spyware ou virus Résolu

Question

bonjour à toute l' équipe,
voila depuis quelque jours j' ai un pop up win antivirus qui apparait sans cesse en me demandant de telecharger leur produit j'ai fais un scan antivirus rien ad aware rien spybot rien a 2 free rien detecter alors je m' en remet à vous .
merci de votre aide .Logfile of HijackThis v1.99.1
Scan saved at 11:13:23, on 20/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\ED2VGBQD\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id
2&version
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc.                          - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE

Séb08 · Answer

slt,

Tu dois être infecté par Vundo (virtumonde)

Fais un clic droit sur l'outil HijackThis! >> "Renommer", puis renomme-le en scan.exe 

Lance HijackThis! (double clique scan.exe) puis clique "Do a system scan and save a logfile", puis poste le rapport ici. 

a+

^^Marie^^ · Answer

Slt,

Pour faire avancer le smillblikk de Séb (lol)

Télécharge Brute Force Uninstaller (de Merijn) ici: 
http://www.merijn.org/files/bfu.zip 
Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU. 
Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU) 

Ensuite, télécharge EGDACCESS.bfu (de Metallica) : 

Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). 

Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers". 
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important). 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU) 
- Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu 
- Coches la case Show log after script ends 
- Clique sur Execute pour que le fix fasse son boulot :-) 

Attends que le message Complete script execution apparaîsse et clique sur OK. 
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum. 
Clique Exit pour fermer le programme BFU. 

========================================== 


Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence. 
Clique sur Scan pour lancer l'analyse. 
Une fois fait, sélectionnes chaque fichiers trouvés et clic sur "RENAME" 
Puis valide. 
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc. 

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- 

Après le reboot du pc, les fichiers : 

C:\windows\system32\zhdpuyekot.exe
c:\WINDOWS\system32\zhdpuyekot_nav.dat
c:\WINDOWS\system32\zhdpuyekot.dat
c:\WINDOWS\system32\zhdpuyekot_navps.dat
 
devraient être visible et pouvoir être supprimés sans aucuns soucis. 
Blacklight ne les supprimes pas, il les renomme simplement et il va falloir que tu les vires toi-même: 
Va dans C:\windows\system32\ et recherches et effaces: 

zhdpuyekot.exe.ren
zhdpuyekot_nav.dat.ren
zhdpuyekot.dat.ren
zhdpuyekot_navps.dat.ren


 
Une fois fait, reposte un rapport hijackthis et un nouveau rapport de blacklight.

A++

emw · Answer

voici le rapport
merci de ton a# For use with Merijn's Brute Force Uninstaller
# available from http://merijn.org/
#
# Script Name: EGDACCESS.BFU
# This script combines the old EGDACCESS.bfu and P2EClient.BFU
# Author: Pieter Arntz
#
# Thanks to ~Mark and Moe31 for their contributions


ProcessKill \mailskinner.exe|1
ProcessKill %WINDIR%\iedisco.exe|1
ProcessKill \GoAstro.exe|1
ProcessKill \MessengerSkinner.exe|1

ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml


RegDeleteKey HKCR\egdhtml.egdialhtml
RegDeleteKey HKCR\egdhtml.egdialhtml.1
RegDeleteKey HKCR\egdialobject.egdial
RegDeleteKey HKCR\EGDialObject.EGDial.1
RegDeleteKey HKCR\eghtmldialer.htmldialer
RegDeleteKey HKCR\eghtmldialer.htmldialer.1
RegDeleteKey HKCR\ieaccess2.iedial
RegDeleteKey HKCR\ieaccess2.iedial.1
RegDeleteKey HKCR\P2ECOM.EGP2ECOM
RegDeleteKey HKCR\P2ECOM.EGP2ECOM.1
RegDeleteKey HKCR\EGAUTH.EGEGAUTH
RegDeleteKey HKCR\EGAUTH.EGEGAUTH.1
RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc
RegDeleteKey HKCR\EGCOMSERVICE.EGComSvc.1
RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2 
RegDeleteKey HKCR\EGCOMSERVICE2.EGComSvc2.1
RegDeleteKey HKCR\EGCOMLIB.EGComLibrary
RegDeleteKey HKCR\EGCOMLIB.EGComLibrary.1
RegDeleteKey HKCR\Webcam2.VideoProducer
RegDeleteKey HKCR\Webcam2.VideoProducer.1

RegDeleteKey HKCR\CLSID\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
RegDeleteKey HKCR\CLSID\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
RegDeleteKey HKCR\CLSID\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
RegDeleteKey HKCR\CLSID\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
RegDeleteKey HKCR\CLSID\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
RegDeleteKey HKCR\CLSID\{0878F049-D33E-45E0-A157-C36A6683CF25}
RegDeleteKey HKCR\CLSID\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
RegDeleteKey HKCR\CLSID\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
RegDeleteKey HKCR\CLSID\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
RegDeleteKey HKCR\CLSID\{0E79192A-C52C-4260-920F-639AC2296203}
RegDeleteKey HKCR\CLSID\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
RegDeleteKey HKCR\CLSID\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
RegDeleteKey HKCR\CLSID\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
RegDeleteKey HKCR\CLSID\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
RegDeleteKey HKCR\CLSID\{1CD49DC9-FD88-41FA-B892-47E037267D45}
RegDeleteKey HKCR\CLSID\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
RegDeleteKey HKCR\CLSID\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
RegDeleteKey HKCR\CLSID\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
RegDeleteKey HKCR\CLSID\{26D73573-F1B3-48C9-A989-E6CE071957A1}
RegDeleteKey HKCR\CLSID\{2A3DFC59-8A87-49A1-85D1-42903410911F}
RegDeleteKey HKCR\CLSID\{2ABE804B-4D3A-41BF-A172-304627874B45}
RegDeleteKey HKCR\CLSID\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
RegDeleteKey HKCR\CLSID\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
RegDeleteKey HKCR\CLSID\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
RegDeleteKey HKCR\CLSID\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
RegDeleteKey HKCR\CLSID\{3616F4B5-F6AD-4E67-966A-C218673648A0}
RegDeleteKey HKCR\CLSID\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
RegDeleteKey HKCR\CLSID\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}
RegDeleteKey HKCR\CLSID\{3CD945A2-E413-4956-B9D8-A67FB6A7CB66}
RegDeleteKey HKCR\CLSID\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
RegDeleteKey HKCR\CLSID\{469C7080-8EC8-43A6-AD97-45848113743C}
RegDeleteKey HKCR\CLSID\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
RegDeleteKey HKCR\CLSID\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
RegDeleteKey HKCR\CLSID\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
RegDeleteKey HKCR\CLSID\{54579C3D-A58D-4623-B5B5-465552BDA45B}
RegDeleteKey HKCR\CLSID\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
RegDeleteKey HKCR\CLSID\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
RegDeleteKey HKCR\CLSID\{624321F1-0581-49D8-99BD-2E952C2DF31B}
RegDeleteKey HKCR\CLSID\{6AA85413-165C-4200-8154-71166077B22E}
RegDeleteKey HKCR\CLSID\{6AA93DF6-6757-4338-9087-F7601DE18402}
RegDeleteKey HKCR\CLSID\{71CBDCD9-0830-4470-A890-35D364DA352C}
RegDeleteKey HKCR\CLSID\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
RegDeleteKey HKCR\CLSID\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
RegDeleteKey HKCR\CLSID\{77EF6DBF-3929-4081-AF2E-178D387E211C}
RegDeleteKey HKCR\CLSID\{78F584DF-BBF5-4296-839C-31DE60914DBC}
RegDeleteKey HKCR\CLSID\{82FC4503-8459-4239-9B85-0617BEAA950A}
RegDeleteKey HKCR\CLSID\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
RegDeleteKey HKCR\CLSID\{87C1805D-C5AE-4455-AB39-E245BB516136}
RegDeleteKey HKCR\CLSID\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
RegDeleteKey HKCR\CLSID\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
RegDeleteKey HKCR\CLSID\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
RegDeleteKey HKCR\CLSID\{95460ABD-946A-46FF-9F56-268718323EEE}
RegDeleteKey HKCR\CLSID\{9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0}
RegDeleteKey HKCR\CLSID\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
RegDeleteKey HKCR\CLSID\{A02780C3-7F77-4E28-855B-28890F3CF37A}
RegDeleteKey HKCR\CLSID\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
RegDeleteKey HKCR\CLSID\{AF7410C1-FBA3-415E-800A-4110CED40536}
RegDeleteKey HKCR\CLSID\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
RegDeleteKey HKCR\CLSID\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
RegDeleteKey HKCR\CLSID\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
RegDeleteKey HKCR\CLSID\{B843DA96-2B2D-447E-90AB-B92929AA11AF}
RegDeleteKey HKCR\CLSID\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
RegDeleteKey HKCR\CLSID\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
RegDeleteKey HKCR\CLSID\{BD3653E4-884B-43C4-970B-670802501B7F}
RegDeleteKey HKCR\CLSID\{BE5A7132-329F-4319-B781-2A83BFE51534}
RegDeleteKey HKCR\CLSID\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
RegDeleteKey HKCR\CLSID\{C2481ED1-9896-4D49-AE90-69858DFDE446}
RegDeleteKey HKCR\CLSID\{C6760A07-A574-4705-B113-7856315922C3}
RegDeleteKey HKCR\CLSID\{C80B7FF6-CE60-4079-935E-520C045C30A6}
RegDeleteKey HKCR\CLSID\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
RegDeleteKey HKCR\CLSID\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
RegDeleteKey HKCR\CLSID\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
RegDeleteKey HKCR\CLSID\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
RegDeleteKey HKCR\CLSID\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
RegDeleteKey HKCR\CLSID\{D24A1963-9951-4153-A340-6648759EB77D}
RegDeleteKey HKCR\CLSID\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
RegDeleteKey HKCR\CLSID\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
RegDeleteKey HKCR\CLSID\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
RegDeleteKey HKCR\CLSID\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
RegDeleteKey HKCR\CLSID\{E1D20694-74D9-472D-AF03-08C26173A67F}
RegDeleteKey HKCR\CLSID\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
RegDeleteKey HKCR\CLSID\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
RegDeleteKey HKCR\CLSID\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
RegDeleteKey HKCR\CLSID\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
RegDeleteKey HKCR\CLSID\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
RegDeleteKey HKCR\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
RegDeleteKey HKCR\CLSID\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
RegDeleteKey HKCR\CLSID\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
RegDeleteKey HKCR\CLSID\{F4653484-F38C-455F-BB15-1175E527754E}
RegDeleteKey HKCR\CLSID\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
RegDeleteKey HKCR\CLSID\{FA1D6D8F-C6ED-4752-8512-A33283240130}
RegDeleteKey HKCR\CLSID\{FA605711-8E72-46B2-AE49-BED11B2E729D}
RegDeleteKey HKCR\CLSID\{FA83E942-B796-46DE-9155-1632ECC5473B}
RegDeleteKey HKCR\CLSID\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
RegDeleteKey HKCR\CLSID\{FF521631-31DA-48AC-B4E9-390A7694C906}

RegDeleteKey HKCR\TypeLib\{06EC63CC-4823-4836-ABB8-AB5F3971FA5C}
RegDeleteKey HKCR\TypeLib\{0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C}
RegDeleteKey HKCR\TypeLib\{1F445F82-42C0-46F3-9A2E-6ADB79046D41}
RegDeleteKey HKCR\TypeLib\{7699AEF9-F83A-44FA-B374-AA02CEDF247D}
RegDeleteKey HKCR\TypeLib\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
RegDeleteKey HKCR\TypeLib\{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}
RegDeleteKey HKCR\TypeLib\{E8C88115-4951-425B-8C45-4DFC5A5540EE}
RegDeleteKey HKCR\TypeLib\{F3A257E6-FA04-4B30-A1B6-6B89EB814544}

RegDeleteKey HKCR\Interface\{2E30AC01-99D7-4E9C-B13E-94E1701B0AC9}
RegDeleteKey HKCR\Interface\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
RegDeleteKey HKCR\Interface\{3947AC1D-DB09-4353-BBCC-55B97F5035EF}
RegDeleteKey HKCR\Interface\{62BFAEC2-82A5-4117-A98B-FEA89413D924}
RegDeleteKey HKCR\Interface\{7B1B5E44-8E90-4EE2-9049-CC0C5D8A918F}
RegDeleteKey HKCR\Interface\{81C2F7F3-F930-455E-9AA5-0876D387C787}
RegDeleteKey HKCR\Interface\{8F0A06F6-DF4D-4D54-B8CA-E8EEDBAE6DDB}
RegDeleteKey HKCR\Interface\{901166A5-F137-4B27-BC4C-CA611DEBDCED}
RegDeleteKey HKCR\Interface\{A58F3D09-4543-4396-8BE7-105F14DD6ED5}
RegDeleteKey HKCR\Interface\{A7B323DA-0D0C-4298-8DE0-4F2AC4773284}
RegDeleteKey HKCR\Interface\{C13FA88A-D264-4BC8-92ED-52EB8181E209}
RegDeleteKey HKCR\Interface\{F8ACA5A0-060A-478A-8368-1407780D2251}

RegDeleteKey HKCU\Software\livesvc
RegDeleteKey HKCU\Software\EGDHTML
RegDeleteKey HKCU\Software\egroup
RegDeleteKey HKCU\Software\P2EClient
RegDeleteKey HKCU\software\egdhtml
RegDeleteKey HKCU\Software\epk_extr
RegDeleteKey HKCU\software\mc
RegDeleteKey HKUS\software\egdhtml
RegDeleteKey HKLM\SOFTWARE\InternetGameBox
RegDeleteKey HKLM\SOFTWARE\GoRecord
RegDeleteKey HKLM\SOFTWARE\GoAstro
RegDeleteKey HKLM\SOFTWARE\SudoPlanet
RegDeleteKey HKLM\SOFTWARE\WebMediaPlayer
RegDeleteKey HKLM\SOFTWARE\MessengerSkinner

RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01BE5BD7-B2DD-48B3-A759-59265A91E787}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0878F049-D33E-45E0-A157-C36A6683CF25}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0E79192A-C52C-4260-920F-639AC2296203}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14325268-79E0-4D2A-89A4-FFFC6E22741E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD49DC9-FD88-41FA-B892-47E037267D45}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1EB17D1C-141D-4D9D-91CB-24D99215851D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{26D73573-F1B3-48C9-A989-E6CE071957A1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2A3DFC59-8A87-49A1-85D1-42903410911F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2ABE804B-4D3A-41BF-A172-304627874B45}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2F668A6D-2EC7-4E3A-A485-819E210738D6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3616F4B5-F6AD-4E67-966A-C218673648A0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{469C7080-8EC8-43A6-AD97-45848113743C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{486E48B5-ABF2-42BB-A327-2679DF3FB822}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{505098FD-5D61-4BC2-9B82-F969D0E932A2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54579C3D-A58D-4623-B5B5-465552BDA45B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{624321F1-0581-49D8-99BD-2E952C2DF31B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA85413-165C-4200-8154-71166077B22E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6AA93DF6-6757-4338-9087-F7601DE18402}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71CBDCD9-0830-4470-A890-35D364DA352C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7504F0D5-644A-4103-9D02-95488B6CB9A1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{77EF6DBF-3929-4081-AF2E-178D387E211C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{78F584DF-BBF5-4296-839C-31DE60914DBC}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{82FC4503-8459-4239-9B85-0617BEAA950A}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87C1805D-C5AE-4455-AB39-E245BB516136}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{95460ABD-946A-46FF-9F56-268718323EEE}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A02780C3-7F77-4E28-855B-28890F3CF37A}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AF7410C1-FBA3-415E-800A-4110CED40536}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BD3653E4-884B-43C4-970B-670802501B7F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BE5A7132-329F-4319-B781-2A83BFE51534}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C2481ED1-9896-4D49-AE90-69858DFDE446}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C6760A07-A574-4705-B113-7856315922C3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C80B7FF6-CE60-4079-935E-520C045C30A6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CB5D474E-A510-40A4-B5A4-838933BCBA64}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CEFB7B49-9652-464F-8AFD-A577C0500F39}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E1D20694-74D9-472D-AF03-08C26173A67F}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E3943A24-2F83-4505-9AE5-F705E81B50CB}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F4653484-F38C-455F-BB15-1175E527754E}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F72BC3F0-6C20-4793-9DDA-258589D8A907}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA1D6D8F-C6ED-4752-8512-A33283240130}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA605711-8E72-46B2-AE49-BED11B2E729D}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FA83E942-B796-46DE-9155-1632ECC5473B}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FF521631-31DA-48AC-B4E9-390A7694C906}

RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01BE5BD7-B2DD-48B3-A759-59265A91E787}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04CCFF26-7D52-4E42-BF6A-F8ECE0896EB7}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04F414E9-E352-4BC3-963D-7BFE5A5F31A9}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0594AF7E-573B-40DF-8165-E47AB2EAEFE8}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07C9CFC7-DE33-4A0C-9FFB-CDFBA843B157}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0878F049-D33E-45E0-A157-C36A6683CF25}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{093F9CF8-0DE1-491C-95D5-5EC257BD4CA3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0D1011B3-89C8-4F8E-8693-BB970E2E81E0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0DA910BC-6919-489E-B584-D9A4AAC7B8DE}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0E79192A-C52C-4260-920F-639AC2296203}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F1D260-129E-4EB7-B37E-57E3D97A3DF1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{14325268-79E0-4D2A-89A4-FFFC6E22741E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1604DF98-D1A5-44FE-844A-98D6FD0518D0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD49DC9-FD88-41FA-B892-47E037267D45}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1CD4E2DC-2DA0-4154-8723-38CB04FB6A58}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1EB17D1C-141D-4D9D-91CB-24D99215851D}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{201D3DA8-B495-4A3B-BEE8-6D8DDCCC5762}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{26D73573-F1B3-48C9-A989-E6CE071957A1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2A3DFC59-8A87-49A1-85D1-42903410911F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2ABE804B-4D3A-41BF-A172-304627874B45}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2AEEAC34-FD74-4142-B891-4B05C0C03C87}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F668A6D-2EC7-4E3A-A485-819E210738D6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{31DDC1FD-CEA3-4837-A6DC-87E67015ADC9}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3446598E-00E4-4B5E-99A6-87ECCA8324A2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3616F4B5-F6AD-4E67-966A-C218673648A0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{39EA2F6F-3F50-4F58-9C63-4B3D53B0926E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3ABC79F3-E345-43B9-A79F-5D5C7A8EC4DC}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3DAD912E-D2B9-4323-B7C9-7F2C5CC0C57B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{469C7080-8EC8-43A6-AD97-45848113743C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{486E48B5-ABF2-42BB-A327-2679DF3FB822}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{505098FD-5D61-4BC2-9B82-F969D0E932A2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54579C3D-A58D-4623-B5B5-465552BDA45B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{54C75FB0-6B8B-4278-BF7B-77036F15A69E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{602890BA-07A1-4A93-A89F-6BDDD8BB9BA5}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{624321F1-0581-49D8-99BD-2E952C2DF31B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA85413-165C-4200-8154-71166077B22E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6AA93DF6-6757-4338-9087-F7601DE18402}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71CBDCD9-0830-4470-A890-35D364DA352C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{71DA2A4E-ACB3-4065-9E41-8BC42EABE427}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7504F0D5-644A-4103-9D02-95488B6CB9A1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77EF6DBF-3929-4081-AF2E-178D387E211C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F584DF-BBF5-4296-839C-31DE60914DBC}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{82FC4503-8459-4239-9B85-0617BEAA950A}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{87C1805D-C5AE-4455-AB39-E245BB516136}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8B3B8135-9DAA-40E7-8941-962795F9C1CB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D8BAF56-B581-4B90-A549-C4AC6B03F1BB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{94742E3F-D9A1-4780-9A87-2FFA43655DA2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{95460ABD-946A-46FF-9F56-268718323EEE}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9EB4F647-FE4A-42F9-9F5C-B8FB28DD02F9}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A02780C3-7F77-4E28-855B-28890F3CF37A}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1C392A2-B274-46DB-89BE-1FBD476B9C93}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AF7410C1-FBA3-415E-800A-4110CED40536}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AFCF364F-F730-4B1E-B2D5-80F9172FBC44}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA14D944-0D8C-4F16-A950-6E53EEBB558F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA749BC1-143E-430D-B1DA-1D2AF67A3658}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD3653E4-884B-43C4-970B-670802501B7F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BE5A7132-329F-4319-B781-2A83BFE51534}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFC9677B-8006-4336-9D49-2C797AEFCB9E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C2481ED1-9896-4D49-AE90-69858DFDE446}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6760A07-A574-4705-B113-7856315922C3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C80B7FF6-CE60-4079-935E-520C045C30A6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C9269872-E3D6-4811-8E5E-835CA8CBD0B3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CB5D474E-A510-40A4-B5A4-838933BCBA64}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CDD8BADE-B4C8-4E97-84B4-1DC9ABAD3EF3}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CEFB7B49-9652-464F-8AFD-A577C0500F39}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D7B59209-0ED9-4986-BD4A-527BE836C6B2}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D8B94E9A-A34B-4253-BF48-C7CB7F2CFDB0}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E114CD5B-17CE-4807-890E-7B1EDF9F2E5E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E19AB99F-AEC4-4B40-A5CA-F69D22522D77}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E1D20694-74D9-472D-AF03-08C26173A67F}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E24E8472-89B7-479F-8AD8-BBD7206A6A02}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3943A24-2F83-4505-9AE5-F705E81B50CB}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AE1661-EBEB-492B-AE0D-860DF24174C6}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E49A9FCB-FAA9-4C1F-A1C1-54920DA2CCA4}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EC4AFBF3-4540-4306-AF10-4CAC509EA16B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EF4DCD99-D26B-44A4-BA77-CFDCC97E7291}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EFB23983-5803-4914-ADA3-C0EA2CFBDC37}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4653484-F38C-455F-BB15-1175E527754E}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F72BC3F0-6C20-4793-9DDA-258589D8A907}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA1D6D8F-C6ED-4752-8512-A33283240130}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA605711-8E72-46B2-AE49-BED11B2E729D}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA83E942-B796-46DE-9155-1632ECC5473B}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FBF65A16-C9AB-465E-AECE-D2D9D5AB5E60}|Compatibility Flags|1024
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF521631-31DA-48AC-B4E9-390A7694C906}|Compatibility Flags|1024

RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cpntmgc
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Instant Access
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MailSkinner
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MC
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|go-astro
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|messengerskinner
RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MC
RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|msupd
RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialDllName32|wininet.dll
RegSetStringValue HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Autodial|AutodialFcnName32|InternetAutodialCallback
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MailSkinner
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InternetGameBox
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoRecord
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GoAstro
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SudoPlanet
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebMediaPlayer
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MessengerSkinner

RegDeleteKey HKCR\AxInst.IgbInstall
RegDeleteKey HKCR\AxInst.IgbInstall.1
RegDeleteKey HKCR\CLSID\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
RegDeleteKey HKCR\AppID\AppID\AxInst.EXE
RegDeleteKey HKCR\AppID\{7AA54C6E-DBF0-4A63-AFE0-6582094C46DE}
RegDeleteKey HKCR\Interface\{66C13795-9AA0-4244-B1A8-37F9E99FB079}
RegDeleteKey HKCR\Interface\{9E03C295-4FDF-4828-A99C-85EB0D848DC0}
RegDeleteKey HKCR\TypeLib\{C9F88FA1-51F1-43C8-A0FC-EAC4537D8392}
RegDeleteKey HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E68718BB-5451-4F6F-B8B8-41B4AB672747}
RegSetDwordValue HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E68718BB-5451-4F6F-B8B8-41B4AB672747}|Compatibility Flags|1024
RegDelValue HKCU\software\microsoft\windows\currentversion\wintrust	rust providers\software publishing	rust database\0|ELECTRONIC GROUP
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoAstro.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SudoPlanet.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\GoRecord.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\InternetGameBox.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe
RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MessengerSkinner.exe

DllUnregister %SYSDIR%\MSWBM32.DLL|1
DllUnregister %PROGRAMFILES%\MailSkinner\OESkinner.dll|1

ProcessKillIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te|0
ProcessKillIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml

FileDelete %SYSTEMDRIVE%\dfuck.ico
FileDelete %SYSTEMDRIVE%\Video Party.ico

FileDelete %ALLUSERSDESKTOP%\Instant Access.lnk
FileDelete %ALLUSERSDESKTOP%\NoCreditCard.lnk
FileDelete %ALLUSERSDESKTOP%\Join The Orgy.lnk
FileDelete %ALLUSERSDESKTOP%\GoRecord.lnk
FileDelete %ALLUSERSDESKTOP%\GoAstro.lnk
FileDelete %ALLUSERSDESKTOP%\InternetGameBox.lnk
FileDelete %ALLUSERSDESKTOP%\SudoPlanet.lnk
FileDelete %ALLUSERSDESKTOP%\WebMediaPlayer.lnk

FileDelete %DESKTOP%\Instant Access.lnk
FileDelete %DESKTOP%\NoCreditCard.lnk
FileDelete %DESKTOP%\Join The Orgy.lnk
FileDelete %DESKTOP%\GoRecord.lnk
FileDelete %DESKTOP%\GoAstro.lnk
FileDelete %DESKTOP%\InternetGameBox.lnk
FileDelete %DESKTOP%\SudoPlanet.lnk
FileDelete %DESKTOP%\WebMediaPlayer.lnk

FileDelete %PROGRAMS%\GoRecord 2
FileDelete %PROGRAMS%\GoAstro
FileDelete %PROGRAMS%\InternetGameBox
FileDelete %PROGRAMS%\SudoPlanet
FileDelete %PROGRAMS%\WebMediaPlayer
FileDelete %PROGRAMS%\MessengerSkinner

FileDelete %ALLUSERSSTARTMENU%\Instant access
FileDelete %ALLUSERSSTARTMENU%\NoCreditCard
FileDelete %ALLUSERSSTARTMENU%\Join The Orgy
FileDelete %ALLUSERSSTARTMENU%\GoRecord 2
FileDelete %ALLUSERSSTARTMENU%\GoAstro
FileDelete %ALLUSERSSTARTMENU%\InternetGameBox
FileDelete %ALLUSERSSTARTMENU%\SudoPlanet
FileDelete %ALLUSERSSTARTMENU%\WebMediaPlayer

FileDelete %WINDIR%\Downloaded Program Files\dhtmlaccess.inf
FileDelete %WINDIR%\Downloaded Program Files\dtc32.inf
FileDelete %WINDIR%\Downloaded Program Files\EGAUTH.inf
FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS.inf
FileDelete %WINDIR%\Downloaded Program Files\EGDACCESS_ASPIV4.inf
FileDelete %WINDIR%\Downloaded Program Files\EGCOMSERVICE_pack.inf 
FileDelete %WINDIR%\Downloaded Program Files\egdhtml.inf
FileDelete %WINDIR%\Downloaded Program Files\egdial.dll
FileDelete %WINDIR%\Downloaded Program Files\egdhtml_****.dll
FileDelete %WINDIR%\Downloaded Program Files\egdhtml_pack.inf
FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.inf
FileDelete %WINDIR%\Downloaded Program Files\eghtmldialer.dll
FileDelete %WINDIR%\Downloaded Program Files\eglivecam_****.dll
FileDelete %WINDIR%\Downloaded Program Files\eglivecam.dll
FileDelete %WINDIR%\Downloaded Program Files\ia.inf
FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.inf
FileDelete %WINDIR%\Downloaded Program Files\ieaccess2.dll
FileDelete %WINDIR%\Downloaded Program Files
etcmp32.inf
FileDelete %WINDIR%\Downloaded Program Files
etia32.inf
FileDelete %WINDIR%\Downloaded Program Files\Netslv32.inf
FileDelete %WINDIR%\Downloaded Program Files\Netslv32.dll
FileDelete %WINDIR%\Downloaded Program Files
etpe32.inf
FileDelete %WINDIR%\Downloaded Program Files
ethv32.inf
FileDelete %WINDIR%\Downloaded Program Files\LiveService.inf
FileDelete %WINDIR%\Downloaded Program Files\one2oneSvc.inf
FileDelete %WINDIR%\Downloaded Program Files\sysnetsvc32.inf
FileDelete %WINDIR%\Downloaded Program Files\syswbsvc32.inf
FileDelete %WINDIR%\Downloaded Program Files\sysinetsvc32.inf
FileDelete %WINDIR%\Downloaded Program Files\sysiasvc32.inf

FileDelete %WINDIR%\access.exe
FileDelete %WINDIR%\dialx.exe
FileDelete %WINDIR%\ExeDialer.exe
FileDelete %WINDIR%\msupd.exe

FileDelete %WINDIR%	mlpcert2005
FileDelete %WINDIR%	mlpcert2007

FileDelete %WINDIR%\eg_auth_*.dll
FileDelete %WINDIR%\eg_auth_srv_10*.dll
FileDelete %WINDIR%\eg_auth_srv_mut0*.dll
FileDelete %WINDIR%\ieaccess2.dll
FileDelete %WINDIR%\system\eghtmldialer.dll
FileDelete %WINDIR%\System\ieaccess2.dll
FileDelete %WINDIR%\System\egdial.dll
FileDelete %WINDIR%\p2esocks_10*.dll

FileDelete %SYSDIR%\authclient.exe
FileDelete %SYSDIR%\dhtmlexe.exe
FileDelete %SYSDIR%\eglivecam.exe
FileDelete %SYSDIR%\P2EClient.exe
FileDelete %SYSDIR%\AxInst.exe
FileDelete %SYSDIR%\axsetup.dll
FileDelete %SYSDIR%\EGACCESS.dll
FileDelete %SYSDIR%\EGACCESS*.dll
FileDelete %SYSDIR%\egaccess4.DLL
FileDelete %SYSDIR%\egaccess4_10*.dll
FileDelete %SYSDIR%\EGDACCESS_*10*.dll
FileDelete %SYSDIR%\EGDACCESS.dll
FileDelete %SYSDIR%\egaccess*.inf
FileDelete %SYSDIR%\EGDACCESS*.inf
FileDelete %SYSDIR%\EGDHTML2.DLL
FileDelete %SYSDIR%\EGDHTML_*.dll 
FileDelete %SYSDIR%\EGAUTH.dll
FileDelete %SYSDIR%\eg_auth_srv_10*.dll
FileDelete %SYSDIR%\EGCOMLIB*.dll
FileDelete %SYSDIR%\EGCOMSERVICE2.dll 
FileDelete %SYSDIR%\EGCOMSERVICE_*.dll
FileDelete %SYSDIR%\EGDownloader.dll
FileDelete %SYSDIR%\EGLIVECAM_10*.DLL 
FileDelete %SYSDIR%\egdial.dll
FileDelete %SYSDIR%\eglivecam.dll
FileDelete %SYSDIR%\ia.dll
FileDelete %SYSDIR%\ieaccess2.dll
FileDelete %SYSDIR%\IaLdr32.exe
FileDelete %SYSDIR%\IaLdr32.inf
FileDelete %SYSDIR%\LiveService_*.dll
FileDelete %SYSDIR%\msegcompid.dll
FileDelete %SYSDIR%\msclock32.dll
FileDelete %SYSDIR%\msclock32*.dll
FileDelete %SYSDIR%\mservice.dll
FileDelete %SYSDIR%\msplock32.dll
FileDelete %SYSDIR%\msplock32*.dll
FileDelete %SYSDIR%\mswbm32.dll
FileDelete %SYSDIR%\mseggrpid.dll
FileDelete %SYSDIR%
etia32.dll
FileDelete %SYSDIR%
ethv32.dll
FileDelete %SYSDIR%\Netslv32.dll
FileDelete %SYSDIR%\One2OneService.dll
FileDelete %SYSDIR%\one2oneSvc.dll
FileDelete %SYSDIR%\p2esocks_*.dll 
FileDelete %SYSDIR%\P2ECOM.dll
FileDelete %SYSDIR%\svcia32.dll
FileDelete %SYSDIR%\syswbsvc32.dll
FileDelete %SYSDIR%\sysiasvc32.dll
FileDelete %SYSDIR%\sysia32svc.dll
FileDelete %SYSDIR%\sysinetsvc32.dll 
FileDelete %SYSDIR%\svcsysnet32.dll
FileDelete %SYSDIR%\sysnetsvc32.dll
FileDelete %SYSDIR%\*_navps.dat
FileDelete %SYSDIR%\*_nav.dat
FileDelete %SYSDIR%
vs2.inf

FileDelete %SYSDIR%\backgrd.jpg
FileDelete %SYSDIR%\baground.jpg

FolderDelete %PROGRAMFILES%\dialpass
FolderDelete %PROGRAMFILES%\eghtmldialer
FolderDelete %PROGRAMFILES%\egroup
FolderDelete %PROGRAMFILES%\Instant Access
FolderDelete %PROGRAMFILES%\MailSkinner
FolderDelete %PROGRAMFILES%\InternetGameBox
FolderDelete %PROGRAMFILES%\GoRecord2
FolderDelete %PROGRAMFILES%\GoAstro
FolderDelete %PROGRAMFILES%\SudoPlanet
FolderDelete %PROGRAMFILES%\WebMediaPlayer
FolderDelete %PROGRAMFILES%\MessengerSkinner

# mslagent block

DllUnregister %WINDIR%\mslagent\2_mslagent.dll|1
DllUnregister %WINDIR%
avmpc\2_navmpc.dll|1

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|mslagent
RegDeleteKey HKCR\CLSID\{4A6FA2EB-F381-4503-87D0-BE4CC57DEB8E}
RegDeleteKey HKCR\CLSID\{75A603E7-8BB7-4272-ABBE-9846FF1241C1}
RegDeleteKey HKCR\CLSID\{DE614603-6320-4046-A7A7-6A69CEC26F14}
RegDeleteKey HKCR\CLSID\{D7A82A12-05F5-42D8-B30D-6EF995075D2D}
RegDeleteKey HKCR\Interface\{1EF28CC5-8D97-4310-B71B-CA34EE15B897}
RegDeleteKey HKCR\Interface\{43CDAD65-AA0D-4701-8108-117F86613B69}
RegDeleteKey HKCR\Interface\{510C3373-4842-4944-8729-0AFF6725A132}
RegDeleteKey HKCR\Interface\{6D3F48F4-B40A-4C3F-A95C-85E23C3A8A91}
RegDeleteKey HKCR\TypeLib\{5630B768-1C09-4105-9E03-E35985E36B0B}
RegDeleteKey HKCR\TypeLib\{82C0673C-F1D1-47BA-B904-AB0DE82300BC}
RegDeleteKey HKCR\TypeLib\{BA49BD6A-039C-428E-AF33-8C1288D75A7B}
RegDeleteKey HKCR\TypeLib\{CA72BD3D-6044-4429-8C9A-76D90F4B29A8}
RegDeleteKey HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{021BB032-80A8-4FB6-B3D5-CF27B1553B95}
RegDeleteKey HKCR\MagicControl.MagicComponent
RegDeleteKey HKCR\MagicControl.MagicComponent.1
RegDeleteKey HKCR\mslagent.3
RegDeleteKey HKCR\mslagent.3.1
RegDeleteKey HKCR\NaviHelper.NaviHelperObject
RegDeleteKey HKCR\NaviHelper.NaviHelperObject.1
RegDeleteKey HKCR\NaviPromo.EGNaviScoring
RegDeleteKey HKCR\NaviPromo.EGNaviScoring.1
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
RegDeleteKey HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
avmpc
FolderDelete %WINDIR%\mslagent
FolderDelete %WINDIR%
avmpc
FolderDelete %WINDIR%\msskinner
FolderDelete %WINDIR%\wintrim
FolderDelete %WINDIR%\wincomp
FolderDelete %WINDIR%\winmgts
FolderDelete %WINDIR%\simcss
FolderDelete %WINDIR%\mc
FileDelete %SYSDIR%\msklive.dll

SystemEmptyTempFolder

OptionUseRecycleBin
FileDeleteIfContainsText %SYSDIR%\*.exe|qeu_ueAyqes_uew_te
FileDeleteIfContainsText %SYSDIR%\*.exe|WaXL5_jp0Ml
FileDeleteIfContainsText %SYSDIR%\*.exe|iedisco

FileDeleteIfMD5Match %SYSDIR%\*.exe|60000E6EBEFF360898E43A6E2685E1B0
FileDeleteIfContainsText %SYSDIR%\*.dat|42.sa
FileDeleteIfContainsText %SYSDIR%\*.dat|PNDOCDT@
FileDeleteIfMD5Match %SYSDIR%\*.dat|C87EE35149404EA3C7AC361130E121FA

FolderCreate %SYSDIR%\bfubackups
FileMoveIfContainsHex %SYSDIR%\*.exe|%SYSDIR%\bfubackups|50,45,00,00,4C,01,04,00,8A,04,3D,44

FileDelete %SYSDIR%\*_navps.dat
FileDelete %SYSDIR%\*_nav.dat

FileDelete C:\egd.txt
SystemRun regedit|/e C:\egd.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"|0

ide

^^Marie^^ · Answer

Une fois fait, reposte un rapport hijackthis et un nouveau rapport de blacklight

ermci

^^Marie^^ · Answer

Slt,

Fais ce qui suit

Télécharge ceci: (merci a S!RI pour ce programme). 
http://siri.urz.free.fr/Fix/SmitfraudFix.zip 
TUTO :: http://siri.urz.free.fr/Fix/SmitfraudFix.php

Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport 
Copie/colle le sur le poste stp. 
---------------------------------------------------------------------------- 
Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
---------------------------------------------------------------------------- 
Relance le programme Smitfraud, 
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

========================================
Refais un Hitjackthis

A++

Séb08 · Answer

Et remet un rapport Blacklight STP

a+

emw · Answer

bonjour je pense avoir resolu mon probleme  (enfin c ' est vous qui me le dirai)  j' ai installer spy sweper qui a fait pas mal de ménage supprimant au passage adware rotkit etc... puisque à la fin du rapport blackligt pas de probléme .
je vous reposte un rapport htjack this .
merci de votre aide.

Logfile of HijackThis v1.99.1
Scan saved at 15:00:59, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\FBM Software\ZeroSpyware\ZeroSpyware.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ScanPanel\ScnPanel.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\scan.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZSScheduler] "rundll32.exe" "C:\Program Files\FBM Software\ZeroSpyware\zsscheduler.dll", runScheduler C:\Program Files\FBM Software\ZeroSpyware\
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc.                          - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Séb08 · Answer

Ok tu peux renommmer Hijack comme il l'etait auparavant ....

Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) : 
http://www.bitdefender.fr/bd/site/search.php#
Clique sur « scan on line »  suis les instructions.
Et colle le rapport 

a+

emw · Answer

salut seb 08
scan . exé ( hitjacktis rennomé et trouve ci joint le rapport bitdefender
BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Sat, Oct 28, 2006 - 13:49:45
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;J:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 00:33:19
 
Fichiers
 217817
 
Directoires
 2804
 
Secteurs de boot
 3
 
Archives
 1142
 
Paquets programmes
 23489
 
  
  
 
Résultats
 
Virus identifiés
 0
 
Fichiers infectés
 0
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 0
 
  
  
 
Info sur les moteurs
 
Définition virus
 479292
 
Version des moteurs
 AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
 
Analyse des plugins
 13
 
Archive des plugins
 38
 
Unpack des plugins
 6
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 *;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
Aucun virus trouvé.

merci de ta patience et de ton aide
cordialement

Séb08 · Answer

ok !

Ou en sont tes soucis ?

a+

emw · Answer

salut seb 
depuis que spybot a liquider smitfraud + de pub intempestives qui s'affiche tout se passe bien 
encore merci de ton aide cela m' drolement aidé
je m' en serai jamais sorti sans ton aide
merci
au fait mon rapport hitjackthis est-il bon?
cordialement
emw

Spyware ou virus

2&version

11 réponses

2&version

2&version

2&version

Votre réponse

Discussions similaires

Newsletters