Sujet Précédent Sujet Suivant

Ordi lent

maher -  
 maher -
Bonjour,

MON ORDI EST LENT. VOUS TROUVEZ CI DESSOUS LE RAPPORT HIJACKTH. MERCI POUR VOTRE AIDE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:25, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\System32\mloawdtc.dll (file missing)
O2 - BHO: (no name) - {F274750A-A93C-4ACE-9FA8-C36797300889} - C:\WINDOWS\System32\qopnm.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Desktop Zoom] C:\Program Files\HPQ\Desktop Zoom\hpwinadj.exe -s
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{739DB921-05B1-1036-0504-050304300021}] "C:\Program Files\Fichiers communs\{739DB921-05B1-1036-0504-050304300021}\Update.exe" mc-110-12-0000297 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{739DB921-05B1-1036-0504-050304300021}] "C:\Program Files\Fichiers communs\{739DB921-05B1-1036-0504-050304300021}\Update.exe" mc-110-12-0000297 (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - Winlogon Notify: qopnm - C:\WINDOWS\System32\qopnm.dll (file missing)
O23 - Service: AFD Networking Support Enviroment (AFD Networking Support Enviroment TCP IP Protocol Driver) - Unknown owner - C:\WINDOWS\netdde.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

60 réponses

Précédent
Réponse 21 / 60
maher
 
j'ai envoyé l'ancien rapport avant fixation

voila le rapport aprés fixation . Remaque j'ai fixé 020

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:27, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AFD Networking Support Enviroment (AFD Networking Support Enviroment TCP IP Protocol Driver) - Unknown owner - C:\WINDOWS\netdde.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Réponse 22 / 60
maher
 
j'ai envoyé le rapport avant fixation
le voila aprés fixation
remarque j'ai fixé le 020

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:27, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AFD Networking Support Enviroment (AFD Networking Support Enviroment TCP IP Protocol Driver) - Unknown owner - C:\WINDOWS\netdde.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Utilisateur anonyme
 
Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.(sur un des 2 liens)
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
· Clique sur Recherche et laisse le scan se terminer.
· Clique, sur Suppression pour finaliser.
· Tu peux, si tu le souhaites, te servir des Options facultatives.(Je te le conseille de faire les 4).
· Clique sur Quitter, pour que le rapport puisse se créer.
· Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
0
Réponse 23 / 60
maher
 
j'ai effectué toolcleaner

j'ai pas restorer 020

il y t il un problème

voila le rapport de Tcleaner

-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !
0
Réponse 24 / 60
Utilisateur anonyme
 
Re ,
Oui ton Pare-feu risque de moins bien fonctionner ...
Si tu vois qu'il fonctionne mal , réinstalle-le.

a++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 60
Utilisateur anonyme
 
Ok bon ba voila ton est clean et rapide. Je te conseille de garder AntiVir,Malwarebytes' Anti-Malware,Ccleaner et de laisser activé le pare-feu Windows pour être protégé a 100%. Pense a faire une analyse 1/ par mois mais avant n'oublies pas de mettre a jour Malwarebytes' Anti-Malware qui ne se fait pas automatiquement alors que AntiVir si. Si AntiVir détecte des choses tu cliques sur "delete". voila si tu as un quelconque autres problème je suis toujours la. @+
0
Utilisateur anonyme
 
Nan mais tu rigoles là ?????!!!

Faut te le dire combien de fois que le Pare-feu Windows ne contrôle pas les connexions sortantes ??!!

De plus 2 pare-feu = Conflits.

D'ailleurs ce dernier en a pris un coup avec Hijackthis.

Et tu sembles t'en foutre royalement !

Même pas foutu de faire restaurer la ligne ....

Jte jure.
0
Utilisateur anonyme > Utilisateur anonyme
 
Ah oui excuse car enfaite c'est un copier/coller donc .....
0
Réponse 26 / 60
maher
 
je vous remerci pour votre aide je vais faire ce que vous m'avez demandé.

merci une autre fois.
0
Réponse 27 / 60
maher
 
je vais réinstaller le pare-feu pour rester sécuriser

remarque : à chaque que j'ouvre le site commentcamarche.net, une page internet qui s'ouvre "www.tchatchat.com"

es normal

merci
0
Réponse 28 / 60
Utilisateur anonyme
 
Non c'est pas normal.

D'autant plus que ton dernier rapport Hijackthis n'est pas net du tout. 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla


Par exemple ...

Bon aller , Fait ceci stp :

→ Télécharge TrendMicro™ HijackThis™

Place le dans ' C:\programmes\ '

PUIS ,,

→ Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

Ferme toutes les applications en cours.

→ Double-clic sur DSS.exe pour lancer l'outil.

→ Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

→ A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport main.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

A+
0
Réponse 29 / 60
maher
 
salut cyril

remarque j'ai reinstaller le pare-feu comodo

le rapprot main.txt

Deckard's System Scanner v20071014.68
Run by Propriétaire on 2008-06-01 16:17:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2008-06-01 14:17:43 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 191 MiB (512 MiB recommended)./color

-- HijackThis (run as Propriétaire.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:45, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\TXN734MU\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AFD Networking Support Enviroment (AFD Networking Support Enviroment TCP IP Protocol Driver) - Unknown owner - C:\WINDOWS\netdde.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Réponse 30 / 60
Utilisateur anonyme
 
Re ,

→ Télécharge Brute Force Uninstaller (de Merijn) ici: http://www.merijn.org/files/bfu.zip

→ Créé un nouveau dossier directement à la racine de ton disque dur ( C:\ ) ou l'endroit qui te convient, nomme ce dossier BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

FAIS UN CLIC-DROIT sur le lien suivant :

http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu

→ et choisis "Enregistrer la cible sous..."
→ Sauvegarde dans le dossier créé (C:\BFU)

Note : si tu utilises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

Maintenant dans le dossier situé ici C:\BFU tu dois absolument avoir : Toolbar.bfu et BFU.exe ( très important aussi ).

→ Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
→ Clique sur le petit dossier jaune, et clique sur : toolbar.bfu
→ Coches la case " Show log after script ends "
→ Clique sur " Execute " pour que le fix fasse son boulot. Attends que le message " Complete script execution " apparaîsse et clique sur OK.
→ Un rapport va s'afficher dans la fenetre du programme, copie/colle le en entier dans le bloc-notes, puis sauvegarde le et Poste le sur le forum..
→ Clique sur Exit pour fermer le programme BFU.

-------------------------------------------------------------

Tu as une démo animée ici (merci balltrap34):

http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm

Et un tutorial en image ici :

https://jesses.pagesperso-orange.fr/Docs/Logiciels/BFU.htm

-------------------------------------------------------------

a+
0
Réponse 31 / 60
maher
 
salut
voila le rapport

BFU v1.11.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 17:09:29, on 01/06/2008

Option Unload Explorer: Yes
Success: ProcessKillByPID 1292
Success: ProcessKill C:\WINDOWS\explorer.exe|1
Warning: The following line has unexpanded aliases and will be skipped: # Pour une utilisation avec Brute Force Uninstaller de Merijn
# http://merijn.org/
#
# Script : Toolbar.bfu
#
# Auteur : Chercheur
#
# Ce script est pour Instafink, Need2Find, RXToolbar, MyWebSearch, MyGlobalSearch, Hotbar, Accoona, Starware, Starware305,
# Starware316, Starware347, Starware354, Starware370, Starware3, MySearch, GamesBar, MyTotalSearch, Azesearch, Vstoolbar,
# Vsadd-in, 8848, AskTBar, SmartShopper, Shoppingreport, Mirar
#
# Dernière mise à jour : 03/10/2007

OptionUnloadShell
ProcessKill C:\Program Files\INSTAFINK\uninstall.exe|1
ProcessKill C:\Program Files\INSTAFINK\InstaFinderK_inst.exe|1
ProcessKill C:\Program Files\INSTAFIN\uninstall.exe|1

ProcessKill C:\Program Files\rxtoolbar\semantic insight\semanticinsight.exe|1

ProcessKill C:\Program Files\myway\installr\cache\0030842a.exe|1
ProcessKill C:\Program Files\myway\installr\setups\mysetp.exe|1

ProcessKill C:\Program Files\hbtools\hbtv\hbtv.exe|1

ProcessKill C:\Program Files\shopperreports\uninstall.exe|1

ProcessKill C:\Program Files\accoona\adtindexagent.exe|1
ProcessKill C:\Program Files\accoona\dsquiesce.exe|1
ProcessKill C:\Program Files\accoona\killadtindexagent.exe|1
ProcessKill C:\Program Files\accoona\quiesce.exe|1
ProcessKill C:\Program Files\accoona\saremove.exe|1
ProcessKill C:\Program Files\accoona\saremove2.exe|1
ProcessKill C:\Program Files\accoona\showbar.exe|1
ProcessKill C:\Program Files\accoona\tbquiesce.exe|1
ProcessKill C:\Program Files\accoona\tbquiescekb.exe|1

ProcessKill C:\Program Files\Starware\Products\Widgets\bin\Widgets.exe|1
ProcessKill C:\Program Files\Starware\Products\Widgets\WidgetsUninstall.exe|1
ProcessKill C:\Program Files\Starware\Setup.exe|1

ProcessKill C:\Program Files\mysearch\bar\s4setp.exe|1
ProcessKill C:\Program Files\mysearch\installr\cache\00137979.exe|1

ProcessKill C:\Program Files\YOUCOULDWINTHIS\Program\Mirar_Setup.exe|1

ProcessKill C:\WINDOWS\mirar.exe|1
ProcessKill C:\WINDOWS\mirarsetup_*.exe|1
ProcessKill C:\WINDOWS\Widgets_305.exe|1
ProcessKill C:\WINDOWS\x.exe|1
ProcessKill C:\WINDOWS\downloaded program files\mirarsetup.exe|1
ProcessKill C:\WINDOWS\downloaded program files\search-upgrade-setup.exe|1

ProcessKill C:\WINDOWS\system32\AHLVIFWZ.EXE|1
ProcessKill C:\WINDOWS\system32\awivflke.exe|1
ProcessKill C:\WINDOWS\system32\BLJMBLBA.EXE|1
ProcessKill C:\WINDOWS\system32\bqxlwdbv.exe|1
ProcessKill C:\WINDOWS\system32\bsektgqg.exe|1
ProcessKill C:\WINDOWS\system32\ceahhewg.exe|1
ProcessKill C:\WINDOWS\system32\ceinrdzv.exe|1
ProcessKill C:\WINDOWS\system32\daithtyt.exe|1
ProcessKill C:\WINDOWS\system32\EFMMBNAH.EXE|1
ProcessKill C:\WINDOWS\system32\eivxxxka.exe|1
ProcessKill C:\WINDOWS\system32\eoqqfyio.exe|1
ProcessKill C:\WINDOWS\system32\FQRTOZIA.EXE|1
ProcessKill C:\WINDOWS\system32\fyskzhzt.exe|1
ProcessKill C:\WINDOWS\system32\gqfkrjdk.exe|1
ProcessKill C:\WINDOWS\system32\HPJTKBJJ.EXE|1
ProcessKill C:\WINDOWS\system32\jbhbolcl.exe|1
ProcessKill C:\WINDOWS\system32\jizmxrng.exe|1
ProcessKill C:\WINDOWS\system32\jzjzmfbp.exe|1
ProcessKill C:\WINDOWS\system32\kvbbhncy.exe|1
ProcessKill C:\WINDOWS\system32\LAOSPNKB.EXE|1
ProcessKill C:\WINDOWS\system32\lgjpogiw.exe|1
ProcessKill C:\WINDOWS\system32\mhnqmucf.exe|1
ProcessKill C:\WINDOWS\system32\mirarsearch_toolbar.exe|1
ProcessKill C:\WINDOWS\system32\mstnjpha.exe|1
ProcessKill C:\WINDOWS\system32\mwifixji.exe|1
ProcessKill C:\WINDOWS\system32\mysetp.exe|1
ProcessKill C:\WINDOWS\system32\OOIMIIFJ.EXE|1
ProcessKill C:\WINDOWS\system32\PBFYHEIV.EXE|1
ProcessKill C:\WINDOWS\system32\petwxbtk.exe|1
ProcessKill C:\WINDOWS\system32\PZSANAVP.EXE|1
ProcessKill C:\WINDOWS\system32\p2p.exe|1
ProcessKill C:\WINDOWS\system32\QFDBYTKR.EXE|1
ProcessKill C:\WINDOWS\system32\qkzgopzj.exe|1
ProcessKill C:\WINDOWS\system32\THRAXHSF.exe|1
ProcessKill C:\WINDOWS\system32\UQAKHWML.EXE|1
ProcessKill C:\WINDOWS\system32\vcayleog.exe|1
ProcessKill C:\WINDOWS\system32\wyhkjeuf.exe|1
ProcessKill C:\WINDOWS\system32\xeaylxbd.exe|1
ProcessKill C:\WINDOWS\system32\xcite.exe|1
ProcessKill C:\WINDOWS\system32\yyvnkplk.exe|1
ProcessKill C:\WINDOWS\system32\876029.exe|1
ProcessKill C:\WINDOWS\system32\87605*.exe|1

ProcessKill C:\Documents and Settings\Propriétaire\Bureau\accoonadesktop.exe|1
ProcessKill C:\Documents and Settings\Propriétaire\Bureau\atoolbar200001.exe|1
ProcessKill C:\Documents and Settings\Propriétaire\Bureau\SmileyCentralPFSetup*.*.*.*.*.exe|1
ProcessKill C:\Documents and Settings\Propriétaire\Bureau\m00.exe|1

ProcessKill C:\Documents and Settings\Propriétaire\Mes documents\work7\load03.exe|1
ProcessKill C:\Documents and Settings\Propriétaire\Mes documents\work7\loadppc.exe|1

ProcessKill C:\help2.exe|1
ProcessKill C:\mirarsetup_*.exe|1
ProcessKill C:\876005-nosb.sfx.exe|1

ProcessKill \amptiqfu.exe|1
ProcessKill \atoolbar400005.exe|1
ProcessKill \buxmjoal.exe|1
ProcessKill \cml.exe|1
ProcessKill \execpyd.exe|1
ProcessKill \HbGuard.exe|1
ProcessKill \hbinst.exe|1
ProcessKill \HbOEAddOn.exe|1
ProcessKill \hbsrv.exe|1
ProcessKill \hbtguard.exe|1
ProcessKill \hbtoeaddon.exe|1
ProcessKill \hbtools.exe|1
ProcessKill \hbtsrv.exe|1
ProcessKill \hbtuninst.exe|1
ProcessKill \hbtweatherontray.exe|1
ProcessKill \HbUninst.exe|1
ProcessKill \instafinderk_inst.exe|1
ProcessKill \mjifagpv.exe|1
ProcessKill \MTSOEMON.exe|1
ProcessKill \MWSOEMON.EXE|1
ProcessKill \mysearch*.*.exe|1
ProcessKill \my2ns.exe|1
ProcessKill \m3impipe.EXE|1
ProcessKill \M3SKPLAY.EXE|1
ProcessKill \m3SrchMn.EXE|1
ProcessKill \recipes.exe|1
ProcessKill \rxtoolbar.exe|1
ProcessKill \shopperreports.exe|1
ProcessKill \ShprRprt.exe|1
ProcessKill \SbShprRprt.exe|1
ProcessKill \SbWeatherOnTray.exe|1
ProcessKill \sinstaller.exe|1
ProcessKill \soproc.exe|1
ProcessKill \smartshopper.exe|1
ProcessKill \s42ns.exe|1
ProcessKill \starware*.exe|1
ProcessKill \tomaugia.exe|1
ProcessKill \weatherontray.exe|1
ProcessKill \weieliep.exe|1
ProcessKill \widgets725.exe|1
ProcessKill \9cc045af42.exe|1

DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPND2FN.DLL|1
DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.DLL|1
DllUnregister C:\Program Files\Internet Explorer\msimg32.dll|1

DllUnregister C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\3.bin\NPND2FN.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\5.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\6.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\Need2Find\bar\7.bin\ND2FNBAR.DLL|1
DllUnregister C:\Program Files\INSTAFINK\instafink.dll|1

DllUnregister C:\Program Files\RXToolBar\RXToolBar.dll|1
DllUnregister C:\Program Files\RXToolBar\sfcont.dll|1

DllUnregister C:\Program Files\MyWebSearch\bar\1.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\2.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\3.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\4.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\5.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\6.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\7.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\8.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\9.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\a.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\b.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\c.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\d.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\e.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\f.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\i.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\bar\l.bin\*.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\8.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\b.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL|1
DllUnregister C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL|1
DllUnregister C:\Program Files\Uninstall My Web Search.dll|1

DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll|1
DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\2.bin\MTSSRCAS.dll|1
DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\3.bin\MTSSRCAS.dll|1
DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\4.bin\MTSSRCAS.dll|1
DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\5.bin\MTSSRCAS.dll|1
DllUnregister C:\Program Files\MyTotalSearch\bar\1.bin\*.dll|1
DllUnregister C:\Program Files\MyTotalSearch\bar\5.bin\*.dll|1

DllUnregister C:\Program Files\myway\mybar\mybar.dll|1
DllUnregister C:\Program Files\myway\installr\1.bin\myezsetp.dll|1
DllUnregister C:\Program Files\myway\mybar\1.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\2.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\3.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\4.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\5.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\6.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\7.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\8.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\9.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\a.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\b.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\c.bin\*.dll|1
DllUnregister C:\Program Files\myway\mybar\d.bin\*.dll|1
DllUnregister C:\Program Files\myway\srchastt\1.bin\mysrchas.dll|1
DllUnregister C:\Program Files\myway\srchastt\2.bin\mysrchas.dll|1
DllUnregister C:\Program Files\myway\srchastt\3.bin\mysrchas.dll|1
DllUnregister C:\Program Files\mywaysa\srchasde\1.bin\desrcas.dll|1
DllUnregister C:\Program Files\mywaysa\srchasde\desrcas.dll|1
DllUnregister C:\Program Files\myway\SearchAt\1.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\2.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\3.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\4.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\5.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\6.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\7.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\8.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\9.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\10.bin\MWSSRCAS.DLL|1
DllUnregister C:\Program Files\myway\SearchAt\11.bin\MWSSRCAS.DLL|1

DllUnregister C:\Program Files\myglobalsearch\bar\1.bin\*.dll|1
DllUnregister C:\Program Files\myglobalsearch\bar\2.bin\*.dll|1
DllUnregister C:\Program Files\myglobalsearch\bar\3.bin\*.dll|1
DllUnregister C:\Program Files\myglobalsearch\bar\4.bin\*.dll|1

DllUnregister C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL|1
DllUnregister C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL|1
DllUnregister C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL|1
DllUnregister C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL|1
DllUnregister C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL|1
DllUnregister C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL|1
DllUnregister C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL|1
DllUnregister C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL|1

DllUnregister C:\Program Files\mysearch\bar\1.bin\*.dll|1
DllUnregister C:\Program Files\mysearch\bar\2.bin\*.dll|1
DllUnregister C:\Program Files\mysearch\bar\3.bin\*.dll|1
DllUnregister C:\Program Files\mysearch\bar\4.bin\*.dll|1
DllUnregister C:\Program Files\mysearch\bar\5.bin\*.dll|1
DllUnregister C:\Program Files\mysearch\bar\i.bin\*.dll|1
DllUnregister C:\Program Files\mysearch\installr\1.bin\s4ezsetp.dll|1
DllUnregister C:\Program Files\mysearch\srchastt\1.bin\mysrchas.dll|1
DllUnregister C:\Program Files\mysearch\srchastt\2.bin\mysrchas.dll|1
DllUnregister C:\Program Files\mysearch\srchastt\3.bin\mysrchas.dll|1
DllUnregister C:\Program Files\mysearch\srchastt\4.bin\mysrchas.dll|1
DllUnregister C:\Program Files\mysearch\srchastt\5.bin\mysrchas.dll|1

RegDelFromValue HKLM\Software\Microsoft\Internet Explorer\Search|SearchAssistant|https://hp.myway.com/myway/index.html?ptnrS=BW
RegDelFromValue HKCU\Software\Microsoft\Internet Explorer\Main|Start Page|https://hp.myway.com/myway/index.html
RegDelFromValue HKLM\Software\Microsoft\Internet Explorer\Main|Start Page|http://bw.myway.com/
RegDelFromValue HKLM\Software\Microsoft\Internet Explorer\Search|SearchAssistant|http://resultsmaster.com/...
RegDelFromValue HKLM\Software\Microsoft\Internet Explorer\Search|SearchAssistant|http://as.starware.com/dp/search?
RegDelFromValue HKLM\Software\Microsoft\Internet Explorer\Search|SearchAssistant|http://as.starware.com/dp/search?product=ssearch&src_id=354&client_id=09A5B71001C696DA0423157B&version=4.2.0.0&it=1151076685&loc=&qry=&url=http://www.google.fr/
RegDelFromValue HKCU\Software\Microsoft\Internet Explorer\Main|Search Page|http://www.accoona.com

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF6-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00BD2861-C654-4694-A44A-98642D73247D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{094176F1-BF35-4bcb-B68A-108DFB8C3825}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{204f937e-519e-4597-96fa-8f1f59f3cb6d}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36c5e437-57d2-44c9-b413-6b198d442549}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A4902E-4479-4EAE-A186-8D0F7E4C78DE}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B18DD50-C996-44fc-AC52-0FECFF82ED58}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528da727-ec08-461e-9564-df5c971e8574}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-436325722327}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{749d1d7d-1969-4014-a98d-9e867e7508d0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93CECBB2-6B1B-448D-91B9-72604EF70105}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}
RegDeleteKey HKCR\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC212FB9-3883-461E-A559-37A4F6100FB0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f65b197f-8260-4d52-909a-f70118e646eb}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF5092F-7172-4018-827B-FA5868FB0478}

RegDeleteKey HKCR\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d}
RegDeleteKey HKCR\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
RegDeleteKey HKCR\CLSID\{00c1117b-ab91-4add-9bbf-5d22d099debd}
RegDeleteKey HKCR\CLSID\{013A482E-1893-4F49-8D41-AC89156A6955}
RegDeleteKey HKCR\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
RegDeleteKey HKCR\CLSID\{014da6c1-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\CLSID\{014da6c5-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\CLSID\{014da6c7-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
RegDeleteKey HKCR\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\CLSID\{014da6ce-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\CLSID\{04079856-5845-4dea-848c-3ecd647aa554}
RegDeleteKey HKCR\CLSID\{0774f696-d801-4c18-81a7-a3a32b8bef19}
RegDeleteKey HKCR\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca}
RegDeleteKey HKCR\CLSID\{07b18ea3-a523-4961-b6bb-170de4475cca}
RegDeleteKey HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKCR\CLSID\{094176F9-BF35-4bcb-B68A-108DFB8C3825}
RegDeleteKey HKCR\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}
RegDeleteKey HKCR\CLSID\{0B837C47-6F43-43DA-8E32-06237DFE56B9}
RegDeleteKey HKCR\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70}
RegDeleteKey HKCR\CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519}
RegDeleteKey HKCR\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
RegDeleteKey HKCR\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
RegDeleteKey HKCR\CLSID\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
RegDeleteKey HKCR\CLSID\{175652e8-8bcc-47c4-b591-0d630f469c19}
RegDeleteKey HKCR\CLSID\{17719b53-fad1-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{17719b54-fad1-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{179e4b4a-76c3-4f65-bced-c9fa1a28d2ef}
RegDeleteKey HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
RegDeleteKey HKCR\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
RegDeleteKey HKCR\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc}
RegDeleteKey HKCR\CLSID\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}
RegDeleteKey HKCR\CLSID\{1e24f8a0-5965-4902-90d4-08534e9adf3b}
RegDeleteKey HKCR\CLSID\{204f937e-519e-4597-96fa-8f1f59f3cb6d}
RegDeleteKey HKCR\CLSID\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}
RegDeleteKey HKCR\CLSID\{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
RegDeleteKey HKCR\CLSID\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}
RegDeleteKey HKCR\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647}
RegDeleteKey HKCR\CLSID\{2cb71122-a917-44c1-ad6c-0573fb63803e}
RegDeleteKey HKCR\CLSID\{3103e312-e1bb-49ab-80eb-0a92fca78746}
RegDeleteKey HKCR\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}
RegDeleteKey HKCR\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}
RegDeleteKey HKCR\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F}
RegDeleteKey HKCR\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707}
RegDeleteKey HKCR\CLSID\{36c5e436-57d2-44c9-b413-6b198d442549}
RegDeleteKey HKCR\CLSID\{36c5e437-57d2-44c9-b413-6b198d442549}
RegDeleteKey HKCR\CLSID\{37b85a21-692b-4205-9cad-2626e4993404}
RegDeleteKey HKCR\CLSID\{37b85a29-692b-4205-9cad-2626e4993404}
RegDeleteKey HKCR\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404}
RegDeleteKey HKCR\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}
RegDeleteKey HKCR\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}
RegDeleteKey HKCR\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}
RegDeleteKey HKCR\CLSID\{40D8240A-E3A0-4D59-AC55-0443120188D1}
RegDeleteKey HKCR\CLSID\{420c35c9-e4f2-49f9-bf67-2be1ecf86989}
RegDeleteKey HKCR\CLSID\{454b4812-e572-4703-a1bb-63490809eac0}
RegDeleteKey HKCR\CLSID\{45a4902e-4479-4eae-a186-8d0f7e4c78de}
RegDeleteKey HKCR\CLSID\{460AC4DB-B0DE-4626-A0F0-175DD84DCB9B}
RegDeleteKey HKCR\CLSID\{46417afd-7a15-4ed1-b764-cb72cd4d904f}
RegDeleteKey HKCR\CLSID\{46a4e9d9-b30e-452a-8157-dbbec8573b03}
RegDeleteKey HKCR\CLSID\{4c1caacf-1788-4613-a840-6bd943d4ee95}
RegDeleteKey HKCR\CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}
RegDeleteKey HKCR\CLSID\{4bf4fafa-186e-4e36-8f74-525290438d7b}
RegDeleteKey HKCR\CLSID\{4dbcfaf7-62e1-4811-8acc-6511e7192cb4}
RegDeleteKey HKCR\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}
RegDeleteKey HKCR\CLSID\{4e7bd74f-2b8d-469e-90f0-f66ab581a933}
RegDeleteKey HKCR\CLSID\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}
RegDeleteKey HKCR\CLSID\{528da726-ec08-461e-9564-df5c971e8574}
RegDeleteKey HKCR\CLSID\{528da727-ec08-461e-9564-df5c971e8574}
RegDeleteKey HKCR\CLSID\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
RegDeleteKey HKCR\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
RegDeleteKey HKCR\CLSID\{5ED7D3DE-6DBE-4516-8712-436325722327}
RegDeleteKey HKCR\CLSID\{60b25924-c865-11d2-b0c1-000000000000}
RegDeleteKey HKCR\CLSID\{60f63095-41ec-11d5-b558-00d0b77f0a6d}
RegDeleteKey HKCR\CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}
RegDeleteKey HKCR\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}
RegDeleteKey HKCR\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
RegDeleteKey HKCR\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}
RegDeleteKey HKCR\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}
RegDeleteKey HKCR\CLSID\{6a6ebae8-8c66-4675-b423-95b3ba530940}
RegDeleteKey HKCR\CLSID\{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}
RegDeleteKey HKCR\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
RegDeleteKey HKCR\CLSID\{6f885f52-b45f-45bc-8642-fe3d56155a3a}
RegDeleteKey HKCR\CLSID\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD}
RegDeleteKey HKCR\CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8}
RegDeleteKey HKCR\CLSID\{749d1d7d-1969-4014-a98d-9e867e7508d0}
RegDeleteKey HKCR\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
RegDeleteKey HKCR\CLSID\{74dd705d-6834-439c-a735-a6dbe2677452}
RegDeleteKey HKCR\CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F}
RegDeleteKey HKCR\CLSID\{79B96C72-C0D0-4DC8-BC7E-9F314A918228}
RegDeleteKey HKCR\CLSID\{7e33bc81-0818-11d5-b50d-00d0b77f0a6d}
RegDeleteKey HKCR\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
RegDeleteKey HKCR\CLSID\{821f87ff-8245-4972-9e28-732e92ec2f51}
RegDeleteKey HKCR\CLSID\{86BC8440-8693-4076-A144-6BAF942B40B0}
RegDeleteKey HKCR\CLSID\{8a0dcbda-6e20-489c-9041-c1e8a0352e75}
RegDeleteKey HKCR\CLSID\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}
RegDeleteKey HKCR\CLSID\{8c875948-9c60-4381-9248-0df180542d53}
RegDeleteKey HKCR\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14}
RegDeleteKey HKCR\CLSID\{8f59f897-6923-4b3b-8156-4e55d19de99a}
RegDeleteKey HKCR\CLSID\{918e4b7a-4d80-43a4-83a7-39adcc11841f}
RegDeleteKey HKCR\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da}
RegDeleteKey HKCR\CLSID\{944864A5-3916-46E2-96A9-A2E84F3F1208}
RegDeleteKey HKCR\CLSID\{94beb7a2-36b7-46dc-8ad1-81a8332409c0}
RegDeleteKey HKCR\CLSID\{954814c0-40f3-4249-8528-b4922cd2964e}
RegDeleteKey HKCR\CLSID\{9839B3B7-3F99-4498-884D-6CFCCD251AB1}
RegDeleteKey HKCR\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab}
RegDeleteKey HKCR\CLSID\{9a7d6ad2-0881-451f-bb27-f5e2ee2c5b14}
RegDeleteKey HKCR\CLSID\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e}
RegDeleteKey HKCR\CLSID\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}
RegDeleteKey HKCR\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
RegDeleteKey HKCR\CLSID\{9ee87a26-b2c8-4130-83f6-e8511d939976}
RegDeleteKey HKCR\CLSID\{9FB3908C-6565-4CB0-95F8-E9F85258723C}
RegDeleteKey HKCR\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df}
RegDeleteKey HKCR\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}
RegDeleteKey HKCR\CLSID\{a19ef336-01d4-48e6-926a-fe7e1c747aed}
RegDeleteKey HKCR\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3}
RegDeleteKey HKCR\CLSID\{a54814c0-40f3-4249-8528-b4922cd2964e}
RegDeleteKey HKCR\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
RegDeleteKey HKCR\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
RegDeleteKey HKCR\CLSID\{a80347d3-f757-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{a80347df-f757-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF}
RegDeleteKey HKCR\CLSID\{a9571378-68a1-443d-b082-284f960c6d17}
RegDeleteKey HKCR\CLSID\{AC212FB9-3883-461E-A559-37A4F6100FB0}
RegDeleteKey HKCR\CLSID\{ad9a7b03-be12-11d4-b493-00d0b77f0a6d}
RegDeleteKey HKCR\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc}
RegDeleteKey HKCR\CLSID\{b00609a6-82af-4c55-bbb8-adc8593ceb86}
RegDeleteKey HKCR\CLSID\{b195b3a5-8a05-11d3-97a4-0004aca6948e}
RegDeleteKey HKCR\CLSID\{b195b3b2-8a05-11d3-97a4-0004aca6948e}
RegDeleteKey HKCR\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}
RegDeleteKey HKCR\CLSID\{b701a704-f828-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{b701a705-f828-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{b813095c-81c0-4e40-aa14-67520372b987}
RegDeleteKey HKCR\CLSID\{ba048011-957f-4ba0-a804-62c28d96f878}
RegDeleteKey HKCR\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}
RegDeleteKey HKCR\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}
RegDeleteKey HKCR\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7}
RegDeleteKey HKCR\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835}
RegDeleteKey HKCR\CLSID\{D49E9D35-254C-4c6a-9D17-95018D228FF5}
RegDeleteKey HKCR\CLSID\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}
RegDeleteKey HKCR\CLSID\{d9882035-7745-47c7-8d5e-c11178f9c553}
RegDeleteKey HKCR\CLSID\{da603411-0593-11d5-a46b-00508b5ba2df}
RegDeleteKey HKCR\CLSID\{da603411-0593-11d5-a46b-10101b1b1111}
RegDeleteKey HKCR\CLSID\{da603411-0593-11d5-a46b-10101ddd1111}
RegDeleteKey HKCR\CLSID\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}
RegDeleteKey HKCR\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}
RegDeleteKey HKCR\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945}
RegDeleteKey HKCR\CLSID\{f4132b7b-1576-41b6-abd8-39c6c53047f7}
RegDeleteKey HKCR\CLSID\{f64b26c1-07de-11d5-b50d-00d0b77f0a6d}
RegDeleteKey HKCR\CLSID\{f7a1bf21-1d7d-4f5f-a201-0ca35a5cd68f}
RegDeleteKey HKCR\CLSID\{F80C1D93-0D22-436e-963E-9D3156997A4E}
RegDeleteKey HKCR\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}
RegDeleteKey HKCR\CLSID\{fac94900-96d9-47fa-ba33-7ef1bbfbbcec}
RegDeleteKey HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
RegDeleteKey HKCR\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}
RegDeleteKey HKCR\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478}

RegDeleteKey HKCR\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}
RegDeleteKey HKCR\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca}
RegDeleteKey HKCR\Interface\{07b18eac-a523-4961-b6bb-170de4475cca}
RegDeleteKey HKCR\Interface\{08AA0598-6A23-4364-9BF4-6D5F57F42993}
RegDeleteKey HKCR\Interface\{1093995a-ba37-41d2-836e-091067c4ad17}
RegDeleteKey HKCR\Interface\{1037b06c-84b7-4240-8d80-485810a0497d}
RegDeleteKey HKCR\Interface\{120927bf-1700-43bc-810f-fab92549b390}
RegDeleteKey HKCR\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}
RegDeleteKey HKCR\Interface\{17719b53-fad1-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF}
RegDeleteKey HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
RegDeleteKey HKCR\Interface\{19EBCBE0-9245-4397-BC5D-883D34782043}
RegDeleteKey HKCR\Interface\{1C1793E0-1034-4CAC-837D-AA545F6961BF}
RegDeleteKey HKCR\Interface\{1E07646F-07C4-4847-A250-0EC8114F2963}
RegDeleteKey HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
RegDeleteKey HKCR\Interface\{20d21e02-8c1c-41fe-9826-dab4c223436c}
RegDeleteKey HKCR\Interface\{224302b0-94e9-45c2-9e5b-ba989ee556e1}
RegDeleteKey HKCR\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a}
RegDeleteKey HKCR\Interface\{2763E333-B168-41A0-A112-D35F96F410C0}
RegDeleteKey HKCR\Interface\{27C4569F-8728-4958-A920-A607CAE8153C}
RegDeleteKey HKCR\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc}
RegDeleteKey HKCR\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc}
RegDeleteKey HKCR\Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746}
RegDeleteKey HKCR\Interface\{31321312-E1BB-49AB-80EB-13212CA78746}
RegDeleteKey HKCR\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA}
RegDeleteKey HKCR\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395}
RegDeleteKey HKCR\interface\{37b85a2a-692b-4205-9cad-2626e4993404}
RegDeleteKey HKCR\interface\{37b85a2c-692b-4205-9cad-2626e4993404}
RegDeleteKey HKCR\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}
RegDeleteKey HKCR\Interface\{397A208B-3D09-4B3E-93E8-CA171886612E}
RegDeleteKey HKCR\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495}
RegDeleteKey HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
RegDeleteKey HKCR\Interface\{3e720451-b472-4954-b7aa-33069eb53906}
RegDeleteKey HKCR\Interface\{3e720453-b472-4954-b7aa-33069eb53906}
RegDeleteKey HKCR\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}
RegDeleteKey HKCR\Interface\{3F6DA8BB-3E45-44E2-B494-C55BEAF3B41E}
RegDeleteKey HKCR\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}
RegDeleteKey HKCR\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}
RegDeleteKey HKCR\Interface\{46417AFD-7A15-4ED1-B764-CB72CD4D904F}
RegDeleteKey HKCR\Interface\{4921db9c-64ea-430a-abd2-d016db5a0ac4}
RegDeleteKey HKCR\Interface\{4BF4FAFA-186E-4E36-8F74-525290438D7B}
RegDeleteKey HKCR\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}
RegDeleteKey HKCR\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d}
RegDeleteKey HKCR\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}
RegDeleteKey HKCR\Interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}
RegDeleteKey HKCR\Interface\{5f1da76d-f903-4a44-87bb-3ee9432322f6}
RegDeleteKey HKCR\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}
RegDeleteKey HKCR\Interface\{601A9784-1114-4089-9B3E-CBD70DAFC6AD}
RegDeleteKey HKCR\Interface\{636FF82A-830A-42EA-938B-6DC78B2AC30C}
RegDeleteKey HKCR\Interface\{66291bef-c867-43c0-a7b4-d13393814bcd}
RegDeleteKey HKCR\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c}
RegDeleteKey HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
RegDeleteKey HKCR\Interface\{6A6EBAE8-8C66-4675-B423-95B3BA530940}
RegDeleteKey HKCR\interface\{6c8ab177-7b09-4f5c-9e6d-82eaa765430c}
RegDeleteKey HKCR\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501}
RegDeleteKey HKCR\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f}
RegDeleteKey HKCR\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca}
RegDeleteKey HKCR\Interface\{6F885F52-B45F-45BC-8642-FE3D56155A3A}
RegDeleteKey HKCR\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E}
RegDeleteKey HKCR\Interface\{7138714c-9819-4ab1-9a86-e7c413c9a99f}
RegDeleteKey HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
RegDeleteKey HKCR\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff}
RegDeleteKey HKCR\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9}
RegDeleteKey HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
RegDeleteKey HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
RegDeleteKey HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
RegDeleteKey HKCR\Interface\{7818B6D4-A9B1-4A67-98B6-073A0D2F4192}
RegDeleteKey HKCR\Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D}
RegDeleteKey HKCR\interface\{7ed983c3-faac-400c-bbd4-f519d74ff188}
RegDeleteKey HKCR\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}
RegDeleteKey HKCR\Interface\{8654592E-952A-4E7C-A960-304763B35FA6}
RegDeleteKey HKCR\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}
RegDeleteKey HKCR\Interface\{8D292EC0-6792-4A38-82ED-73A087E41BA6}
RegDeleteKey HKCR\Interface\{8D5C4EC6-AF8E-4B85-BA27-64BABE410510}
RegDeleteKey HKCR\Interface\{8e83f52e-703a-4f2a-aee0-26fafc401e54}
RegDeleteKey HKCR\Interface\{8E98FAF8-794F-47F9-AF90-15305564ED81}
RegDeleteKey HKCR\Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A}
RegDeleteKey HKCR\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8}
RegDeleteKey HKCR\Interface\{918E4B7A-4D80-43A4-83A7-39ADCC11841F}
RegDeleteKey HKCR\Interface\{927420A3-7259-4A74-B402-9329177EC3FC}
RegDeleteKey HKCR\Interface\{991aac62-b100-47ce-8b75-253965244f69}
RegDeleteKey HKCR\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D}
RegDeleteKey HKCR\Interface\{9EE87A26-B2C8-4130-83F6-E8511D939976}
RegDeleteKey HKCR\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59}
RegDeleteKey HKCR\Interface\{a55841fa-0e67-4924-974f-75e75f8d4274}
RegDeleteKey HKCR\Interface\{A55C3BA7-DB1E-4652-867E-055CEAFE8018}
RegDeleteKey HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
RegDeleteKey HKCR\Interface\{AE772DE0-743C-4FEB-A4D6-31CA5F6E3DCD}
RegDeleteKey HKCR\Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF}
RegDeleteKey HKCR\Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D}
RegDeleteKey HKCR\Interface\{AF15975B-1498-4740-8E6C-90AF78E4198C}
RegDeleteKey HKCR\Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86}
RegDeleteKey HKCR\Interface\{B0E8C398-DABE-4CE1-B4D9-ED43B64923F5}
RegDeleteKey HKCR\Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E}
RegDeleteKey HKCR\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}
RegDeleteKey HKCR\Interface\{B671426C-5C1A-48AC-9652-BC9402B1C404}
RegDeleteKey HKCR\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}
RegDeleteKey HKCR\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d}
RegDeleteKey HKCR\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}
RegDeleteKey HKCR\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA}
RegDeleteKey HKCR\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}
RegDeleteKey HKCR\Interface\{c72aeefc-c265-4a10-a5a9-4150b1741580}
RegDeleteKey HKCR\Interface\{C7F127DF-8877-4E1E-A196-FBBECBC5BC6D}
RegDeleteKey HKCR\Interface\{C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4}
RegDeleteKey HKCR\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}
RegDeleteKey HKCR\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}
RegDeleteKey HKCR\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1}
RegDeleteKey HKCR\Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF}
RegDeleteKey HKCR\Interface\{DA603411-0593-11D5-A46B-10101B1B1111}
RegDeleteKey HKCR\Interface\{da603411-0593-11d5-a46b-10101ddd1111}
RegDeleteKey HKCR\Interface\{DCFAB192-4A0E-4720-8E24-70D5F0CB8C39}
RegDeleteKey HKCR\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477}
RegDeleteKey HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
RegDeleteKey HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
RegDeleteKey HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
RegDeleteKey HKCR\Interface\{ea232a0a-46f8-4d44-a30b-50321518a828}
RegDeleteKey HKCR\Interface\{EBA0D3C9-F019-4DB2-861C-FD373D26F6E5}
RegDeleteKey HKCR\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8}
RegDeleteKey HKCR\Interface\{EF77D50B-5767-4E0E-A3A4-098670025F1D}
RegDeleteKey HKCR\Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7}
RegDeleteKey HKCR\Interface\{F4394F24-163D-430B-B5AF-B68B56031B99}
RegDeleteKey HKCR\Interface\{F43EC88B-B6C8-4969-A763-E2BF55602CCE}
RegDeleteKey HKCR\Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D}
RegDeleteKey HKCR\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}
RegDeleteKey HKCR\Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F}
RegDeleteKey HKCR\Interface\{F814BE58-1BF9-4B50-829A-E889F86127AD}
RegDeleteKey HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
RegDeleteKey HKCR\Interface\{F886C52C-EF5B-4EA6-9B71-98415A109FDC}
RegDeleteKey HKCR\Interface\{FB590D02-0A82-4F44-9FAD-517948DCF4F3}

RegDeleteKey HKCR\TypeLib\{014da6c0-189f-421a-88cd-07cfe51cff10}
RegDeleteKey HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
RegDeleteKey HKCR\TypeLib\{05563f82-69a7-40a6-8670-153b635a7ef6}
RegDeleteKey HKCR\TypeLib\{21f022c8-c045-4555-8a90-651e6a3dc6c6}
RegDeleteKey HKCR\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554}
RegDeleteKey HKCR\TypeLib\{34568171-e2ca-4fcd-a99f-43771f766b8a}
RegDeleteKey HKCR\TypeLib\{37b85a20-692b-4205-9cad-2626e4993404}
RegDeleteKey HKCR\TypeLib\{423550e9-2f83-4678-9929-c1774088b180}
RegDeleteKey HKCR\TypeLib\{42FC3840-020C-4E93-A34C-4DF1A6330FBB}
RegDeleteKey HKCR\TypeLib\{45397063-d7d0-47c2-9508-26487608a298}
RegDeleteKey HKCR\TypeLib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}
RegDeleteKey HKCR\TypeLib\{522985f4-ba43-45a0-9b20-ab5f82c0ff7e}
RegDeleteKey HKCR\TypeLib\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
RegDeleteKey HKCR\TypeLib\{566dede9-9ed8-45da-9be6-9b2eeab17f49}
RegDeleteKey HKCR\TypeLib\{57B88FEF-AB18-4FEB-B7F6-F6AF93C23F45}
RegDeleteKey HKCR\TypeLib\{5ba32d9e-f1bd-476c-ad42-97c9379a57a4}
RegDeleteKey HKCR\TypeLib\{60f63095-41ec-11d5-b558-00d0b77f0a6d}
RegDeleteKey HKCR\TypeLib\{66b20295-dc57-42b6-acdf-52d916e86464}
RegDeleteKey HKCR\TypeLib\{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}
RegDeleteKey HKCR\TypeLib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}
RegDeleteKey HKCR\TypeLib\{71efe583-62fe-4419-9918-ca3b683f7b36}
RegDeleteKey HKCR\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9}
RegDeleteKey HKCR\TypeLib\{793af621-5cd0-4b92-b765-6712f6aaf48e}
RegDeleteKey HKCR\TypeLib\{842d315a-7e1e-448b-96e8-9e76d1820be2}
RegDeleteKey HKCR\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77}
RegDeleteKey HKCR\TypeLib\{85204a50-6997-4543-9ff8-d9bbcb9108f5}
RegDeleteKey HKCR\TypeLib\{910e102a-5244-4afd-a806-ce9b4e1a96c7}
RegDeleteKey HKCR\TypeLib\{94beb7a2-36b7-46dc-8ad1-81a8332409c0}
RegDeleteKey HKCR\TypeLib\{9967a873-40f3-4c7e-9239-6c8760f19f61}
RegDeleteKey HKCR\TypeLib\{a80347d3-f757-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\TypeLib\{ab357854-7a72-4fbe-9382-cc74b45a3add}
RegDeleteKey HKCR\TypeLib\{b195b3a5-8a05-11d3-97a4-0004aca6948e}
RegDeleteKey HKCR\TypeLib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}
RegDeleteKey HKCR\TypeLib\{b701a704-f828-11d4-a466-00508b5ba2df}
RegDeleteKey HKCR\TypeLib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}
RegDeleteKey HKCR\TypeLib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}
RegDeleteKey HKCR\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d}
RegDeleteKey HKCR\TypeLib\{ea3956d2-ec38-41ab-b601-47aa281e4952}
RegDeleteKey HKCR\TypeLib\{f42228fb-e84e-479e-b922-fbbd096e792c}
RegDeleteKey HKCR\TypeLib\{f8310e7d-4c4d-46a4-a068-b5bb99411cc7}
RegDeleteKey HKCR\TypeLib\{f8ee014f-b34c-4544-8e45-95a7971d323b}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00c1117b-ab91-4add-9bbf-5d22d099debd}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{013A482E-1893-4F49-8D41-AC89156A6955}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0774f696-d801-4c18-81a7-a3a32b8bef19}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0AB71193-EC19-4D70-85C2-E46E2FF02755}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1038DD23-8AE8-451B-A134-4DB8A49AA519}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31A59636-0FA3-4A56-954D-DB7AD02840D8}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{354382DB-DF55-4DA9-85A3-41696A0F510F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40D8240A-E3A0-4D59-AC55-0443120188D1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{454b4812-e572-4703-a1bb-63490809eac0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{460AC4DB-B0DE-4626-A0F0-175DD84DCB9B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6FE00B71-7251-4E00-9186-ED89BBB946B8}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74CC49F7-EB32-4A08-B204-948962A6E3DB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{75D2080B-4857-4B96-9B7D-732634FBD01F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79B96C72-C0D0-4DC8-BC7E-9F314A918228}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{86BC8440-8693-4076-A144-6BAF942B40B0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8c875948-9c60-4381-9248-0df180542d53}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A14C0D8D-E753-4E73-9E2B-4070791D8940}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A80347E0-F757-11D4-A466-00508B5BA2DF}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00c1117b-ab91-4add-9bbf-5d22d099debd}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{013A482E-1893-4F49-8D41-AC89156A6955}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0774f696-d801-4c18-81a7-a3a32b8bef19}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0AB71193-EC19-4D70-85C2-E46E2FF02755}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1038DD23-8AE8-451B-A134-4DB8A49AA519}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31A59636-0FA3-4A56-954D-DB7AD02840D8}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31D0C6FF-5897-4A57-8005-A50FCE4CE159}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{354382DB-DF55-4DA9-85A3-41696A0F510F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{40D8240A-E3A0-4D59-AC55-0443120188D1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{454b4812-e572-4703-a1bb-63490809eac0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{460AC4DB-B0DE-4626-A0F0-175DD84DCB9B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{60F630A2-41EC-11D5-B558-00D0B77F0A6D}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{69FD62B1-0216-4C31-8D55-840ED86B7C8F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6FE00B71-7251-4E00-9186-ED89BBB946B8}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74CC49F7-EB32-4A08-B204-948962A6E3DB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75D2080B-4857-4B96-9B7D-732634FBD01F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{79B96C72-C0D0-4DC8-BC7E-9F314A918228}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{86BC8440-8693-4076-A144-6BAF942B40B0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8c875948-9c60-4381-9248-0df180542d53}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A14C0D8D-E753-4E73-9E2B-4070791D8940}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A80347E0-F757-11D4-A466-00508B5BA2DF}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B195B3B3-8A05-11D3-97A4-0004ACA6948E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7BF3304-138B-4DD5-86EE-491BB6A2286C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6}|Compatibility Flags|1024

RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{679B2A8D-B2FF-41ed-B3ED-C5CFB8564CB0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E4DF170-217F-4658-A11F-590664542B73}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612}

RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\My Web Search Bar
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\HbTools
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\PopularScreensaversWallpaper
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\WeatherOnTray

RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupfolder\My Web Search Bar
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupfolder\MyWebSearch Email Plugin
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupfolder\HbTools
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupfolder\PopularScreensaversWallpaper
RegDeleteKey HKLM\SOFTWARE\Microsoft\shared tools\msconfig\startupfolder\WeatherOnTray

RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{014DA6C9-189F-421a-88CD-07CFE51CFF10}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{07B18EA9-A523-4961-B6BB-170DE4475CCA}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{094176F9-BF35-4bcb-B68A-108DFB8C3825}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{364b6276-c6c1-40b6-a6d7-6c48871fd707}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{36c5e436-57d2-44c9-b413-6b198d442549}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{528da726-ec08-461e-9564-df5c971e8574}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{528da727-ec08-461e-9564-df5c971e8574}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{74cc49f7-eb32-4a08-b204-948962a6e3db}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{74dd705d-6834-439c-a735-a6dbe2677452}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{821f87ff-8245-4972-9e28-732e92ec2f51}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{8E718888-423F-11D2-876E-00A0C9082467}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{9839B3B7-3F99-4498-884D-6CFCCD251AB1}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{9FB3908C-6565-4CB0-95F8-E9F85258723C}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{a19ef336-01d4-48e6-926a-fe7e1c747aed}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{b195b3b3-8a05-11d3-97a4-0004aca6948e}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|b195b3b3-8a05-11d3-97a4-0004aca6948e
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{D49E9D35-254C-4c6a-9D17-95018D228FF5}
RegDelValue HKLM\Software\Microsoft\internet explorer\toolbar|{FE063DB9-4EC0-403e-8DD8-394C54984B2C}

RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{364b6276-c6c1-40b6-a6d7-6c48871fd707}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{36c5e436-57d2-44c9-b413-6b198d442549}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{528da726-ec08-461e-9564-df5c971e8574}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{528da727-ec08-461e-9564-df5c971e8574}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{74cc49f7-eb32-4a08-b204-948962a6e3db}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{8E718888-423F-11D2-876E-00A0C9082467}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{a19ef336-01d4-48e6-926a-fe7e1c747aed}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\{b195b3b3-8a05-11d3-97a4-0004aca6948e}
RegDeleteKey HKLM\Software\Microsoft\internet explorer\toolbar\b195b3b3-8a05-11d3-97a4-0004aca6948e

RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{014DA6C9-189F-421a-88CD-07CFE51CFF10}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{094176F9-BF35-4bcb-B68A-108DFB8C3825}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{364B6276-C6C1-40B6-A6D7-6C48871FD707}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{74CC49F7-EB32-4A08-B204-948962A6E3DB}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{74dd705d-6834-439c-a735-a6dbe2677452}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebBrowser|{821f87ff-8245-4972-9e28-732e92ec2f51}
RegDelValue HKCU\Software\Microsoft\internet explorer\toolbar\WebB
0
Réponse 32 / 60
Utilisateur anonyme
 
Re ,

Reposte un rapport DSS stp.
a+
0
Réponse 33 / 60
maher
 
voila le nouveau rapport DSS

Deckard's System Scanner v20071014.68
Run by Propriétaire on 2008-06-01 17:30:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 191 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Propriétaire.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:45, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Propriétaire\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PROPRI~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AFD Networking Support Enviroment (AFD Networking Support Enviroment TCP IP Protocol Driver) - Unknown owner - C:\WINDOWS\netdde.exe (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
0
Réponse 34 / 60
Utilisateur anonyme
 
Re ,,

Avec BFU :

→ Créer un nouveau document texte ( clique droit > nouveau > document texte )

→ Rentre-y ceci :



FolderDelete C:\Program Files\AskSBar\
FolderDelete C:\Program Files\AskSBar
FolderDelete C:\Documents and Settings\Administrateur\Cookies\

RegDeleteKey HKLM\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
RegDeleteKey HKLM\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
RegDeleteKey HKCR\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

RegDelValue HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}



→ Et sauvegarde-le dans le dossier BFU sous le nom de " script.bfu " ( remplace l'extention .txt par .bfu -> Très important ! )

Maintenant dans le dossier situé ici C:\BFU tu dois absolument avoir : script.bfu et BFU.exe ( très important aussi ).

→ Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
→ Clique sur le petit dossier jaune, et clique sur : script.bfu
→ Coches la case " Show log after script ends "
→ Clique sur " Execute " pour que le fix fasse son boulot. Attends que le message " Complete script execution " apparaîsse et clique sur OK.
→ Un rapport va s'afficher dans la fenetre du programme, copie/colle le en entier dans le bloc-notes, puis sauvegarde le et Poste le sur le forum..
→ Clique sur Exit pour fermer le programme BFU.

-------------------------------------------------------------

Tu as une démo animée ici (merci balltrap34):

http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm

Et un tutorial en image ici :

https://jesses.pagesperso-orange.fr/Docs/Logiciels/BFU.htm

-------------------------------------------------------------

a+
0
Réponse 35 / 60
maher
 
salut cyril

je vais quitter si tu peux stp m'aider cer soir (à partir 20h30)

merci d'avance
0
Réponse 36 / 60
Utilisateur anonyme
 
Re ,
ok

a++
0
Réponse 37 / 60
maher
 
re cyril

voila le rapport

BFU v1.11.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 20:57:40, on 01/06/2008

Failed: FolderDelete C:\Program Files\AskSBar\ (operation failed)
Failed: FolderDelete C:\Program Files\AskSBar (operation failed)
Failed: FolderDelete C:\Documents and Settings\Administrateur\Cookies\ (operation failed)
Failed: RegDeleteKey HKLM\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} (key does not exist)
Failed: RegDeleteKey HKLM\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (key does not exist)
Failed: RegDeleteKey HKCR\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} (key does not exist)
Script completed at 20:57:51.
0
Réponse 38 / 60
Utilisateur anonyme
 
Re ,

Apparemment BFU manque de jus pour supprimer.

/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\

1)Télécharge OTMoveIt2 ( de Old Timer )

2)Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

C:\Program Files\AskSBar
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}


et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.

A++
0
Réponse 39 / 60
maher
 
re cyril

C:\Program Files\AskSBar\SrchAstt\1.bin moved successfully.
C:\Program Files\AskSBar\SrchAstt moved successfully.
C:\Program Files\AskSBar\bar\Settings moved successfully.
C:\Program Files\AskSBar\bar\History moved successfully.
C:\Program Files\AskSBar\bar\Cache moved successfully.
C:\Program Files\AskSBar\bar\1.bin moved successfully.
C:\Program Files\AskSBar\bar moved successfully.
C:\Program Files\AskSBar moved successfully.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} \\ not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} \\ not found.
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} \ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06012008_211509
0
Réponse 40 / 60
Utilisateur anonyme
 
Re ,

Reposte un rapport DSS.

A++
0