé le logiciel mailskinner ? (emoticone pour la messagerie)
    Tu peux verifier s il est dans ajout/suppression de programme?

    bon nettoyage et bon courage ;-)
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      coucou
      MAILSKINNER n'est pas dans suppression de programme
      salutations
      0
  4. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    slt ,

    Pour avancer remet un rapport Blacklight pour vérif que tu as bien fait la manip cité et remet un log Hijack STP

    a+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. zzorglub Messages postés 87 Statut Membre 1
     
    coucou
    je ne trouve pas les fichiers
    vmtjurokw.dat.ren
    vmtjurokw.exe.ren
    vmtjurokw_nav.dat.ren
    vmtjurokw_navps.dat.ren
    voici un rapport blacklight
    11/11/06 18:01:21 [Info]: BlackLight Engine 1.0.47 initialized
    11/11/06 18:01:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    11/11/06 18:01:21 [Note]: 7019 4
    11/11/06 18:01:21 [Note]: 7005 0
    11/11/06 18:01:24 [Note]: 7006 0
    11/11/06 18:01:24 [Note]: 7011 3284
    11/11/06 18:01:24 [Note]: 7026 0
    11/11/06 18:01:24 [Note]: 7026 0
    11/11/06 18:01:24 [Note]: 7024 3
    11/11/06 18:01:24 [Info]: Hidden process: C:\windows\system32\kxmqhynis.exe
    11/11/06 18:01:24 [Note]: 7015 1316
    11/11/06 18:01:24 [Note]: 7015 5
    11/11/06 18:01:24 [Note]: 7015 1844
    11/11/06 18:01:24 [Note]: 7015 5
    11/11/06 18:01:24 [Note]: FSRAW library version 1.7.1020
    11/11/06 18:05:17 [Note]: 4013 72943
    11/11/06 18:05:17 [Note]: 4020 94076 2686976
    11/11/06 18:05:17 [Note]: 4018 94076 2686976
    11/11/06 18:05:17 [Note]: 4013 72943
    11/11/06 18:05:17 [Note]: 4020 94076 2686976
    11/11/06 18:05:17 [Note]: 4018 94076 2686976
    11/11/06 18:05:23 [Note]: 4013 72889
    11/11/06 18:05:23 [Note]: 4020 94074 2621440
    11/11/06 18:05:23 [Note]: 4018 94074 2621440
    11/11/06 18:05:23 [Note]: 4013 72889
    11/11/06 18:05:23 [Note]: 4020 94074 2621440
    11/11/06 18:05:23 [Note]: 4018 94074 2621440
    11/11/06 18:10:39 [Info]: Hidden file: c:\WINDOWS\Prefetch\KXMQHYNIS.EXE-134092B0.pf
    11/11/06 18:10:39 [Note]: 10002 1
    11/11/06 18:10:47 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis.dat
    11/11/06 18:10:47 [Note]: 10002 1
    11/11/06 18:10:48 [Info]: Hidden file: C:\windows\system32\kxmqhynis.exe
    11/11/06 18:10:48 [Note]: 10002 1
    11/11/06 18:10:48 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis_nav.dat
    11/11/06 18:10:48 [Note]: 10002 1
    11/11/06 18:10:48 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis_navps.dat
    11/11/06 18:10:48 [Note]: 10002 1
    11/11/06 18:14:27 [Note]: 7007 0

    et voila le hijack
    Logfile of HijackThis v1.99.1
    Scan saved at 18:33:19, on 11/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\USB Storage RW\DskWatch.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\FRANCOIS\LOCALS~1\Temp\Rar$EX00.938\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32\kxmqhynis.exe kxmqhynis
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: desktop(2)(2).ini
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3).ini
    O4 - Global Startup: desktop(2)(2).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3).ini
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

    voicile rapport BFU
    # For use with Merijn's Brute Force Uninstaller
    # available from http://merijn.org/
    #
    # Script Name: EGDACCESS.BFU
    # This script combines the old EGDACCESS.bfu and P2EClient.BFU
    # Author: Pieter Arntz
    #
    # Thanks to ~Mark and Moe31 for their contributions

    ProcessKill \mailskinner.exe|1
    ProcessKill %WINDIR%\iedisco.exe|1
    ProcessKill \GoAstro.exe|1
    ProcessKill \MessengerSkinner.exe|1
    ProcessKill \system32mwsrvacc.exe|1

    ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
    ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

    RegDeleteKey HKCR\egdhtml.egdialhtml
    RegDeleteKey HKCR\egdhtml.egdialhtml.1
    RegDeleteKey HKCR\egdialobject.egdial
    RegDeleteKey HKCR\EGDialObject.EGDial.1
    RegDeleteKey HKCR\eghtmldialer.htmldialer
    RegDeleteKey HKCR\eghtmldialer.htmldialer.1
    RegDeleteKey HKCR\ieaccess2.iedial
    RegDeleteKey HKCR\ieaccess2.iedial.1
    RegDeleteKey HKCR\P2ECOM.EGP2ECOM
    RegDeleteKey HKCR\P2ECOM.EGP2ECOM.1
    RegDeleteKey HKCR\EGAUTH.EGEGAUTH
    RegDeleteKey HKCR\EGAUTH.EGEGAUTH.1
    RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc
    RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc.1
    RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2
    RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2.1
    RegDeleteKey HKCR\EGCOMLIB.EGComLibrary
    RegDeleteKey HKCR\EGCOMLIB.EGComLibrary.1
    RegDeleteKey HKCR\Webcam2.VideoProducer
    RegDeleteKey HKCR\Webcam2.VideoProducer.1

    RegDeleteKey HKCR\CLSID\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
    RegDeleteKey HKCR\CLSID\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
    RegDeleteKey HKCR\CLSID\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
    RegDeleteKey HKCR\CLSID\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
    RegDeleteKey HKCR\CLSID\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
    RegDeleteKey HKCR\CLSID\{0878F049-D33E-45E0-A157-C36A6683CF25}
    RegDeleteKey HKCR\CLSID\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
    RegDeleteKey HKCR\CLSID\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
    RegDeleteKey HKCR\CLSID\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
    RegDeleteKey HKCR\CLSID\{0E79192A-C52C-4260-920F-639AC2296203}
    RegDeleteKey HKCR\CLSID\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
    RegDeleteKey HKCR\CLSID\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
    RegDeleteKey HKCR\CLSID\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
    RegDeleteKey HKCR\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
    RegDeleteKey HKCR\CLSID\{1CD49DC9-FD88-41FA-B892-47E037267D45}
    RegDeleteKey HKCR\CLSID\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
    RegDeleteKey HKCR\CLSID\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
    RegDeleteKey HKCR\CLSID\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
    RegDeleteKey HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}
    RegDeleteKey HKCR\CLSID\{2A3DFC59-8A87-49A1-85D1-42903410911F}
    RegDeleteKey HKCR\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}
    RegDeleteKey HKCR\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
    RegDeleteKey HKCR\CLSID\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
    RegDeleteKey HKCR\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
    RegDeleteKey HKCR\CLSID\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
    RegDeleteKey HKCR\CLSID\{3616F4B5-F6AD-4E67-966A-C218673648A0}
    RegDeleteKey HKCR\CLSID\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
    RegDeleteKey HKCR\CLSID\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}
    RegDeleteKey HKCR\CLSID\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}
    RegDeleteKey HKCR\CLSID\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
    RegDeleteKey HKCR\CLSID\{469C7080-8EC8-43A6-AD97-45848113743C}
    RegDeleteKey HKCR\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
    RegDeleteKey HKCR\CLSID\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
    RegDeleteKey HKCR\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
    RegDeleteKey HKCR\CLSID\{54579C3D-A58D-4623-B5B5-465552BDA45B}
    RegDeleteKey HKCR\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
    RegDeleteKey HKCR\CLSID\{5FD9726A-4977-449D-8352-25FDD8A510B5}
    RegDeleteKey HKCR\CLSID\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
    RegDeleteKey HKCR\CLSID\{624321F1-0581-49D8-99BD-2E952C2DF31B}
    RegDeleteKey HKCR\CLSID\{6AA85413-165C-4200-8154-71166077B22E}
    RegDeleteKey HKCR\CLSID\{6AA93DF6-6757-4338-9087-F7601DE18402}
    RegDeleteKey HKCR\CLSID\{71CBDCD9-0830-4470-A890-35D364DA352C}
    RegDeleteKey HKCR\CLSID\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
    RegDeleteKey HKCR\CLSID\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
    RegDeleteKey HKCR\CLSID\{77EF6DBF-3929-4081-AF2E-178D387E211C}
    RegDeleteKey HKCR\CLSID\{78F584DF-BBF5-4296-839C-31DE60914DBC}
    RegDeleteKey HKCR\CLSID\{82FC4503-8459-4239-9B85-0617BEAA950A}
    RegDeleteKey HKCR\CLSID\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
    RegDeleteKey HKCR\CLSID\{87C1805D-C5AE-4455-AB39-E245BB516136}
    RegDeleteKey HKCR\CLSID\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
    RegDeleteKey HKCR\CLSID\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
    RegDeleteKey HKCR\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
    RegDeleteKey HKCR\CLSID\{95460ABD-946A-46FF-9F56-268718323EEE}
    RegDeleteKey HKCR\CLSID\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}
    RegDeleteKey HKCR\CLSID\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
    RegDeleteKey HKCR\CLSID\{A02780C3-7F77-4E28-855B-28890F3CF37A}
    RegDeleteKey HKCR\CLSID\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
    RegDeleteKey HKCR\CLSID\{AF7410C1-FBA3-415E-800A-4110CED40536}
    RegDeleteKey HKCR\CLSID\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
    RegDeleteKey HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
    RegDeleteKey HKCR\CLSID\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
    RegDeleteKey HKCR\CLSID\{B843DA96-2B2D-447E-90AB-B92929AA11AF}
    RegDeleteKey HKCR\CLSID\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
    RegDeleteKey HKCR\CLSID\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
    RegDeleteKey HKCR\CLSID\{BD3653E4-884B-43C4-970B-670802501B7F}
    RegDeleteKey HKCR\CLSID\{BE5A7132-329F-4319-B781-2A83BFE51534}
    RegDeleteKey HKCR\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
    RegDeleteKey HKCR\CLSID\{C2481ED1-9896-4D49-AE90-69858DFDE446}
    RegDeleteKey HKCR\CLSID\{C6760A07-A574-4705-B113-7856315922C3}
    RegDeleteKey HKCR\CLSID\{C80B7FF6-CE60-4079-935E-520C045C30A6}
    RegDeleteKey HKCR\CLSID\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
    RegDeleteKey HKCR\CLSID\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
    RegDeleteKey HKCR\CLSID\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
    RegDeleteKey HKCR\CLSID\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
    RegDeleteKey HKCR\CLSID\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
    RegDeleteKey HKCR\CLSID\{D24A1963-9951-4153-A340-6648759EB77D}
    RegDeleteKey HKCR\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
    RegDeleteKey HKCR\CLSID\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
    RegDeleteKey HKCR\CLSID\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
    RegDeleteKey HKCR\CLSID\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
    RegDeleteKey HKCR\CLSID\{E1D20694-74D9-472D-AF03-08C26173A67F}
    RegDeleteKey HKCR\CLSID\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
    RegDeleteKey HKCR\CLSID\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
    RegDeleteKey HKCR\CLSID\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
    RegDeleteKey HKCR\CLSID\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
    RegDeleteKey HKCR\CLSID\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
    RegDeleteKey HKCR\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
    RegDeleteKey HKCR\CLSID\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
    RegDeleteKey HKCR\CLSID\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
    RegDeleteKey HKCR\CLSID\{F4653484-F38C-455F-BB15-1175E527754E}
    RegDeleteKey HKCR\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
    RegDeleteKey HKCR\CLSID\{FA1D6D8F-C6ED-4752-8512-A33283240130}
    RegDeleteKey HKCR\CLSID\{FA605711-8E72-46B2-AE49-BED11B2E729D}
    RegDeleteKey HKCR\CLSID\{FA83E942-B796-46DE-9155-1632ECC5473B}
    RegDeleteKey HKCR\CLSID\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
    RegDeleteKey HKCR\CLSID\{FF521631-31DA-48AC-B4E9-390A7694C906}

    RegDeleteKey HKCR\TypeLib\{06EC63CC-4823-4836-ABB8-AB5F3971FA5C}
    RegDeleteKey HKCR\TypeLib\{0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C}
    RegDeleteKey HKCR\TypeLib\{1F445F82-42C0-46F3-9A2E-6ADB79046D41}
    RegDeleteKey HKCR\TypeLib\{7699AEF9-F83A-44FA-B374-AA02CEDF247D}
    RegDeleteKey HKCR\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
    RegDeleteKey HKCR\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}
    RegDeleteKey HKCR\TypeLib\{E8C88115-4951-425B-8C45-4DFC5A5540EE}
    RegDeleteKey HKCR\TypeLib\{F3A257E6-FA04-4B30-A1B6-6B89EB814544}

    RegDeleteKey HKCR\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}
    RegDeleteKey HKCR\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
    RegDeleteKey HKCR\Interface\{3947AC1D-DB09-4353-BBCC-55B97F5035EF}
    RegDeleteKey HKCR\Interface\{62BFAEC2-82A5-4117-A98B-FEA89413D924}
    RegDeleteKey HKCR\Interface\{7B1B5E44-8E90-4EE2-9049-CC0C5D8A918F}
    RegDeleteKey HKCR\Interface\{81C2F7F3-F930-455E-9AA5-0876D387C787}
    RegDeleteKey HKCR\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
    RegDeleteKey HKCR\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED}
    RegDeleteKey HKCR\Interface\{A58F3D09-4543-4396-8BE7-105F14DD6ED5}
    RegDeleteKey HKCR\Interface\{A7B323DA-0D0C-4298-8DE0-4F2AC4773284}
    RegDeleteKey HKCR\Interface\{C13FA88A-D264-4BC8-92ED-52EB8181E209}
    RegDeleteKey HKCR\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}

    RegDeleteKey HKCU\Software\livesvc
    RegDeleteKey HKCU\Software\EGDHTML
    RegDeleteKey HKCU\Software\egroup
    RegDeleteKey HKCU\Software\P2EClient
    RegDeleteKey HKCU\software\egdhtml
    RegDeleteKey HKCU\Software\epk_extr
    RegDeleteKey HKCU\software\mc
    RegDeleteKey HKUS\software\egdhtml
    RegDeleteKey HKLM\SOFTWARE\InternetGameBox
    RegDeleteKey HKLM\SOFTWARE\GoRecord
    RegDeleteKey HKLM\SOFTWARE\GoAstro
    RegDeleteKey HKLM\SOFTWARE\SudoPlanet
    RegDeleteKey HKLM\SOFTWARE\WebMediaPlayer
    RegDeleteKey HKLM\SOFTWARE\MessengerSkinner

    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878F049-D33E-45E0-A157-C36A6683CF25}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E79192A-C52C-4260-920F-639AC2296203}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD49DC9-FD88-41FA-B892-47E037267D45}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26D73573-F1B3-48C9-A989-E6CE071957A1}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2A3DFC59-8A87-49A1-85D1-42903410911F}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3616F4B5-F6AD-4E67-966A-C218673648A0}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54579C3D-A58D-4623-B5B5-465552BDA45B}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5FD9726A-4977-449D-8352-25FDD8A510B5}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{624321F1-0581-49D8-99BD-2E952C2DF31B}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA85413-165C-4200-8154-71166077B22E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA93DF6-6757-4338-9087-F7601DE18402}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71CBDCD9-0830-4470-A890-35D364DA352C}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77EF6DBF-3929-4081-AF2E-178D387E211C}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78F584DF-BBF5-4296-839C-31DE60914DBC}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{82FC4503-8459-4239-9B85-0617BEAA950A}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87C1805D-C5AE-4455-AB39-E245BB516136}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95460ABD-946A-46FF-9F56-268718323EEE}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AF7410C1-FBA3-415E-800A-4110CED40536}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD3653E4-884B-43C4-970B-670802501B7F}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE5A7132-329F-4319-B781-2A83BFE51534}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2481ED1-9896-4D49-AE90-69858DFDE446}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C6760A07-A574-4705-B113-7856315922C3}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C80B7FF6-CE60-4079-935E-520C045C30A6}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E1D20694-74D9-472D-AF03-08C26173A67F}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F4653484-F38C-455F-BB15-1175E527754E}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA1D6D8F-C6ED-4752-8512-A33283240130}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA605711-8E72-46B2-AE49-BED11B2E729D}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA83E942-B796-46DE-9155-1632ECC5473B}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF521631-31DA-48AC-B4E9-390A7694C906}

    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01BE5BD7-B2DD-48B3-A759-59265A91E787}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0878F049-D33E-45E0-A157-C36A6683CF25}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E79192A-C52C-4260-920F-639AC2296203}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14325268-79E0-4D2A-89A4-FFFC6E22741E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD49DC9-FD88-41FA-B892-47E037267D45}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1EB17D1C-141D-4D9D-91CB-24D99215851D}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26D73573-F1B3-48C9-A989-E6CE071957A1}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A3DFC59-8A87-49A1-85D1-42903410911F}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ABE804B-4D3A-41BF-A172-304627874B45}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F668A6D-2EC7-4E3A-A485-819E210738D6}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3616F4B5-F6AD-4E67-966A-C218673648A0}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{469C7080-8EC8-43A6-AD97-45848113743C}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{486E48B5-ABF2-42BB-A327-2679DF3FB822}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{505098FD-5D61-4BC2-9B82-F969D0E932A2}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54579C3D-A58D-4623-B5B5-465552BDA45B}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5FD9726A-4977-449D-8352-25FDD8A510B5}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{624321F1-0581-49D8-99BD-2E952C2DF31B}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA85413-165C-4200-8154-71166077B22E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA93DF6-6757-4338-9087-F7601DE18402}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71CBDCD9-0830-4470-A890-35D364DA352C}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7504F0D5-644A-4103-9D02-95488B6CB9A1}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77EF6DBF-3929-4081-AF2E-178D387E211C}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F584DF-BBF5-4296-839C-31DE60914DBC}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{82FC4503-8459-4239-9B85-0617BEAA950A}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87C1805D-C5AE-4455-AB39-E245BB516136}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95460ABD-946A-46FF-9F56-268718323EEE}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A02780C3-7F77-4E28-855B-28890F3CF37A}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7410C1-FBA3-415E-800A-4110CED40536}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD3653E4-884B-43C4-970B-670802501B7F}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE5A7132-329F-4319-B781-2A83BFE51534}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2481ED1-9896-4D49-AE90-69858DFDE446}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6760A07-A574-4705-B113-7856315922C3}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C80B7FF6-CE60-4079-935E-520C045C30A6}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CB5D474E-A510-40A4-B5A4-838933BCBA64}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E1D20694-74D9-472D-AF03-08C26173A67F}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3943A24-2F83-4505-9AE5-F705E81B50CB}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4653484-F38C-455F-BB15-1175E527754E}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F72BC3F0-6C20-4793-9DDA-258589D8A907}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1D6D8F-C6ED-4752-8512-A33283240130}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA605711-8E72-46B2-AE49-BED11B2E729D}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA83E942-B796-46DE-9155-1632ECC5473B}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}|Compatibility Flags|1024
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF521631-31DA-48AC-B4E9-390A7694C906}|Compatibility Flags|1024

    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cpntmgc
    RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
    RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MailSkinner
    RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MC
    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|go-astro
    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|messengerskinner
    RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC
    RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupd
    RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialDllName32|wininet.dll
    RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialFcnName32|InternetAutodialCallback
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailSkinner
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoRecord
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoAstro
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SudoPlanet
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebMediaPlayer
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MessengerSkinner

    RegDeleteKey HKCR\AxInst.IgbInstall
    RegDeleteKey HKCR\AxInst.IgbInstall.1
    RegDeleteKey HKCR\CLSID\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
    RegDeleteKey HKCR\AppID\AppID\AxInst.EXE
    RegDeleteKey HKCR\AppID\{7AA54C6E-DBF0-4A63-AFE0-6582094C46DE}
    RegDeleteKey HKCR\Interface\{66C13795-9AA0-4244-B1A8-37F9E99FB079}
    RegDeleteKey HKCR\Interface\{9E03C295-4FDF-4828-A99C-85EB0D848DC0}
    RegDeleteKey HKCR\TypeLib\{C9F88FA1-51F1-43C8-A0FC-EAC4537D8392}
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
    RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E68718BB-5451-4F6F-B8B8-41B4AB672747}|Compatibility Flags|1024
    RegDelValue HKCU\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0|ELECTRONIC GROUP
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoAstro.exe
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SudoPlanet.exe
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoRecord.exe
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe
    RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MessengerSkinner.exe

    DllUnregister %SYSDIR%\MSWBM32.DLL|1
    DllUnregister %PROGRAMFILES%\MailSkinner\OESkinner.dll|1

    ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
    ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

    FileDelete %SYSTEMDRIVE%\dfuck.ico
    FileDelete %SYSTEMDRIVE%\Video Party.ico

    FileDelete %ALLUSERSDESKTOP%\Instant Access.lnk
    FileDelete %ALLUSERSDESKTOP%\NoCreditCard.lnk
    FileDelete %ALLUSERSDESKTOP%\Join The Orgy.lnk
    FileDelete %ALLUSERSDESKTOP%\GoRecord.lnk
    FileDelete %ALLUSERSDESKTOP%\GoAstro.lnk
    FileDelete %ALLUSERSDESKTOP%\InternetGameBox.lnk
    FileDelete %ALLUSERSDESKTOP%\SudoPlanet.lnk
    FileDelete %ALLUSERSDESKTOP%\WebMediaPlayer.lnk

    FileDelete %DESKTOP%\Instant Access.lnk
    FileDelete %DESKTOP%\NoCreditCard.lnk
    FileDelete %DESKTOP%\Join The Orgy.lnk
    FileDelete %DESKTOP%\GoRecord.lnk
    FileDelete %DESKTOP%\GoAstro.lnk
    FileDelete %DESKTOP%\InternetGameBox.lnk
    FileDelete %DESKTOP%\SudoPlanet.lnk
    FileDelete %DESKTOP%\WebMediaPlayer.lnk

    FileDelete %PROGRAMS%\GoRecord 2
    FileDelete %PROGRAMS%\GoAstro
    FileDelete %PROGRAMS%\InternetGameBox
    FileDelete %PROGRAMS%\SudoPlanet
    FileDelete %PROGRAMS%\WebMediaPlayer
    FileDelete %PROGRAMS%\MessengerSkinner

    FileDelete %ALLUSERSSTARTMENU%\Instant access
    FileDelete %ALLUSERSSTARTMENU%\NoCreditCard
    FileDelete %ALLUSERSSTARTMENU%\Join The Orgy
    FileDelete %ALLUSERSSTARTMENU%\GoRecord 2
    FileDelete %ALLUSERSSTARTMENU%\GoAstro
    FileDelete %ALLUSERSSTARTMENU%\InternetGameBox
    FileDelete %ALLUSERSSTARTMENU%\SudoPlanet
    FileDelete %ALLUSERSSTARTMENU%\WebMediaPlayer

    FileDelete %WINDIR%\Downloaded Program Files\dhtmlaccess.inf
    FileDelete %WINDIR%\Downloaded Program Files\dtc32.inf
    FileDelete %WINDIR%\Downloaded Program Files\EGAUTH.inf
    FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS.inf
    FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS_ASPIV4.inf
    FileDelete %WINDIR%\Downloaded Program Files\EGCOMSERVICE_pack.inf
    FileDelete %WINDIR%\Downloaded Program Files\egdhtml.inf
    FileDelete %WINDIR%\Downloaded Program Files\egdial.dll
    FileDelete %WINDIR%\Downloaded Program Files\egdhtml_****.dll
    FileDelete %WINDIR%\Downloaded Program Files\egdhtml_pack.inf
    FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.inf
    FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.dll
    FileDelete %WINDIR%\Downloaded Program Files\eglivecam_****.dll
    FileDelete %WINDIR%\Downloaded Program Files\eglivecam.dll
    FileDelete %WINDIR%\Downloaded Program Files\ia.inf
    FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.inf
    FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.dll
    FileDelete %WINDIR%\Downloaded Program Files\netcmp32.inf
    FileDelete %WINDIR%\Downloaded Program Files\netia32.inf
    FileDelete %WINDIR%\Downloaded Program Files\Netslv32.inf
    FileDelete %WINDIR%\Downloaded Program Files\Netslv32.dll
    FileDelete %WINDIR%\Downloaded Program Files\netpe32.inf
    FileDelete %WINDIR%\Downloaded Program Files\nethv32.inf
    FileDelete %WINDIR%\Downloaded Program Files\LiveService.inf
    FileDelete %WINDIR%\Downloaded Program Files\one2oneSvc.inf
    FileDelete %WINDIR%\Downloaded Program Files\sysnetsvc32.inf
    FileDelete %WINDIR%\Downloaded Program Files\syswbsvc32.inf
    FileDelete %WINDIR%\Downloaded Program Files\sysinetsvc32.inf
    FileDelete %WINDIR%\Downloaded Program Files\sysiasvc32.inf

    FileDelete %WINDIR%\access.exe
    FileDelete %WINDIR%\dialx.exe
    FileDelete %WINDIR%\ExeDialer.exe
    FileDelete %WINDIR%\msupd.exe
    FileDelete %WINDIR%\system32mwsrvacc.exe

    FileDelete %WINDIR%\tmlpcert2005
    FileDelete %WINDIR%\tmlpcert2007

    FileDelete %WINDIR%\eg_auth_*.dll
    FileDelete %WINDIR%\eg_auth_srv_10*.dll
    FileDelete %WINDIR%\eg_auth_srv_mut0*.dll
    FileDelete %WINDIR%\ieaccess2.dll
    FileDelete %WINDIR%\system\eghtmldialer.dll
    FileDelete %WINDIR%\System\ieaccess2.dll
    FileDelete %WINDIR%\System\egdial.dll
    FileDelete %WINDIR%\p2esocks_10*.dll

    FileDelete %SYSDIR%\authclient.exe
    FileDelete %SYSDIR%\dhtmlexe.exe
    FileDelete %SYSDIR%\eglivecam.exe
    FileDelete %SYSDIR%\P2EClient.exe
    FileDelete %SYSDIR%\AxInst.exe
    FileDelete %SYSDIR%\axsetup.dll
    FileDelete %SYSDIR%\EGACCESS.dll
    FileDelete %SYSDIR%\EGACCESS*.dll
    FileDelete %SYSDIR%\egaccess4.DLL
    FileDelete %SYSDIR%\egaccess4_10*.dll
    FileDelete %SYSDIR%\EGDACCESS_*10*.dll
    FileDelete %SYSDIR%\EGDACCESS.dll
    FileDelete %SYSDIR%\egaccess*.inf
    FileDelete %SYSDIR%\EGDACCESS*.inf
    FileDelete %SYSDIR%\EGDHTML2.DLL
    FileDelete %SYSDIR%\EGDHTML_*.dll
    FileDelete %SYSDIR%\EGAUTH.dll
    FileDelete %SYSDIR%\eg_auth_srv_10*.dll
    FileDelete %SYSDIR%\EGCOMLIB*.dll
    FileDelete %SYSDIR%\EGCOMSERVICE2.dll
    FileDelete %SYSDIR%\EGCOMSERVICE_*.dll
    FileDelete %SYSDIR%\EGDownloader.dll
    FileDelete %SYSDIR%\EGLIVECAM_10*.DLL
    FileDelete %SYSDIR%\egdial.dll
    FileDelete %SYSDIR%\eglivecam.dll
    FileDelete %SYSDIR%\ia.dll
    FileDelete %SYSDIR%\ieaccess2.dll
    FileDelete %SYSDIR%\IaLdr32.exe
    FileDelete %SYSDIR%\IaLdr32.inf
    FileDelete %SYSDIR%\LiveService_*.dll
    FileDelete %SYSDIR%\msegcompid.dll
    FileDelete %SYSDIR%\msclock32.dll
    FileDelete %SYSDIR%\msclock32*.dll
    FileDelete %SYSDIR%\mservice.dll
    FileDelete %SYSDIR%\msplock32.dll
    FileDelete %SYSDIR%\msplock32*.dll
    FileDelete %SYSDIR%\mswbm32.dll
    FileDelete %SYSDIR%\mseggrpid.dll
    FileDelete %SYSDIR%\netia32.dll
    FileDelete %SYSDIR%\nethv32.dll
    FileDelete %SYSDIR%\Netslv32.dll
    FileDelete %SYSDIR%\One2OneService.dll
    FileDelete %SYSDIR%\one2oneSvc.dll
    FileDelete %SYSDIR%\p2esocks_*.dll
    FileDelete %SYSDIR%\P2ECOM.dll
    FileDelete %SYSDIR%\svcia32.dll
    FileDelete %SYSDIR%\syswbsvc32.dll
    FileDelete %SYSDIR%\sysiasvc32.dll
    FileDelete %SYSDIR%\sysia32svc.dll
    FileDelete %SYSDIR%\sysinetsvc32.dll
    FileDelete %SYSDIR%\svcsysnet32.dll
    FileDelete %SYSDIR%\sysnetsvc32.dll
    FileDelete %SYSDIR%\*_navps.dat
    FileDelete %SYSDIR%\*_nav.dat
    FileDelete %SYSDIR%\nvs2.inf
    FileDelete %SYSDIR%\linewsrv.exe
    FileDelete %SYSDIR%\mwsrvacc.exe

    FileDelete %SYSDIR%\backgrd.jpg
    FileDelete %SYSDIR%\baground.jpg

    FolderDelete %PROGRAMFILES%\dialpass
    FolderDelete %PROGRAMFILES%\eghtmldialer
    FolderDelete %PROGRAMFILES%\egroup
    FolderDelete %PROGRAMFILES%\Instant Access
    FolderDelete %PROGRAMFILES%\MailSkinner
    FolderDelete %PROGRAMFILES%\InternetGameBox
    FolderDelete %PROGRAMFILES%\GoRecord2
    FolderDelete %PROGRAMFILES%\GoAstro
    FolderDelete %PROGRAMFILES%\SudoPlanet
    FolderDelete %PROGRAMFILES%\WebMediaPlayer
    FolderDelete %PROGRAMFILES%\MessengerSkinner

    # mslagent block

    DllUnregister %WINDIR%\mslagent\2_mslagent.dll|1
    DllUnregister %WINDIR%\navmpc\2_navmpc.dll|1

    RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
    RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
    RegDeleteKey HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}
    RegDeleteKey HKCR\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}
    RegDeleteKey HKCR\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}
    RegDeleteKey HKCR\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}
    RegDeleteKey HKCR\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}
    RegDeleteKey HKCR\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}
    RegDeleteKey HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}
    RegDeleteKey HKCR\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}
    RegDeleteKey HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}
    RegDeleteKey HKCR\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}
    RegDeleteKey HKCR\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}
    RegDeleteKey HKCR\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}
    RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021BB032-80A8-4FB6-B3D5-CF27B1553B95}
    RegDeleteKey HKCR\MagicControl.MagicComponent
    RegDeleteKey HKCR\MagicControl.MagicComponent.1
    RegDeleteKey HKCR\mslagent.3
    RegDeleteKey HKCR\mslagent.3.1
    RegDeleteKey HKCR\NaviHelper.NaviHelperObject
    RegDeleteKey HKCR\NaviHelper.NaviHelperObject.1
    RegDeleteKey HKCR\NaviPromo.EGNaviScoring
    RegDeleteKey HKCR\NaviPromo.EGNaviScoring.1
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
    RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\navmpc
    FolderDelete %WINDIR%\mslagent
    FolderDelete %WINDIR%\navmpc
    FolderDelete %WINDIR%\msskinner
    FolderDelete %WINDIR%\wintrim
    FolderDelete %WINDIR%\wincomp
    FolderDelete %WINDIR%\winmgts
    FolderDelete %WINDIR%\simcss
    FolderDelete %WINDIR%\mc
    FileDelete %SYSDIR%\msklive.dll

    SystemEmptyTempFolder

    OptionUseRecycleBin
    FileDeleteIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te
    FileDeleteIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml
    FileDeleteIfContainsText %SYSDIR%\*.exe|iedisco

    FileDeleteIfMD5Match %SYSDIR%\*.exe|60000E6EBEFF360898E43A6E2685E1B0
    FileDeleteIfContainsText %SYSDIR%\*.dat|42.sa
    FileDeleteIfContainsText %SYSDIR%\*.dat|PNDOCDT@
    FileDeleteIfMD5Match %SYSDIR%\*.dat|C87EE35149404EA3C7AC361130E121FA

    FolderCreate %SYSDIR%\bfubackups
    FileMoveIfContainsHex %SYSDIR%\*.exe|%SYSDIR%\bfubackups|50,45,00,00,4C,01,04,00,8A,04,3D,44

    FileDelete %SYSDIR%\*_navps.dat
    FileDelete %SYSDIR%\*_nav.dat

    FileDelete C:\egd.txt
    SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

    salutations
    salutations
    0
  7. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ne met qu'un rapport Blacklight STP.

    Tu es toujours infecté c'est que la manip n'a pas été bien faite..

    a+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      coucou
      voila le rapport
      # For use with Merijn's Brute Force Uninstaller
      # available from http://merijn.org/
      #
      # Script Name: EGDACCESS.BFU
      # This script combines the old EGDACCESS.bfu and P2EClient.BFU
      # Author: Pieter Arntz
      #
      # Thanks to ~Mark and Moe31 for their contributions


      ProcessKill \mailskinner.exe|1
      ProcessKill %WINDIR%\iedisco.exe|1
      ProcessKill \GoAstro.exe|1
      ProcessKill \MessengerSkinner.exe|1
      ProcessKill \system32mwsrvacc.exe|1

      ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
      ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml


      RegDeleteKey HKCR\egdhtml.egdialhtml
      RegDeleteKey HKCR\egdhtml.egdialhtml.1
      RegDeleteKey HKCR\egdialobject.egdial
      RegDeleteKey HKCR\EGDialObject.EGDial.1
      RegDeleteKey HKCR\eghtmldialer.htmldialer
      RegDeleteKey HKCR\eghtmldialer.htmldialer.1
      RegDeleteKey HKCR\ieaccess2.iedial
      RegDeleteKey HKCR\ieaccess2.iedial.1
      RegDeleteKey HKCR\P2ECOM.EGP2ECOM
      RegDeleteKey HKCR\P2ECOM.EGP2ECOM.1
      RegDeleteKey HKCR\EGAUTH.EGEGAUTH
      RegDeleteKey HKCR\EGAUTH.EGEGAUTH.1
      RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc
      RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc.1
      RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2
      RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2.1
      RegDeleteKey HKCR\EGCOMLIB.EGComLibrary
      RegDeleteKey HKCR\EGCOMLIB.EGComLibrary.1
      RegDeleteKey HKCR\Webcam2.VideoProducer
      RegDeleteKey HKCR\Webcam2.VideoProducer.1

      RegDeleteKey HKCR\CLSID\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
      RegDeleteKey HKCR\CLSID\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
      RegDeleteKey HKCR\CLSID\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
      RegDeleteKey HKCR\CLSID\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
      RegDeleteKey HKCR\CLSID\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
      RegDeleteKey HKCR\CLSID\{0878F049-D33E-45E0-A157-C36A6683CF25}
      RegDeleteKey HKCR\CLSID\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
      RegDeleteKey HKCR\CLSID\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
      RegDeleteKey HKCR\CLSID\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
      RegDeleteKey HKCR\CLSID\{0E79192A-C52C-4260-920F-639AC2296203}
      RegDeleteKey HKCR\CLSID\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
      RegDeleteKey HKCR\CLSID\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
      RegDeleteKey HKCR\CLSID\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
      RegDeleteKey HKCR\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
      RegDeleteKey HKCR\CLSID\{1CD49DC9-FD88-41FA-B892-47E037267D45}
      RegDeleteKey HKCR\CLSID\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
      RegDeleteKey HKCR\CLSID\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
      RegDeleteKey HKCR\CLSID\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
      RegDeleteKey HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}
      RegDeleteKey HKCR\CLSID\{2A3DFC59-8A87-49A1-85D1-42903410911F}
      RegDeleteKey HKCR\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}
      RegDeleteKey HKCR\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
      RegDeleteKey HKCR\CLSID\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
      RegDeleteKey HKCR\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
      RegDeleteKey HKCR\CLSID\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
      RegDeleteKey HKCR\CLSID\{3616F4B5-F6AD-4E67-966A-C218673648A0}
      RegDeleteKey HKCR\CLSID\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
      RegDeleteKey HKCR\CLSID\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}
      RegDeleteKey HKCR\CLSID\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}
      RegDeleteKey HKCR\CLSID\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
      RegDeleteKey HKCR\CLSID\{469C7080-8EC8-43A6-AD97-45848113743C}
      RegDeleteKey HKCR\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
      RegDeleteKey HKCR\CLSID\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
      RegDeleteKey HKCR\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
      RegDeleteKey HKCR\CLSID\{54579C3D-A58D-4623-B5B5-465552BDA45B}
      RegDeleteKey HKCR\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
      RegDeleteKey HKCR\CLSID\{5FD9726A-4977-449D-8352-25FDD8A510B5}
      RegDeleteKey HKCR\CLSID\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
      RegDeleteKey HKCR\CLSID\{624321F1-0581-49D8-99BD-2E952C2DF31B}
      RegDeleteKey HKCR\CLSID\{6AA85413-165C-4200-8154-71166077B22E}
      RegDeleteKey HKCR\CLSID\{6AA93DF6-6757-4338-9087-F7601DE18402}
      RegDeleteKey HKCR\CLSID\{71CBDCD9-0830-4470-A890-35D364DA352C}
      RegDeleteKey HKCR\CLSID\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
      RegDeleteKey HKCR\CLSID\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
      RegDeleteKey HKCR\CLSID\{77EF6DBF-3929-4081-AF2E-178D387E211C}
      RegDeleteKey HKCR\CLSID\{78F584DF-BBF5-4296-839C-31DE60914DBC}
      RegDeleteKey HKCR\CLSID\{82FC4503-8459-4239-9B85-0617BEAA950A}
      RegDeleteKey HKCR\CLSID\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
      RegDeleteKey HKCR\CLSID\{87C1805D-C5AE-4455-AB39-E245BB516136}
      RegDeleteKey HKCR\CLSID\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
      RegDeleteKey HKCR\CLSID\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
      RegDeleteKey HKCR\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
      RegDeleteKey HKCR\CLSID\{95460ABD-946A-46FF-9F56-268718323EEE}
      RegDeleteKey HKCR\CLSID\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}
      RegDeleteKey HKCR\CLSID\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
      RegDeleteKey HKCR\CLSID\{A02780C3-7F77-4E28-855B-28890F3CF37A}
      RegDeleteKey HKCR\CLSID\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
      RegDeleteKey HKCR\CLSID\{AF7410C1-FBA3-415E-800A-4110CED40536}
      RegDeleteKey HKCR\CLSID\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
      RegDeleteKey HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
      RegDeleteKey HKCR\CLSID\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
      RegDeleteKey HKCR\CLSID\{B843DA96-2B2D-447E-90AB-B92929AA11AF}
      RegDeleteKey HKCR\CLSID\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
      RegDeleteKey HKCR\CLSID\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
      RegDeleteKey HKCR\CLSID\{BD3653E4-884B-43C4-970B-670802501B7F}
      RegDeleteKey HKCR\CLSID\{BE5A7132-329F-4319-B781-2A83BFE51534}
      RegDeleteKey HKCR\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
      RegDeleteKey HKCR\CLSID\{C2481ED1-9896-4D49-AE90-69858DFDE446}
      RegDeleteKey HKCR\CLSID\{C6760A07-A574-4705-B113-7856315922C3}
      RegDeleteKey HKCR\CLSID\{C80B7FF6-CE60-4079-935E-520C045C30A6}
      RegDeleteKey HKCR\CLSID\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
      RegDeleteKey HKCR\CLSID\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
      RegDeleteKey HKCR\CLSID\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
      RegDeleteKey HKCR\CLSID\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
      RegDeleteKey HKCR\CLSID\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
      RegDeleteKey HKCR\CLSID\{D24A1963-9951-4153-A340-6648759EB77D}
      RegDeleteKey HKCR\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
      RegDeleteKey HKCR\CLSID\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
      RegDeleteKey HKCR\CLSID\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
      RegDeleteKey HKCR\CLSID\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
      RegDeleteKey HKCR\CLSID\{E1D20694-74D9-472D-AF03-08C26173A67F}
      RegDeleteKey HKCR\CLSID\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
      RegDeleteKey HKCR\CLSID\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
      RegDeleteKey HKCR\CLSID\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
      RegDeleteKey HKCR\CLSID\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
      RegDeleteKey HKCR\CLSID\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
      RegDeleteKey HKCR\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
      RegDeleteKey HKCR\CLSID\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
      RegDeleteKey HKCR\CLSID\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
      RegDeleteKey HKCR\CLSID\{F4653484-F38C-455F-BB15-1175E527754E}
      RegDeleteKey HKCR\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
      RegDeleteKey HKCR\CLSID\{FA1D6D8F-C6ED-4752-8512-A33283240130}
      RegDeleteKey HKCR\CLSID\{FA605711-8E72-46B2-AE49-BED11B2E729D}
      RegDeleteKey HKCR\CLSID\{FA83E942-B796-46DE-9155-1632ECC5473B}
      RegDeleteKey HKCR\CLSID\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
      RegDeleteKey HKCR\CLSID\{FF521631-31DA-48AC-B4E9-390A7694C906}

      RegDeleteKey HKCR\TypeLib\{06EC63CC-4823-4836-ABB8-AB5F3971FA5C}
      RegDeleteKey HKCR\TypeLib\{0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C}
      RegDeleteKey HKCR\TypeLib\{1F445F82-42C0-46F3-9A2E-6ADB79046D41}
      RegDeleteKey HKCR\TypeLib\{7699AEF9-F83A-44FA-B374-AA02CEDF247D}
      RegDeleteKey HKCR\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
      RegDeleteKey HKCR\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}
      RegDeleteKey HKCR\TypeLib\{E8C88115-4951-425B-8C45-4DFC5A5540EE}
      RegDeleteKey HKCR\TypeLib\{F3A257E6-FA04-4B30-A1B6-6B89EB814544}

      RegDeleteKey HKCR\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}
      RegDeleteKey HKCR\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
      RegDeleteKey HKCR\Interface\{3947AC1D-DB09-4353-BBCC-55B97F5035EF}
      RegDeleteKey HKCR\Interface\{62BFAEC2-82A5-4117-A98B-FEA89413D924}
      RegDeleteKey HKCR\Interface\{7B1B5E44-8E90-4EE2-9049-CC0C5D8A918F}
      RegDeleteKey HKCR\Interface\{81C2F7F3-F930-455E-9AA5-0876D387C787}
      RegDeleteKey HKCR\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
      RegDeleteKey HKCR\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED}
      RegDeleteKey HKCR\Interface\{A58F3D09-4543-4396-8BE7-105F14DD6ED5}
      RegDeleteKey HKCR\Interface\{A7B323DA-0D0C-4298-8DE0-4F2AC4773284}
      RegDeleteKey HKCR\Interface\{C13FA88A-D264-4BC8-92ED-52EB8181E209}
      RegDeleteKey HKCR\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}

      RegDeleteKey HKCU\Software\livesvc
      RegDeleteKey HKCU\Software\EGDHTML
      RegDeleteKey HKCU\Software\egroup
      RegDeleteKey HKCU\Software\P2EClient
      RegDeleteKey HKCU\software\egdhtml
      RegDeleteKey HKCU\Software\epk_extr
      RegDeleteKey HKCU\software\mc
      RegDeleteKey HKUS\software\egdhtml
      RegDeleteKey HKLM\SOFTWARE\InternetGameBox
      RegDeleteKey HKLM\SOFTWARE\GoRecord
      RegDeleteKey HKLM\SOFTWARE\GoAstro
      RegDeleteKey HKLM\SOFTWARE\SudoPlanet
      RegDeleteKey HKLM\SOFTWARE\WebMediaPlayer
      RegDeleteKey HKLM\SOFTWARE\MessengerSkinner

      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878F049-D33E-45E0-A157-C36A6683CF25}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E79192A-C52C-4260-920F-639AC2296203}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD49DC9-FD88-41FA-B892-47E037267D45}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26D73573-F1B3-48C9-A989-E6CE071957A1}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2A3DFC59-8A87-49A1-85D1-42903410911F}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3616F4B5-F6AD-4E67-966A-C218673648A0}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54579C3D-A58D-4623-B5B5-465552BDA45B}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5FD9726A-4977-449D-8352-25FDD8A510B5}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{624321F1-0581-49D8-99BD-2E952C2DF31B}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA85413-165C-4200-8154-71166077B22E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA93DF6-6757-4338-9087-F7601DE18402}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71CBDCD9-0830-4470-A890-35D364DA352C}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77EF6DBF-3929-4081-AF2E-178D387E211C}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78F584DF-BBF5-4296-839C-31DE60914DBC}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{82FC4503-8459-4239-9B85-0617BEAA950A}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87C1805D-C5AE-4455-AB39-E245BB516136}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95460ABD-946A-46FF-9F56-268718323EEE}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AF7410C1-FBA3-415E-800A-4110CED40536}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD3653E4-884B-43C4-970B-670802501B7F}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE5A7132-329F-4319-B781-2A83BFE51534}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2481ED1-9896-4D49-AE90-69858DFDE446}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C6760A07-A574-4705-B113-7856315922C3}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C80B7FF6-CE60-4079-935E-520C045C30A6}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E1D20694-74D9-472D-AF03-08C26173A67F}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F4653484-F38C-455F-BB15-1175E527754E}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA1D6D8F-C6ED-4752-8512-A33283240130}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA605711-8E72-46B2-AE49-BED11B2E729D}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA83E942-B796-46DE-9155-1632ECC5473B}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF521631-31DA-48AC-B4E9-390A7694C906}

      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01BE5BD7-B2DD-48B3-A759-59265A91E787}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0878F049-D33E-45E0-A157-C36A6683CF25}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E79192A-C52C-4260-920F-639AC2296203}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14325268-79E0-4D2A-89A4-FFFC6E22741E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD49DC9-FD88-41FA-B892-47E037267D45}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1EB17D1C-141D-4D9D-91CB-24D99215851D}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26D73573-F1B3-48C9-A989-E6CE071957A1}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A3DFC59-8A87-49A1-85D1-42903410911F}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ABE804B-4D3A-41BF-A172-304627874B45}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F668A6D-2EC7-4E3A-A485-819E210738D6}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3616F4B5-F6AD-4E67-966A-C218673648A0}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{469C7080-8EC8-43A6-AD97-45848113743C}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{486E48B5-ABF2-42BB-A327-2679DF3FB822}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{505098FD-5D61-4BC2-9B82-F969D0E932A2}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54579C3D-A58D-4623-B5B5-465552BDA45B}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5FD9726A-4977-449D-8352-25FDD8A510B5}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{624321F1-0581-49D8-99BD-2E952C2DF31B}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA85413-165C-4200-8154-71166077B22E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA93DF6-6757-4338-9087-F7601DE18402}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71CBDCD9-0830-4470-A890-35D364DA352C}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7504F0D5-644A-4103-9D02-95488B6CB9A1}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77EF6DBF-3929-4081-AF2E-178D387E211C}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F584DF-BBF5-4296-839C-31DE60914DBC}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{82FC4503-8459-4239-9B85-0617BEAA950A}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87C1805D-C5AE-4455-AB39-E245BB516136}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95460ABD-946A-46FF-9F56-268718323EEE}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A02780C3-7F77-4E28-855B-28890F3CF37A}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7410C1-FBA3-415E-800A-4110CED40536}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD3653E4-884B-43C4-970B-670802501B7F}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE5A7132-329F-4319-B781-2A83BFE51534}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2481ED1-9896-4D49-AE90-69858DFDE446}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6760A07-A574-4705-B113-7856315922C3}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C80B7FF6-CE60-4079-935E-520C045C30A6}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CB5D474E-A510-40A4-B5A4-838933BCBA64}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E1D20694-74D9-472D-AF03-08C26173A67F}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3943A24-2F83-4505-9AE5-F705E81B50CB}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4653484-F38C-455F-BB15-1175E527754E}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F72BC3F0-6C20-4793-9DDA-258589D8A907}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1D6D8F-C6ED-4752-8512-A33283240130}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA605711-8E72-46B2-AE49-BED11B2E729D}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA83E942-B796-46DE-9155-1632ECC5473B}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}|Compatibility Flags|1024
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF521631-31DA-48AC-B4E9-390A7694C906}|Compatibility Flags|1024

      RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
      RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cpntmgc
      RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
      RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MailSkinner
      RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MC
      RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|go-astro
      RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|messengerskinner
      RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC
      RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupd
      RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialDllName32|wininet.dll
      RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialFcnName32|InternetAutodialCallback
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailSkinner
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoRecord
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoAstro
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SudoPlanet
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebMediaPlayer
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MessengerSkinner

      RegDeleteKey HKCR\AxInst.IgbInstall
      RegDeleteKey HKCR\AxInst.IgbInstall.1
      RegDeleteKey HKCR\CLSID\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
      RegDeleteKey HKCR\AppID\AppID\AxInst.EXE
      RegDeleteKey HKCR\AppID\{7AA54C6E-DBF0-4A63-AFE0-6582094C46DE}
      RegDeleteKey HKCR\Interface\{66C13795-9AA0-4244-B1A8-37F9E99FB079}
      RegDeleteKey HKCR\Interface\{9E03C295-4FDF-4828-A99C-85EB0D848DC0}
      RegDeleteKey HKCR\TypeLib\{C9F88FA1-51F1-43C8-A0FC-EAC4537D8392}
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
      RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E68718BB-5451-4F6F-B8B8-41B4AB672747}|Compatibility Flags|1024
      RegDelValue HKCU\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0|ELECTRONIC GROUP
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoAstro.exe
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SudoPlanet.exe
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoRecord.exe
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe
      RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MessengerSkinner.exe

      DllUnregister %SYSDIR%\MSWBM32.DLL|1
      DllUnregister %PROGRAMFILES%\MailSkinner\OESkinner.dll|1

      ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
      ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

      FileDelete %SYSTEMDRIVE%\dfuck.ico
      FileDelete %SYSTEMDRIVE%\Video Party.ico

      FileDelete %ALLUSERSDESKTOP%\Instant Access.lnk
      FileDelete %ALLUSERSDESKTOP%\NoCreditCard.lnk
      FileDelete %ALLUSERSDESKTOP%\Join The Orgy.lnk
      FileDelete %ALLUSERSDESKTOP%\GoRecord.lnk
      FileDelete %ALLUSERSDESKTOP%\GoAstro.lnk
      FileDelete %ALLUSERSDESKTOP%\InternetGameBox.lnk
      FileDelete %ALLUSERSDESKTOP%\SudoPlanet.lnk
      FileDelete %ALLUSERSDESKTOP%\WebMediaPlayer.lnk

      FileDelete %DESKTOP%\Instant Access.lnk
      FileDelete %DESKTOP%\NoCreditCard.lnk
      FileDelete %DESKTOP%\Join The Orgy.lnk
      FileDelete %DESKTOP%\GoRecord.lnk
      FileDelete %DESKTOP%\GoAstro.lnk
      FileDelete %DESKTOP%\InternetGameBox.lnk
      FileDelete %DESKTOP%\SudoPlanet.lnk
      FileDelete %DESKTOP%\WebMediaPlayer.lnk

      FileDelete %PROGRAMS%\GoRecord 2
      FileDelete %PROGRAMS%\GoAstro
      FileDelete %PROGRAMS%\InternetGameBox
      FileDelete %PROGRAMS%\SudoPlanet
      FileDelete %PROGRAMS%\WebMediaPlayer
      FileDelete %PROGRAMS%\MessengerSkinner

      FileDelete %ALLUSERSSTARTMENU%\Instant access
      FileDelete %ALLUSERSSTARTMENU%\NoCreditCard
      FileDelete %ALLUSERSSTARTMENU%\Join The Orgy
      FileDelete %ALLUSERSSTARTMENU%\GoRecord 2
      FileDelete %ALLUSERSSTARTMENU%\GoAstro
      FileDelete %ALLUSERSSTARTMENU%\InternetGameBox
      FileDelete %ALLUSERSSTARTMENU%\SudoPlanet
      FileDelete %ALLUSERSSTARTMENU%\WebMediaPlayer

      FileDelete %WINDIR%\Downloaded Program Files\dhtmlaccess.inf
      FileDelete %WINDIR%\Downloaded Program Files\dtc32.inf
      FileDelete %WINDIR%\Downloaded Program Files\EGAUTH.inf
      FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS.inf
      FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS_ASPIV4.inf
      FileDelete %WINDIR%\Downloaded Program Files\EGCOMSERVICE_pack.inf
      FileDelete %WINDIR%\Downloaded Program Files\egdhtml.inf
      FileDelete %WINDIR%\Downloaded Program Files\egdial.dll
      FileDelete %WINDIR%\Downloaded Program Files\egdhtml_****.dll
      FileDelete %WINDIR%\Downloaded Program Files\egdhtml_pack.inf
      FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.inf
      FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.dll
      FileDelete %WINDIR%\Downloaded Program Files\eglivecam_****.dll
      FileDelete %WINDIR%\Downloaded Program Files\eglivecam.dll
      FileDelete %WINDIR%\Downloaded Program Files\ia.inf
      FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.inf
      FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.dll
      FileDelete %WINDIR%\Downloaded Program Files\netcmp32.inf
      FileDelete %WINDIR%\Downloaded Program Files\netia32.inf
      FileDelete %WINDIR%\Downloaded Program Files\Netslv32.inf
      FileDelete %WINDIR%\Downloaded Program Files\Netslv32.dll
      FileDelete %WINDIR%\Downloaded Program Files\netpe32.inf
      FileDelete %WINDIR%\Downloaded Program Files\nethv32.inf
      FileDelete %WINDIR%\Downloaded Program Files\LiveService.inf
      FileDelete %WINDIR%\Downloaded Program Files\one2oneSvc.inf
      FileDelete %WINDIR%\Downloaded Program Files\sysnetsvc32.inf
      FileDelete %WINDIR%\Downloaded Program Files\syswbsvc32.inf
      FileDelete %WINDIR%\Downloaded Program Files\sysinetsvc32.inf
      FileDelete %WINDIR%\Downloaded Program Files\sysiasvc32.inf

      FileDelete %WINDIR%\access.exe
      FileDelete %WINDIR%\dialx.exe
      FileDelete %WINDIR%\ExeDialer.exe
      FileDelete %WINDIR%\msupd.exe
      FileDelete %WINDIR%\system32mwsrvacc.exe

      FileDelete %WINDIR%\tmlpcert2005
      FileDelete %WINDIR%\tmlpcert2007

      FileDelete %WINDIR%\eg_auth_*.dll
      FileDelete %WINDIR%\eg_auth_srv_10*.dll
      FileDelete %WINDIR%\eg_auth_srv_mut0*.dll
      FileDelete %WINDIR%\ieaccess2.dll
      FileDelete %WINDIR%\system\eghtmldialer.dll
      FileDelete %WINDIR%\System\ieaccess2.dll
      FileDelete %WINDIR%\System\egdial.dll
      FileDelete %WINDIR%\p2esocks_10*.dll


      FileDelete %SYSDIR%\authclient.exe
      FileDelete %SYSDIR%\dhtmlexe.exe
      FileDelete %SYSDIR%\eglivecam.exe
      FileDelete %SYSDIR%\P2EClient.exe
      FileDelete %SYSDIR%\AxInst.exe
      FileDelete %SYSDIR%\axsetup.dll
      FileDelete %SYSDIR%\EGACCESS.dll
      FileDelete %SYSDIR%\EGACCESS*.dll
      FileDelete %SYSDIR%\egaccess4.DLL
      FileDelete %SYSDIR%\egaccess4_10*.dll
      FileDelete %SYSDIR%\EGDACCESS_*10*.dll
      FileDelete %SYSDIR%\EGDACCESS.dll
      FileDelete %SYSDIR%\egaccess*.inf
      FileDelete %SYSDIR%\EGDACCESS*.inf
      FileDelete %SYSDIR%\EGDHTML2.DLL
      FileDelete %SYSDIR%\EGDHTML_*.dll
      FileDelete %SYSDIR%\EGAUTH.dll
      FileDelete %SYSDIR%\eg_auth_srv_10*.dll
      FileDelete %SYSDIR%\EGCOMLIB*.dll
      FileDelete %SYSDIR%\EGCOMSERVICE2.dll
      FileDelete %SYSDIR%\EGCOMSERVICE_*.dll
      FileDelete %SYSDIR%\EGDownloader.dll
      FileDelete %SYSDIR%\EGLIVECAM_10*.DLL
      FileDelete %SYSDIR%\egdial.dll
      FileDelete %SYSDIR%\eglivecam.dll
      FileDelete %SYSDIR%\ia.dll
      FileDelete %SYSDIR%\ieaccess2.dll
      FileDelete %SYSDIR%\IaLdr32.exe
      FileDelete %SYSDIR%\IaLdr32.inf
      FileDelete %SYSDIR%\LiveService_*.dll
      FileDelete %SYSDIR%\msegcompid.dll
      FileDelete %SYSDIR%\msclock32.dll
      FileDelete %SYSDIR%\msclock32*.dll
      FileDelete %SYSDIR%\mservice.dll
      FileDelete %SYSDIR%\msplock32.dll
      FileDelete %SYSDIR%\msplock32*.dll
      FileDelete %SYSDIR%\mswbm32.dll
      FileDelete %SYSDIR%\mseggrpid.dll
      FileDelete %SYSDIR%\netia32.dll
      FileDelete %SYSDIR%\nethv32.dll
      FileDelete %SYSDIR%\Netslv32.dll
      FileDelete %SYSDIR%\One2OneService.dll
      FileDelete %SYSDIR%\one2oneSvc.dll
      FileDelete %SYSDIR%\p2esocks_*.dll
      FileDelete %SYSDIR%\P2ECOM.dll
      FileDelete %SYSDIR%\svcia32.dll
      FileDelete %SYSDIR%\syswbsvc32.dll
      FileDelete %SYSDIR%\sysiasvc32.dll
      FileDelete %SYSDIR%\sysia32svc.dll
      FileDelete %SYSDIR%\sysinetsvc32.dll
      FileDelete %SYSDIR%\svcsysnet32.dll
      FileDelete %SYSDIR%\sysnetsvc32.dll
      FileDelete %SYSDIR%\*_navps.dat
      FileDelete %SYSDIR%\*_nav.dat
      FileDelete %SYSDIR%\nvs2.inf
      FileDelete %SYSDIR%\linewsrv.exe
      FileDelete %SYSDIR%\mwsrvacc.exe

      FileDelete %SYSDIR%\backgrd.jpg
      FileDelete %SYSDIR%\baground.jpg

      FolderDelete %PROGRAMFILES%\dialpass
      FolderDelete %PROGRAMFILES%\eghtmldialer
      FolderDelete %PROGRAMFILES%\egroup
      FolderDelete %PROGRAMFILES%\Instant Access
      FolderDelete %PROGRAMFILES%\MailSkinner
      FolderDelete %PROGRAMFILES%\InternetGameBox
      FolderDelete %PROGRAMFILES%\GoRecord2
      FolderDelete %PROGRAMFILES%\GoAstro
      FolderDelete %PROGRAMFILES%\SudoPlanet
      FolderDelete %PROGRAMFILES%\WebMediaPlayer
      FolderDelete %PROGRAMFILES%\MessengerSkinner

      # mslagent block

      DllUnregister %WINDIR%\mslagent\2_mslagent.dll|1
      DllUnregister %WINDIR%\navmpc\2_navmpc.dll|1

      RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
      RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
      RegDeleteKey HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}
      RegDeleteKey HKCR\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}
      RegDeleteKey HKCR\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}
      RegDeleteKey HKCR\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}
      RegDeleteKey HKCR\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}
      RegDeleteKey HKCR\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}
      RegDeleteKey HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}
      RegDeleteKey HKCR\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}
      RegDeleteKey HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}
      RegDeleteKey HKCR\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}
      RegDeleteKey HKCR\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}
      RegDeleteKey HKCR\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}
      RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021BB032-80A8-4FB6-B3D5-CF27B1553B95}
      RegDeleteKey HKCR\MagicControl.MagicComponent
      RegDeleteKey HKCR\MagicControl.MagicComponent.1
      RegDeleteKey HKCR\mslagent.3
      RegDeleteKey HKCR\mslagent.3.1
      RegDeleteKey HKCR\NaviHelper.NaviHelperObject
      RegDeleteKey HKCR\NaviHelper.NaviHelperObject.1
      RegDeleteKey HKCR\NaviPromo.EGNaviScoring
      RegDeleteKey HKCR\NaviPromo.EGNaviScoring.1
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
      RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\navmpc
      FolderDelete %WINDIR%\mslagent
      FolderDelete %WINDIR%\navmpc
      FolderDelete %WINDIR%\msskinner
      FolderDelete %WINDIR%\wintrim
      FolderDelete %WINDIR%\wincomp
      FolderDelete %WINDIR%\winmgts
      FolderDelete %WINDIR%\simcss
      FolderDelete %WINDIR%\mc
      FileDelete %SYSDIR%\msklive.dll

      SystemEmptyTempFolder

      OptionUseRecycleBin
      FileDeleteIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te
      FileDeleteIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml
      FileDeleteIfContainsText %SYSDIR%\*.exe|iedisco

      FileDeleteIfMD5Match %SYSDIR%\*.exe|60000E6EBEFF360898E43A6E2685E1B0
      FileDeleteIfContainsText %SYSDIR%\*.dat|42.sa
      FileDeleteIfContainsText %SYSDIR%\*.dat|PNDOCDT@
      FileDeleteIfMD5Match %SYSDIR%\*.dat|C87EE35149404EA3C7AC361130E121FA

      FolderCreate %SYSDIR%\bfubackups
      FileMoveIfContainsHex %SYSDIR%\*.exe|%SYSDIR%\bfubackups|50,45,00,00,4C,01,04,00,8A,04,3D,44

      FileDelete %SYSDIR%\*_navps.dat
      FileDelete %SYSDIR%\*_nav.dat

      FileDelete C:\egd.txt
      SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

      salutations
      0
  8. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Rapport blacklight pas Egdacess...

    ;-)
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      oupss dèsolè
      le voici

      11/11/06 18:01:21 [Info]: BlackLight Engine 1.0.47 initialized
      11/11/06 18:01:21 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      11/11/06 18:01:21 [Note]: 7019 4
      11/11/06 18:01:21 [Note]: 7005 0
      11/11/06 18:01:24 [Note]: 7006 0
      11/11/06 18:01:24 [Note]: 7011 3284
      11/11/06 18:01:24 [Note]: 7026 0
      11/11/06 18:01:24 [Note]: 7026 0
      11/11/06 18:01:24 [Note]: 7024 3
      11/11/06 18:01:24 [Info]: Hidden process: C:\windows\system32\kxmqhynis.exe
      11/11/06 18:01:24 [Note]: 7015 1316
      11/11/06 18:01:24 [Note]: 7015 5
      11/11/06 18:01:24 [Note]: 7015 1844
      11/11/06 18:01:24 [Note]: 7015 5
      11/11/06 18:01:24 [Note]: FSRAW library version 1.7.1020
      11/11/06 18:05:17 [Note]: 4013 72943
      11/11/06 18:05:17 [Note]: 4020 94076 2686976
      11/11/06 18:05:17 [Note]: 4018 94076 2686976
      11/11/06 18:05:17 [Note]: 4013 72943
      11/11/06 18:05:17 [Note]: 4020 94076 2686976
      11/11/06 18:05:17 [Note]: 4018 94076 2686976
      11/11/06 18:05:23 [Note]: 4013 72889
      11/11/06 18:05:23 [Note]: 4020 94074 2621440
      11/11/06 18:05:23 [Note]: 4018 94074 2621440
      11/11/06 18:05:23 [Note]: 4013 72889
      11/11/06 18:05:23 [Note]: 4020 94074 2621440
      11/11/06 18:05:23 [Note]: 4018 94074 2621440
      11/11/06 18:10:39 [Info]: Hidden file: c:\WINDOWS\Prefetch\KXMQHYNIS.EXE-134092B0.pf
      11/11/06 18:10:39 [Note]: 10002 1
      11/11/06 18:10:47 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis.dat
      11/11/06 18:10:47 [Note]: 10002 1
      11/11/06 18:10:48 [Info]: Hidden file: C:\windows\system32\kxmqhynis.exe
      11/11/06 18:10:48 [Note]: 10002 1
      11/11/06 18:10:48 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis_nav.dat
      11/11/06 18:10:48 [Note]: 10002 1
      11/11/06 18:10:48 [Info]: Hidden file: c:\WINDOWS\system32\kxmqhynis_navps.dat
      11/11/06 18:10:48 [Note]: 10002 1
      11/11/06 18:14:27 [Note]: 7007 0

      a+
      0
  9. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Si tu as fait un copier/coller de l'ancien ce n'est pas bon ...

    Réinstalle et relance le. et colle le nouveau rapport.

    a+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      reouupss
      11/11/06 19:05:45 [Info]: BlackLight Engine 1.0.47 initialized
      11/11/06 19:05:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      11/11/06 19:05:45 [Note]: 7019 4
      11/11/06 19:05:45 [Note]: 7005 0
      11/11/06 19:05:59 [Note]: 7006 0
      11/11/06 19:05:59 [Note]: 7011 328
      11/11/06 19:05:59 [Note]: 7026 0
      11/11/06 19:05:59 [Note]: 7026 0
      11/11/06 19:05:59 [Note]: 7015 1556
      11/11/06 19:05:59 [Note]: 7015 5
      11/11/06 19:05:59 [Note]: 7015 1820
      11/11/06 19:05:59 [Note]: 7015 5
      11/11/06 19:05:59 [Note]: 7024 3
      11/11/06 19:05:59 [Info]: Hidden process: C:\windows\system32\vmtjurokw.exe
      11/11/06 19:05:59 [Note]: FSRAW library version 1.7.1020
      11/11/06 19:15:29 [Info]: Hidden file: c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
      11/11/06 19:15:29 [Note]: 10002 1
      11/11/06 19:15:56 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw.dat
      11/11/06 19:15:56 [Note]: 10002 1
      11/11/06 19:15:56 [Info]: Hidden file: C:\windows\system32\vmtjurokw.exe
      11/11/06 19:15:56 [Note]: 10002 1
      11/11/06 19:15:56 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw_nav.dat
      11/11/06 19:15:56 [Note]: 10002 1
      11/11/06 19:15:57 [Info]: Hidden file: c:\WINDOWS\system32\vmtjurokw_navps.dat
      11/11/06 19:15:57 [Note]: 10002 1

      salutations
      0
  10. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    fais cette manip moins lourde mais peut être moins radicale :

    Télécharge: Pocket Killbox ici
    http://www.downloads.subratam.org/KillBox.exe

    Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    Regarde la méthode du bloc note et fais pareil avec cette liste:

    c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
    c:\WINDOWS\system32\vmtjurokw.dat
    C:\windows\system32\vmtjurokw.exe
    c:\WINDOWS\system32\vmtjurokw_nav.dat
    c:\WINDOWS\system32\vmtjurokw_navps.dat

    Ensuite, redemarre ton PC et remet un rapport Blacklight.

    a+

    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      coucou
      je ferais sa demain , je dois partir
      je vous remecie pour votre patience et pour votre aide
      bonne soirèe
      salutations
      0
    2. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
       
      ok pas de prob.

      bonne soirée.

      a+

      0
      1. zzorglub Messages postés 87 Statut Membre 1 > Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention  
         
        bonjour
        j'ai fait ce que tu à dit
        voici le rapport blacknight
        11/12/06 11:05:45 [Info]: BlackLight Engine 1.0.47 initialized
        11/12/06 11:05:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
        11/12/06 11:05:45 [Note]: 7019 4
        11/12/06 11:05:45 [Note]: 7005 0
        11/12/06 11:05:47 [Note]: 7006 0
        11/12/06 11:05:47 [Note]: 7011 228
        11/12/06 11:05:48 [Note]: 7026 0
        11/12/06 11:05:48 [Note]: 7026 0
        11/12/06 11:05:48 [Note]: 7015 632
        11/12/06 11:05:48 [Note]: 7015 5
        11/12/06 11:05:48 [Note]: 7024 3
        11/12/06 11:05:48 [Info]: Hidden process: C:\windows\system32\vmtjurokw.exe
        11/12/06 11:05:48 [Note]: 7015 2024
        11/12/06 11:05:48 [Note]: 7015 5
        11/12/06 11:05:48 [Note]: FSRAW library version 1.7.1020
        11/12/06 11:05:49 [Info]: Hidden file: c:\!KillBox\vmtjurokw.dat
        11/12/06 11:05:49 [Note]: 10002 1
        11/12/06 11:05:49 [Info]: Hidden file: c:\!KillBox\vmtjurokw.exe
        11/12/06 11:05:49 [Note]: 10002 1
        11/12/06 11:05:49 [Info]: Hidden file: c:\!KillBox\VMTJUROKW.EXE-10E15F06.pf
        11/12/06 11:05:49 [Note]: 10002 1
        11/12/06 11:05:49 [Info]: Hidden file: c:\!KillBox\vmtjurokw_nav.dat
        11/12/06 11:05:49 [Note]: 10002 1
        11/12/06 11:05:49 [Info]: Hidden file: c:\!KillBox\vmtjurokw_navps.dat
        11/12/06 11:05:49 [Note]: 10002 1
        11/12/06 11:15:30 [Info]: Hidden file: c:\WINDOWS\Prefetch\VMTJUROKW.EXE-10E15F06.pf
        11/12/06 11:15:30 [Note]: 10002 1
        11/12/06 11:15:35 [Error]: 6019 0
        11/12/06 11:15:35 [Error]: 6017 0
        11/12/06 11:16:03 [Note]: 7007 0
        salutations
        0
  11. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Double clic sur killbox.exe (Pocket Killbox)

    - coche: delete on reboot
    - Dans "Full Path of File to Delete"
    -Sélectionne "single File"

    -copie et colle: C:\windows\system32\vmtjurokw.exe

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer clique sur YES

    Si ce message s’affiche ignore le :
    http://tinypic.com/images/goodbye.jpg
    Laisse le pc redémarrer.
    Et après reposte un log HijackThis + un black light

    A+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      coucou
      une premiere fenetre me demande si je veut reboot, je dis OUI
      ET APRES UN COMPTE A REBOURS SE MET et le message qu'il faut ingnorer s'affiche , met le pc ne s'arette pas
      salutations
      0
  12. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    redemarre le manuellement et redonne nous les rapports stp

    a+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      coucou
      voici les rapports
      Logfile of HijackThis v1.99.1
      Scan saved at 21:49:56, on 12/11/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\VTTimer.exe
      C:\Program Files\USB Storage RW\DskWatch.exe
      C:\Program Files\CyberLink\PowerCinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\VTtrayp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\carpserv.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\FRANCOIS\Bureau\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [CARPService] carpserv.exe
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [vmtjurokw] c:\windows\system32\vmtjurokw.exe vmtjurokw
      O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32\kxmqhynis.exe kxmqhynis
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Startup: desktop(2)(2).ini
      O4 - Startup: desktop(2).ini
      O4 - Startup: desktop(3).ini
      O4 - Global Startup: desktop(2)(2).ini
      O4 - Global Startup: desktop(2).ini
      O4 - Global Startup: desktop(3).ini
      O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe




      et le blacklight
      11/12/06 21:50:15 [Info]: BlackLight Engine 1.0.47 initialized
      11/12/06 21:50:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      11/12/06 21:50:16 [Note]: 7019 4
      11/12/06 21:50:16 [Note]: 7005 0
      11/12/06 21:50:17 [Note]: 7006 0
      11/12/06 21:50:17 [Note]: 7011 632
      11/12/06 21:50:18 [Note]: 7026 0
      11/12/06 21:50:18 [Note]: 7026 0
      11/12/06 21:50:18 [Note]: 7015 1816
      11/12/06 21:50:18 [Note]: 7015 5
      11/12/06 21:50:18 [Note]: 7015 2184
      11/12/06 21:50:18 [Note]: 7015 5
      11/12/06 21:50:28 [Note]: FSRAW library version 1.7.1020
      11/12/06 21:58:36 [Note]: 2000 1012
      11/12/06 22:01:27 [Note]: 7007 0


      salutations
      0
  13. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Tu n'as pas du faire la manip avec Killbox avant le rapport Hijack ...

    Remet un log Hijack STP et dis nous ou en sont tes probs.

    a+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      salut
      voici un log hijack
      Logfile of HijackThis v1.99.1
      Scan saved at 17:32:07, on 13/11/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\VTTimer.exe
      C:\Program Files\USB Storage RW\DskWatch.exe
      C:\Program Files\CyberLink\PowerCinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\VTtrayp.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\carpserv.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft Office\Office\OSA.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\FRANCOIS\Bureau\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [CARPService] carpserv.exe
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [vmtjurokw] c:\windows\system32\vmtjurokw.exe vmtjurokw
      O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32\kxmqhynis.exe kxmqhynis
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - Startup: desktop(2)(2).ini
      O4 - Startup: desktop(2).ini
      O4 - Startup: desktop(3).ini
      O4 - Global Startup: desktop(2)(2).ini
      O4 - Global Startup: desktop(2).ini
      O4 - Global Startup: desktop(3).ini
      O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

      les fenetres de pub n'apparaissent plus pour le moment ,quels conseils pour ne plus les revoir??
      salutations
      0
  14. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Fais ceci deja:

    ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

    O4 - HKLM\..\Run: [vmtjurokw] c:\windows\system32\vmtjurokw.exe vmtjurokw

    O4 - HKLM\..\Run: [kxmqhynis] c:\windows\system32

    O4 - Startup: desktop(2)(2).ini
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3).ini
    O4 - Global Startup: desktop(2)(2).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3).ini

    Ferme HJT.Redemarre ton pc et remet un HJT

    A+
    0
  15. zzorglub Messages postés 87 Statut Membre 1
     
    coucou
    les2 premiers sont parti, mais les 3startup,et les3 global startup ne sont pas parti
    un message s'affichait" oui ou non " j'ai essayer les 2 mais rien àfaire
    Logfile of HijackThis v1.99.1
    Scan saved at 20:51:45, on 13/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\USB Storage RW\DskWatch.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\FRANCOIS\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Startup: desktop(2)(2).ini
    O4 - Startup: desktop(2).ini
    O4 - Startup: desktop(3).ini
    O4 - Global Startup: desktop(2)(2).ini
    O4 - Global Startup: desktop(2).ini
    O4 - Global Startup: desktop(3).ini
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

    salutations
    0
  16. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    Telecharge ceci
    https://www.silentrunners.org/Silent%20Runners.vbs
    Execute le,atends quelques minutes, il va creer ensuite un dossier juste a coté de silent runner sous format texte, copie/colle ce qu il te donnera

    A+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      bonjour
      voici le rapport
      "Silent Runners.vbs", revision 49, https://www.silentrunners.org/
      Operating System: Windows XP SP2
      Output limited to non-default values, except where indicated by "{++}"


      Startup items buried in registry:
      ---------------------------------

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
      "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
      "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
      "notepad.exe" = "(empty string)" [file not found]
      "winlogon.exe" = "(empty string)" [file not found]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
      "VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
      "USB Storage RW" = ""C:\Program Files\USB Storage RW\DskWatch.exe"" [null data]
      "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
      "PCMService" = ""C:\Program Files\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
      "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
      "OEM-Reset" = "(empty string)" [file not found]
      "KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
      "VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]
      "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
      "CARPService" = "carpserv.exe" ["Conexant Systems, Inc."]
      "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
      "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
      {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
      \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
      {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
      {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
      -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
      \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

      HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
      "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
      -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
      \InProcServer32\(Default) = "deskpan.dll" [file not found]
      "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
      -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
      \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
      "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
      -> {HKLM...CLSID} = "Portable Media Devices Menu"
      \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
      "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
      "{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"
      -> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"
      \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
      "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Context Menu Shell Extension"
      -> {HKLM...CLSID} = "WinAceContext Menu Extension"
      \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
      "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 DragDrop Shell Extension"
      -> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
      \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
      "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Context Menu Shell Extension"
      -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
      \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
      "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Property Sheet Shell Extension"
      -> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
      \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
      "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
      "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
      "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
      "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
      "{780BCB64-0CAF-473c-A9FC-E08C03D75515}" = "Matroska Shell Extension, Properties Page CLSID"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Prop Page CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
      "{78DC191E-EFC1-4532-9A71-224577A86A7D}" = "Matroska Shell Extension, Thumbnail Handler CLSID"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Thumbnail Handler CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
      "{794D04CA-70AC-4020-80EB-FFD59DEF8027}" = "Matroska Shell Extension, Tooltip Provider CLSID"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Tooltip Provider CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
      "{789111D8-68A3-46a3-9663-145A3FF4C9C9}" = "Matroska Shell Extension, ContextMenu CLSID"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
      "{781395AF-A127-469f-A06F-59B482AF4F3F}" = "Matroska Shell Extension, Column Provider CLSID"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
      "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
      -> {HKLM...CLSID} = "Mes dossiers de partage"
      \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
      "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
      -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
      \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
      <<!>> "System" = "csntv.exe" [file not found]

      HKLM\System\CurrentControlSet\Control\Session Manager\
      <<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]

      HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
      <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

      HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
      {781395AF-A127-469f-A06F-59B482AF4F3F}\(Default) = "The Matroska Shell Extension, Column Provider CLSID"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]

      HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
      Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
      MatroskaContextMenu\(Default) = "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"
      -> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
      \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
      WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
      ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
      -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
      \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

      HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
      WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
      ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
      -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
      \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

      HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
      Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
      -> {HKLM...CLSID} = (no title provided)
      \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
      SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
      -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
      \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]
      WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
      -> {HKLM...CLSID} = "WinRAR"
      \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
      WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
      -> {HKLM...CLSID} = "WinZip"
      \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

      HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
      SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
      -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
      \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]


      Default executables:
      --------------------

      HKCU\Software\Classes\.bat\(Default) = (value not set)

      HKCU\Software\Classes\.cmd\(Default) = (value not set)

      HKCU\Software\Classes\.com\(Default) = (value not set)

      HKCU\Software\Classes\.exe\(Default) = (value not set)

      HKCU\Software\Classes\.hta\(Default) = (value not set)


      Group Policies {policy setting}:
      --------------------------------

      Note: detected settings may not have any effect.

      HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

      "DisableRegistryTools" = (REG_DWORD) hex:0x00000000
      {Prevent access to registry editing tools}

      HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

      "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
      {Shutdown: Allow system to be shut down without having to log on}

      "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
      {Devices: Allow undock without having to log on}


      Active Desktop and Wallpaper:
      -----------------------------

      Active Desktop may be enabled at this entry:
      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

      Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
      HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
      "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

      Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
      HKCU\Control Panel\Desktop\
      "Wallpaper" = "C:\Documents and Settings\FRANCOIS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

      Active Desktop web content (hidden if disabled):

      HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
      "FriendlyName" = ""
      "Source" = "http://www.toquentete.net/style/objet/lexique.gif"
      "SubscribedURL" = "http://www.toquentete.net/style/objet/lexique.gif"

      HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
      "FriendlyName" = ""
      "Source" = "http://www.creapoemes.com/Mon_Chien.gif"
      "SubscribedURL" = "http://www.creapoemes.com/Mon_Chien.gif"


      Startup items in "FRANCOIS" & "All Users" startup folders:
      ----------------------------------------------------------

      C:\Documents and Settings\FRANCOIS\Menu Démarrer\Programmes\Démarrage
      <<!>> "desktop(2)(2).ini" [null data]
      <<!>> "desktop(2).ini" [null data]
      <<!>> "desktop(3).ini" [null data]

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
      <<!>> "desktop(2)(2).ini" [null data]
      <<!>> "desktop(2).ini" [null data]
      <<!>> "desktop(3).ini" [null data]
      "Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]


      Winsock2 Service Provider DLLs:
      -------------------------------

      Namespace Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
      000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
      000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
      000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

      Transport Service Providers

      HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
      0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
      %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 34
      %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


      Toolbars, Explorer Bars, Extensions:
      ------------------------------------

      Toolbars

      HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
      "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
      -> {HKLM...CLSID} = "Yahoo! Toolbar"
      \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

      HKLM\Software\Microsoft\Internet Explorer\Toolbar\
      "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
      -> {HKLM...CLSID} = "Yahoo! Toolbar"
      \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

      Extensions (Tools menu items, main toolbar menu buttons)

      HKLM\Software\Microsoft\Internet Explorer\Extensions\
      {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
      "MenuText" = "Console Java (Sun)"
      "CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
      -> {HKLM...CLSID} = "Java Plug-in 1.5.0"
      \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]

      {FB5F1910-F110-11D2-BB9E-00C04F795683}\
      "ButtonText" = "Messenger"
      "MenuText" = "Windows Messenger"
      "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


      Miscellaneous IE Hijack Points
      ------------------------------

      C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

      Added lines (compared with English-language version):
      [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

      Missing lines (compared with English-language version):
      [Strings]: 1 line


      Running Services (Display Name, Service Name, Path {Service DLL}):
      ------------------------------------------------------------------

      CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string]
      CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
      CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string]
      kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
      Service d'application d'assistance IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}


      ----------
      <<!>>: Suspicious data at a malware launch point.

      + This report excludes default entries except where indicated.
      + To see *everywhere* the script checks and *everything* it finds,
      launch it from a command prompt or a shortcut with the -all parameter.
      + To search all directories of local fixed drives for DESKTOP.INI
      DLL launch points, use the -supp parameter or answer "No" at the
      first message box and "Yes" at the second message box.
      ---------- (total run time: 54 seconds, including 11 seconds for message boxes)

      salutations
      0
  17. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Essai ceci stp:

    Demarer < rechercher < tape: csntv.exe
    Dans tous les fichiers.

    Dis moi juste s'il trouve quelque chose.

    A+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      bonjour
      je n'ai rien trouver
      salutations
      0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut,

    ¤Affiche tous les fichiers et dossiers :
    Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

    Coche « afficher les fichiers et dossiers cachés »

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoche « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    Trouves tu ceci?

    C:\Documents and Settings\FRANCOIS\Menu Démarrer\Programmes\Démarrage

    desktop(2)(2).ini
    desktop(2).ini
    desktop(3).ini

    A+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      coucou
      ils y sont ,je les est trouver la ou tu la dit
      c'est grave docteur??
      salutations
      0
    2. zzorglub Messages postés 87 Statut Membre 1
       
      bonsoir
      je dois partir , merci pour tout et à demain
      salutations
      0
  19. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    ok a l endroit ou tu les a trouvé, clik droit et supprime les !
    Vide ensuite ta corbeille.

    Tu redemarres ton pc et tu mets un HijackThis + un silent runner stp

    a+
    0
  20. zzorglub Messages postés 87 Statut Membre 1
     
    bonjour
    j'ai tout supprimer
    il reste des "backup"faut t'il les supprimer??
    voici les rapports

    "Silent Runners.vbs", revision 49, https://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
    "notepad.exe" = "(empty string)" [file not found]
    "winlogon.exe" = "(empty string)" [file not found]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]
    "USB Storage RW" = ""C:\Program Files\USB Storage RW\DskWatch.exe"" [null data]
    "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
    "PCMService" = ""C:\Program Files\CyberLink\PowerCinema\PCMService.exe"" ["CyberLink Corp."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "OEM-Reset" = "(empty string)" [file not found]
    "KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize" ["Kaspersky Lab"]
    "VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]
    "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
    "CARPService" = "carpserv.exe" ["Conexant Systems, Inc."]
    "DAEMON Tools-1033" = ""C:\Program Files\D-Tools\daemon.exe" -lang 1033" ["DAEMON'S HOME"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {HKLM...CLSID} = "Portable Media Devices Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
    "{59850401-6664-101B-B21C-00AA004BA90B}" = "Séparateur du Classeur Microsoft Office"
    -> {HKLM...CLSID} = "Séparateur du Classeur Microsoft Office"
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
    "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Context Menu Shell Extension"
    -> {HKLM...CLSID} = "WinAceContext Menu Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 DragDrop Shell Extension"
    -> {HKLM...CLSID} = "WinAceDrag-Drop Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Context Menu Shell Extension"
    -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.04 Property Sheet Shell Extension"
    -> {HKLM...CLSID} = "WinAceProperty Sheet Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]
    "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    "{780BCB64-0CAF-473c-A9FC-E08C03D75515}" = "Matroska Shell Extension, Properties Page CLSID"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Prop Page CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
    "{78DC191E-EFC1-4532-9A71-224577A86A7D}" = "Matroska Shell Extension, Thumbnail Handler CLSID"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Thumbnail Handler CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
    "{794D04CA-70AC-4020-80EB-FFD59DEF8027}" = "Matroska Shell Extension, Tooltip Provider CLSID"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Tooltip Provider CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
    "{789111D8-68A3-46a3-9663-145A3FF4C9C9}" = "Matroska Shell Extension, ContextMenu CLSID"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
    "{781395AF-A127-469f-A06F-59B482AF4F3F}" = "Matroska Shell Extension, Column Provider CLSID"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
    "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
    \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
    <<!>> "System" = "csntv.exe" [file not found]

    HKLM\System\CurrentControlSet\Control\Session Manager\
    <<!>> "BootExecute" = "autocheck autochk *"|"SsiEfr.e" [file not found]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {781395AF-A127-469f-A06F-59B482AF4F3F}\(Default) = "The Matroska Shell Extension, Column Provider CLSID"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Column Provider CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
    MatroskaContextMenu\(Default) = "{789111D8-68A3-46a3-9663-145A3FF4C9C9}"
    -> {HKLM...CLSID} = "The Matroska Shell Extension, Context Menu CLSID"
    \InProcServer32\(Default) = "C:\Program Files\MatroskaProp\MatroskaProp.dll" [" "]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
    -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
    ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"
    -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension"
    \InProcServer32\(Default) = "C:\Program Files\WinAce\arcext.dll" ["e-merge GmbH"]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll" ["Kaspersky Lab"]
    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
    \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
    -> {HKLM...CLSID} = "WinZip"
    \InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

    HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
    -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
    \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" [file not found]

    Default executables:
    --------------------

    HKCU\Software\Classes\.bat\(Default) = (value not set)

    HKCU\Software\Classes\.cmd\(Default) = (value not set)

    HKCU\Software\Classes\.com\(Default) = (value not set)

    HKCU\Software\Classes\.exe\(Default) = (value not set)

    HKCU\Software\Classes\.hta\(Default) = (value not set)

    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "DisableRegistryTools" = (REG_DWORD) hex:0x00000000
    {Prevent access to registry editing tools}

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be enabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\FRANCOIS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Active Desktop web content (hidden if disabled):

    HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
    "FriendlyName" = ""
    "Source" = "http://www.toquentete.net/style/objet/lexique.gif"
    "SubscribedURL" = "http://www.toquentete.net/style/objet/lexique.gif"

    HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\
    "FriendlyName" = ""
    "Source" = "http://www.creapoemes.com/Mon_Chien.gif"
    "SubscribedURL" = "http://www.creapoemes.com/Mon_Chien.gif"

    Startup items in "FRANCOIS" & "All Users" startup folders:
    ----------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "Démarrage d'Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 34
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
    -> {HKLM...CLSID} = "Yahoo! Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}"
    -> {HKLM...CLSID} = "Java Plug-in 1.5.0"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll" ["Sun Microsystems, Inc."]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

    Missing lines (compared with English-language version):
    [Strings]: 1 line

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"" [empty string]
    CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
    CyberLink Task Scheduler (CTS), CLSched, ""C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"" [empty string]
    kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"" ["Kaspersky Lab"]
    Service d'application d'assistance IPv6, 6to4, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\6to4svc.dll" [MS]}

    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 44 seconds, including 4 seconds for message boxes)

    Logfile of HijackThis v1.99.1
    Scan saved at 20:13:46, on 16/11/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\USB Storage RW\DskWatch.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\FRANCOIS\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [USB Storage RW] "C:\Program Files\USB Storage RW\DskWatch.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.f-secure.com/en/home/support
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

    salutations
    0
  21. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Y'a du mieux ;-)

    Demarrer < executer < tape : Regedit
    Le registre s'ouvre !
    /!\ Soit prudent et n y fait pas n'importe quoi, c'est un lieu "sensible"/!\

    Rend toi a cette clé:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

    Dans la case de droite, y vois tu ceci?
    "notepad.exe"
    "winlogon.exe"

    Ferme le Registre.

    A+
    0
    1. zzorglub Messages postés 87 Statut Membre 1
       
      COUCOU
      ils n'y sont pas
      il y à
      CTFMON.EXE REG_SZ C:/WINDOWS/system32/ctfmon.EXE

      NBJ REG_SZ C/progam files/ahead/nero backitup/NBJ.exe
      salutations
      0
  • 1
  • 2