Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 11

Thema: SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal)

  1. #1
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal)


    The SpyAxe & the SpySheriff fit not only in color well to each other, nevertheless, they also invite both cordially unsuspecting users to the Free Scan and the Download. Now they also stand combined with each other on the Red List of all those programs which simulate that they want to help users to clean up their systems of putatively Spyware.

    They appear apparently from the Nothing. Suddenly they are there, on the desktop. Whether as a small Icone beside the clock, a quick linking or as a Wallpaper substitute, they become apparent and try to lure the user to their Websites to find there the suitable program for the cleaning of a system.

    Where do they come from?
    Spyaxe specifies it on her homepage:

    * Hidden additions to legitimate programs you install
    * False ActiveX certificates used by criminals
    * Server-side scripts and vulnerabilities in Operational Systems
    * Adult-related web sites
    * Freeware and Shareware products
    * Email attachments sent to your email address
    * Chat rooms where you can exchange files
    * File-sharing programs like KaZaa, eDonkey and other

    Behavioral research of modern market economy or earning money to loads of all those user who try credulous or desperately to clean up their systems, with products which do not hold what they promise.

    These Fake-Programs are installed with Zlob, a trojan downloader. Variants of Zlob silently download and install various third-party spyware and malware scanners to infected computers: Spy Trooper, SpyAxe, Security Toolbar and so on (f-secure.com).

    What do they cause?
    They hijack desktops, interfere with PopUps which do not disappear from the screen, slow down the speed of the computer, hijack the browser to faked Webpages ect.

    How do they get this?
    One takes them onto his own system, of as a Trojan no one knows nothing about, of as an additional Adware about which one knows nothing too.

    SpyAxe and SpySheriff belong to the big family Smitfraud.
    They and their relatives, PSGuard, WorldAntiSpy, RazeSpyware and more, like to change the user's desktop on a way that one becomes attent to them.

    Once concerned on a system, they begin to work.
    They install themselves with different processes, Dlls (Dynamic link Library) and Registry entries, grave themselves into the Windows System Directory, provide new folders, lead to Websites, allow to download code. For the fact they provide that the calculators are contaminated. They install themselves unknown to the knowledge of the user and, you are not able to uninstall these programs.

    Now the SpySheriff has got an unistaller, only what happens if one applies it? On the part of SpyAxe one gets the offer to download two uninstall-files whose names sound very strange. One is supposed to uninstall this new Fake AntiSpyware tool with illegal files. As these both files are brought to run, they work in the background of the machine.

    There should be user who could solve the visible problems in this manner, but which information do these uninstall-programs transmit to their manufacturers, running invisibly in the background of the calculaters? Take care, since this URL is handed from one famous forum to the other one. However, one searches them in vain on the homepage of SpyAxe.

    There is no visible, readable declaration of SpyAxe to these incidents, on their own homepage. She present as an enterprise in the fight against Spyware. A blue-white deception to the good devoutness.

    How to get rid of these Spyware Programs?
    This question holds user, assistants and experts some time in breath. Thorough observation of the systems, returning files on different calculators with similar symptoms and one will be able to recognize and to bring a jigsaw puzzle slowly back to a Spyware Program. One recognizes what belongs together, and with empiric experience, one can clean up the system. A protracted, laborious work which takes up many hours.

    Standard Cleansing Instructions for Spyware Infections on HijackThis.eu:

    (Solutions)

    If you need to get rid of one of these fake tools which compromise the safety of your system we advise you to clean up your machine with one of the three removers which are actually offered to users all over the world:

    S!Ri's
    SmitFraudFix
    ChangeLog

    Noahdfear's
    smitRem.exe
    Filelist

    Malwarebytes'
    RogueRemover
    Database


    We Thank You All in the Name of our Users.
    Geändert von Ruby (23.03.2007 um 17:40 Uhr) Grund: Update

  2. #2
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: SpyAxe|SpySheriff|SpywareStrike|Smitfraud....

    SmitFraudFix
    was brought to us
    by our french Team-Members
    BipBip and ipl_001

    SmitfraudFix

    for Desktop Hijack malware: AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, MalwareWiped, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareQuake, SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec, eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec, Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...

    It has been develloped by
    S!Ri, moe31 & balltrap34


    We nearly daily use the SmitfraudFix on our Board.

    Please follow these instructions (English Instructions):
    • Load down the SmitfraudFix of S!Ri, moe31 and balltrap34: SmitfraudFix

    Search:
    • Double-click SmitfraudFix.exe
    • Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Clean:
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infect files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

    Optional:
    • To restore Trusted and Restricted site zone, select 3 and hit Enter.
    • You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

    With many Thanks to
    S!Ri, moe31 & balltrap34

    Windows XP:
    Turn off System Restore. Right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Reboot. Turn System Restore Back On. Right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. Reboot. Create a new system Restore Point.
    Geändert von Ruby (23.03.2007 um 05:02 Uhr) Grund: Update

  3. #3
    Forenbenutzer Avatar von S!Ri
    Registriert seit
    26.11.2005
    Beiträge
    33

    Re: SpyAxe & SpySheriff (Removal)

    Hello !

    This is the Changelog of SmitfraudFix
    ( http://siri.urz.free.fr/Fix/SmitfraudFix.php )


    Version 2.39 (May 3, 2006)


    %userprofile%\Local Settings\Application Data\SpywareSheriff\*.*
    %ProgramFiles%\SpywareSheriff\*.*
    %Desktop%\SpywareSheriff.lnk
    %AllUsersProfile%\StartMenu\Programs\SpywareSheriff\*.*
    %userprofile%\StartMenu\Programs\Démarrage\spysheriff.lnk
    %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareSheriff.lnk

    [-HKEY_CURRENT_USER\Software\ADV]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareSheriff_is1]

    %SYSTEM%\dvdcap.dll

    [-HKEY_CLASSES_ROOT\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}]

    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}=-


    Version 2.38 (May 3, 2006)

    Fraud Notice added

    Corrections made for Japanese OS - Thanks Gunjyou !

    Corrections on Win2K message: "cannot import cleanup.reg: Error accessing the registry":

    [HKEY_CURRENT_USER\]
    "ColorTable19"=-
    "ColorTable20"=-


    C:\Documents and Settings\user\Menu Démarrer\Programmes\PestTrap\*.*
    C:\Documents and Settings\user\Bureau\PestTrap.lnk
    C:\Program Files\PestTrap\*.*

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\PestTrap]
    [-HKEY_CURRENT_USER\Software\PestTrap]
    [-HKEY_CURRENT_USER\Software\SNO2]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "PestTrap"=-


    %WINDIR%\pop06ap2.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "pop06ap"=-


    Version 2.37 (April 28, 2006)

    %SYSTEM%\atmclk.exe

    %DESKTOP%\MalwareWipe.lnk
    %STARTMENU%\MalwareWipe 4.1.lnk
    %STARTMENU%\Programs\MalwareWipe\*.*
    C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWipe 4.1.lnk
    %PROGRAMFILES%\MalwareWipe\*.*

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5C70510-5A01-B2A5-CF84-D6DC13859967}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B595E3D-27BE-4DA1-A278-CA4D904B5823}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D1E9B3D-5A4C-4C70-A9B4-5A19E0C625DC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A34546C-C437-460A-88AF-D4703A548EA9}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D9FD47C-E0B5-4005-9ADE-552980D3761F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E5B0894-FE91-4063-BB41-D885C7691581}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{479B1AEA-4414-4E43-8CBF-94BFC7C69B56}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A2ECC12-46BA-4C52-9749-C0FAF38D507B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D6079CB-FD9E-46AF-A896-6E8582E52827}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{511A9BB1-917A-414A-88FD-3128E37032A1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8CBED98F-8DDD-4AF0-A9EA-C75E10C937BC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A44CAB15-6B7E-406B-9D9B-B1C1C6BA8CDB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A99AC77F-4DE5-4AA2-810A-35FAB5FC114B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B74B2B6C-9B8D-47D9-872F-E83D475AAF34}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE5ECF63-6065-4B92-8B7E-72B5042C2F25}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4BFBB89-4BC5-4D13-8D3A-75EDCC0CF50C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E86D0281-FA5A-4E36-B993-84FD87DA9DF1}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{177E74D6-E1D1-4D15-9D36-85399BA00729}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\MalwareWipe.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\MalwareWipe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\MalwareWipe]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "MalwareWipe"=-


    Version 2.36 (April 27, 2006)

    Search SharedTaskScheduler v1.1.0.2
    - IE7 SharedTaskScheduler White Listed


    %SYSTEM%\dcomcfg.exe
    %SYSTEM%\simpole.tlb
    %SYSTEM%\stdole3.tlb

    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp****.tmp

    [-HKEY_CLASSES_ROOT\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{b0398eca-0bcd-4645-8261-5e9dc70248d0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{b0398eca-0bcd-4645-8261-5e9dc70248d0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \policies\explorer\run]
    "dcomcfg.exe"=-


    Version 2.35 (April 26, 2006)

    Search SharedTaskScheduler v1.1 (White List Trigger added)

    %SYSTEM%\dlh9jkdq?.exe

    %SYSTEM%\netfilt4.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "netfilt4"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "netfilt4"=-

    %system%\twain32.dll

    [-HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"=-

    O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp????.tmp
    [-HKEY_CLASSES_ROOT\CLSID\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18575620-E41D-4204-BF6F-964069D80F45}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyFalcon.PopupBlockerCo nnector]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyFalcon.PopupBlockerCo nnector.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon]


    Version 2.34 (April 23, 2006)


    %system%\sivudro.dll

    [-HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}"=-


    %userprofile%\Desktop\Spyware Soft Stop.lnk
    %alluserprofile%\Start Menu\Programs\Spyware Soft Stop\
    %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Soft Stop.lnk
    %Program Files%\Spyware Soft Stop\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Spyware Soft Stop_is1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "Software Soft Stop"=-

    %WINDIR%\xpupdate.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "Windows update loader"=-

    %userprofile%\Desktop\BraveSentry.lnk
    %userprofile%\Start Menu\Programs\BraveSentry\
    %Program Files%\BraveSentry\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\BraveSentry]
    [-HKEY_CURRENT_USER\Software\BraveSentry]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
    "BraveSentry"=-


    Version 2.33 (April 19, 2006)

    Short paths (8.3) for desktop, start menu, favorites are retrieved from registry keys.


    Version 2.32 (April 18, 2006)


    %system%\xenadot.dll

    [-HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"=-



    Version 2.31 (April 15, 2006)


    %system%\suprox.dll

    [-HKEY_CLASSES_ROOT\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}"=-


    %userprofile%\Bureau\SpywareQuake.com.lnk
    %userprofile%\Menu Démarrer\SpywareQuake.com 2.1.lnk
    %userprofile%\Menu Démarrer\Programmes\SpywareQuake.com\
    %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake.com 2.1.lnk
    %Program Files%\SpywareQuake.com\

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareQuake.com]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake.com]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    SpywareQuake.com=-


    Version 2.30 (April 15, 2006)

    Correction has been made on these 2 legitime files:
    %SYSTEM%\amcompat.tlb
    %SYSTEM%\interf.tlb


    O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp????.tmp
    [-HKEY_CLASSES_ROOT\CLSID\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]


    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}]



    %SYSTEM%\lich.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
    lich=-


    %userprofile%\Start Menu\Programmes\SpyGuard
    %userprofile%\desktop\SpyGuard.lnk
    %ProgramFiles%\SpyGuard

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\The Spy Guard]

    [-HKEY_CURRENT_USER\Software\TheSpyGuard]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "The Spy Guard"=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "The Spy Guard Monitor"=-


    Version 2.29 (April 9, 2006)

    %SYSTEM%\amcompat.tlb
    %SYSTEM%\interf.tlb
    %SYSTEM%\nscompat.tlb
    %SYSTEM%\__delete_on_reboot__stickrep.dll


    O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{7A932ED2-1737-4AB8-B84D-C71779958551}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A932ED2-1737-4AB8-B84D-C71779958551}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{7A932ED2-1737-4AB8-B84D-C71779958551}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7A932ED2-1737-4AB8-B84D-C71779958551}


    %SYSTEM%\taskdir.dll
    %SYSTEM%\taskdir.exe
    %SYSTEM%\taskdir~.exe

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "taskdir"=-

    [HKEY_CURRENT_USER]
    ColorTable20=-
    ColorTable19=-


    Version 2.28 (April 4, 2006)

    Restore Enhanced Security Configuration Zone map:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\EscDomains


    %HOMEDRIVE%\country.exe
    %HOMEDRIVE%\exit
    %HOMEDRIVE%\kl1.exe
    %HOMEDRIVE%\ms1.exe
    %HOMEDRIVE%\tool1.exe
    %HOMEDRIVE%\tool2.exe
    %HOMEDRIVE%\tool3.exe
    %HOMEDRIVE%\tool4.exe
    %HOMEDRIVE%\tool5.exe
    %HOMEDRIVE%\toolbar.exe
    %HOMEDRIVE%\uniq
    %SYSTEM%\parad.raw.exe
    %PROGRAMFILES%\secure32.html


    %PROGRAMFILES%\paytime.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
    SysTray=-


    %system32%\dcom_14.dll
    %system32%\dcom_15.dll

    [-HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    {2C1CD3D7-86AC-4068-93BC-A02304BB8C34}=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
    DCOM Server=-


    %SYSTEM%\tetriz3.exe
    %SYSTEM%\bin29a.log

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]
    ATI_VER=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    tetriz3=-

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \RunServices]
    tetriz3=-

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    tetriz3=-


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
    nvchost=-

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run
    Key=-


    Version 2.27 (01/04/2006)

    Francais/English Version

    %WINDIR%\keyboard.exe
    %WINDIR%\keyboard?.exe
    %WINDIR%\mousepad.exe
    %WINDIR%\mousepad?.exe
    %WINDIR%\newname.exe
    %WINDIR%\newname?.exe


    Version 2.26 (26/03/2006)

    %HOMEDRIVE%\newname?.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "newname"=-


    %userprofile%\Startmenü\Programme\Autostart

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]


    %system%\stickrep.dll

    [-HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"=-


    %userprofile%\Bureau\SpywareQuake.lnk
    %userprofile%\Menu Démarrer\SpywareQuake 2.0.lnk
    %userprofile%\Menu Démarrer\Programmes\SpywareQuake\*.*
    %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
    %Program Files%\SpywareQuake\*.*

    [-HKEY_CLASSES_ROOT\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}]
    [-HKEY_CLASSES_ROOT\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}]
    [-HKEY_CLASSES_ROOT\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}]
    [-HKEY_CLASSES_ROOT\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}]
    [-HKEY_CLASSES_ROOT\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}]
    [-HKEY_CLASSES_ROOT\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}]
    [-HKEY_CLASSES_ROOT\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}]
    [-HKEY_CLASSES_ROOT\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}]
    [-HKEY_CLASSES_ROOT\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}]
    [-HKEY_CLASSES_ROOT\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}]
    [-HKEY_CLASSES_ROOT\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}]
    [-HKEY_CLASSES_ROOT\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}]
    [-HKEY_CLASSES_ROOT\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}]
    [-HKEY_CLASSES_ROOT\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}]
    [-HKEY_CLASSES_ROOT\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}]
    [-HKEY_CLASSES_ROOT\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}]
    [-HKEY_CLASSES_ROOT\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}]
    [-HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\SpywareQuake.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareQuake]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "SpywareQuake"=-


    Version 2.25

    C:\Documents and Settings\user\Bureau\AdwareSheriff.lnk
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AdwareSheriff\*.*
    C:\Documents and Settings\user\Local Settings\Application Data\AdwareSheriff\*.*
    C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage\asheriff.lnk
    C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff.lnk
    C:\Program Files\AdwareSheriff\*.*

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\AdwareSheriff_is1
    HKEY_CURRENT_USER\Software\ADV

    HKEY_CURRENT_USER\Software\SNO2


    Version 2.24

    Ajout de restart.exe=SuperFast Shutdown (http://www.xp-smoker.com/freeware.html) pour forcer un redemarrage rapide.

    %WINDOWS%\adsldpbj.dll
    %WINDOWS%\gimmygames.dat
    %WINDOWS%\muwq\*.*
    %WINDOWS%\teller2.chk
    %WINDOWS%\winsysban8.exe
    %HOMEDRIVE%\mousepad1.exe
    %HOMEDRIVE%\mousepad.exe
    %HOMEDRIVE%\gimmysmileys1.exe
    %HOMEDRIVE%\keyboard.exe
    %HOMEDRIVE%\keyboard1.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "keyboard"=-
    "mousepad"=-

    O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll

    %Program Files%\Security Toolbar\Security Toolbar.dll
    %SYSTEM%\Security Toolbar.dll

    [-HKEY_CLASSES_ROOT\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    {736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}=-

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Security Toolbar]

    %WINDOWS%\sysvx_.exe
    %SYSTEM%\comdlg64.dll
    %SYSTEM%\sysvx.exe
    %SYSTEM%\whitevx.lst
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "sysvx"=-


    Version 2.23

    %WINDOWS%\azesearch.bmp
    %WINDOWS%\drsmartload95a.exe
    %WINDOWS%\kl1.exe
    %WINDOWS%\loadadv728.exe
    %SYSTEM%\dfrgsrv.exe
    %SYSTEM%\dxole32.exe
    %userprofile%\Favorites\Antivirus Test Online.url

    %WINDOWS%\osaupd.exe
    %WINDOWS%\wupdmgr.exe
    [-HKEY_CLASSES_ROOT\Balloon.Application]
    [-HKEY_CLASSES_ROOT\CLSID\{1CA7DBAF-B066-4554-977E-5CEBB7FA59C8}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Balloon.Application]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA7DBAF-B066-4554-977E-5CEBB7FA59C8}]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
    "mquu"=-
    "qofk"=-

    %HOMEDRIVE%\gimmysmileys.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
    "gimmysmileys"=-


    Version 2.22

    %system%\ginuerep.dll
    [-HKEY_CLASSES_ROOT\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"=-


    Version 2.21

    %WINDOWS%\adw.htm
    %WINDOWS%\back.gif
    %WINDOWS%\bg.gif
    %WINDOWS%\buy-btn.gif
    %WINDOWS%\download-btn.gif
    %WINDOWS%\temp.000.exe
    %SYSTEM%\bu.exe
    %SYSTEM%\intxt.exe
    %SYSTEM%\mswinb32.dll
    %SYSTEM%\mswinb32.exe
    %SYSTEM%\mswinf32.exe
    %SYSTEM%\mswinf32.dll
    %SYSTEM%\mswinup32.dll
    %SYSTEM%\mswinxml.dll
    %SYSTEM%\shell386.exe
    %SYSTEM%\winapi32.dll
    %SYSTEM%\winlfl32.dll

    %SYSTEM%\adsmart.exe
    O4 - HKLM\..\Run: [Win32.Virus.Smart32]

    %SYSTEM%\exa32.exe
    O4 - HKLM\..\Run: [Win32.Exploit.A]

    O2 - BHO: winapi32.MyBHO - {1CBC7F79-C21A-4468-8116-38E8AD875816} - C:\WINDOWS\System32\winapi32.dll
    HKEY_CLASSES_ROOT\CLSID\{1CBC7F79-C21A-4468-8116-38E8AD875816}
    HKEY_CLASSES_ROOT\Interface\{376C5E0D-E8DD-4161-B74B-37E6323E538E}
    HKEY_CLASSES_ROOT\winapi32.MyBHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CBC7F79-C21A-4468-8116-38E8AD875816}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{376C5E0D-E8DD-4161-B74B-37E6323E538E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winapi32.MyBHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{1CBC7F79-C21A-4468-8116-38E8AD875816}

    HKEY_CLASSES_ROOT\CLSID\{9F230924-E275-4FD2-BC99-5C30362332E3}
    HKEY_CLASSES_ROOT\Interface\{D4D2958F-EDBE-430B-AB15-793E921C3A09}
    HKEY_CLASSES_ROOT\winapi32.Intelinks
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F230924-E275-4FD2-BC99-5C30362332E3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4D2958F-EDBE-430B-AB15-793E921C3A09}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winapi32.Intelinks

    HKEY_CLASSES_ROOT\CLSID\{4823B0A6-EAB4-4577-9792-C59231379CEA}
    HKEY_CLASSES_ROOT\Interface\{50F91B80-0270-46CE-86B1-4C508F5CB280}
    HKEY_CLASSES_ROOT\winapi32.MyBaner
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4823B0A6-EAB4-4577-9792-C59231379CEA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50F91B80-0270-46CE-86B1-4C508F5CB280}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winapi32.MyBaner

    HKEY_CLASSES_ROOT\TypeLib\{7885264B-8B30-46EB-8361-ECA766800258}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7885264B-8B30-46EB-8361-ECA766800258}

    Version 2.20

    C:\Documents and Settings\user\Bureau\SpyFalcon.lnk
    C:\Documents and Settings\user\Menu Démarrer\SpyFalcon 2.0.lnk
    C:\Documents and Settings\user\Menu Démarrer\Programmes\SpyFalcon\
    C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyFalcon 2.0.lnk
    C:\Program Files\SpyFalcon\

    O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h

    HKEY_CLASSES_ROOT\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
    HKEY_CLASSES_ROOT\Interface\{001501E7-C970-4CB1-9740-E055BF3DDFD6}
    HKEY_CLASSES_ROOT\Interface\{0FBBBC44-296D-4A2F-AF45-BE1EE387F569}
    HKEY_CLASSES_ROOT\Interface\{163469FD-6009-48E2-AD8C-47BB2E0D88BE}
    HKEY_CLASSES_ROOT\Interface\{1694E5C6-9E1F-4C3B-B79A-828C2FC40003}
    HKEY_CLASSES_ROOT\Interface\{200BD3A6-A02B-4BAC-A364-A9D8017E3C4E}
    HKEY_CLASSES_ROOT\Interface\{20C59F9F-33CB-4B1B-AFB6-B710DB845709}
    HKEY_CLASSES_ROOT\Interface\{23D80835-4A3A-4572-9F5F-3F24A7A28AE5}
    HKEY_CLASSES_ROOT\Interface\{255CDDA3-576B-44C9-B944-46EAC18D5D6F}
    HKEY_CLASSES_ROOT\Interface\{3261F690-1CA4-4839-928B-F4F898B74EB7}
    HKEY_CLASSES_ROOT\Interface\{37B9988B-1997-41F4-A832-DAE42CC3F7C2}
    HKEY_CLASSES_ROOT\Interface\{5B861FB8-903C-4996-B1D3-E9A86ED4BBCF}
    HKEY_CLASSES_ROOT\Interface\{6876543E-DA55-4F90-9CD2-5ED380D9516C}
    HKEY_CLASSES_ROOT\Interface\{701E8C3A-7910-4CCD-A9F8-7B9A5F5B3947}
    HKEY_CLASSES_ROOT\Interface\{850300D6-D53B-4720-9372-6D31B85537E1}
    HKEY_CLASSES_ROOT\Interface\{8C803228-BD61-4744-8B79-949E3F512DDC}
    HKEY_CLASSES_ROOT\Interface\{B7C685F0-1804-4382-A8EF-17D33DF97069}
    HKEY_CLASSES_ROOT\TypeLib\{244B730E-D899-4E38-9428-03D1143242E0}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{001501E7-C970-4CB1-9740-E055BF3DDFD6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FBBBC44-296D-4A2F-AF45-BE1EE387F569}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{163469FD-6009-48E2-AD8C-47BB2E0D88BE}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1694E5C6-9E1F-4C3B-B79A-828C2FC40003}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{200BD3A6-A02B-4BAC-A364-A9D8017E3C4E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20C59F9F-33CB-4B1B-AFB6-B710DB845709}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D80835-4A3A-4572-9F5F-3F24A7A28AE5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{255CDDA3-576B-44C9-B944-46EAC18D5D6F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3261F690-1CA4-4839-928B-F4F898B74EB7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B9988B-1997-41F4-A832-DAE42CC3F7C2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B861FB8-903C-4996-B1D3-E9A86ED4BBCF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6876543E-DA55-4F90-9CD2-5ED380D9516C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{701E8C3A-7910-4CCD-A9F8-7B9A5F5B3947}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{850300D6-D53B-4720-9372-6D31B85537E1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C803228-BD61-4744-8B79-949E3F512DDC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7C685F0-1804-4382-A8EF-17D33DF97069}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{244B730E-D899-4E38-9428-03D1143242E0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\SpyFalcon.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpyFalcon
    HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon

    Version 2.19

    Ajout de l'utilitaire swsc.exe (SteelWerx) pour supprimer des services.

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Desktop Uninstall]

    %SYSTEM%\msnscps.dll
    [-HKEY_CLASSES_ROOT\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
    [-HKEY_CLASSES_ROOT\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{78364D99-A640-4ddf-B91A-67EFF8373045}]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplic ations\List]
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedAp plications\List]
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"=-

    O4 - HKLM\..\Run: [AlfaCleaner]
    %DESKTOP%\AlfaCleaner.lnk
    C:\Documents and Settings\LocalService\Application Data\AlfaCleaner\
    C:\Documents and Settings\user\Application Data\AlfaCleaner\
    C:\Documents and Settings\user\Application Data\Skinux\
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AlfaCleaner\
    C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AlfaCleaner.lnk
    C:\Program Files\AlfaCleaner\
    %SYSTEM%\drivers\hesvc.sys

    O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\AlfaCleaner.com_is1]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALF ACLEANER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALF ACLEANERSERVICE]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Sy stem\AlfaCleanerService]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\alfacleaner]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlfaCleaner Service]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ALF ACLEANERSERVICE]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\alfacleaner]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AlfaCleaner Service]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Sy stem\AlfaCleanerService]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _ALFACLEANER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _ALFACLEANERSERVICE]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\alfacle aner]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlfaCle anerService]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlo g\System\AlfaCleanerService]


    Version 2.18

    Utilisation de SrchSTS.exe pour la recherche des dll SharedTaskScheduler

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Spy Sheriff

    %SYSTEM%\intell321.exe
    O4 - HKLM\..\Run: [intell321.exe]

    %WINDOWS%\sachostx.exe
    O4 - HKLM\..\Run: [HostSrv]

    %SYSTEM%\sachostc.exe
    %SYSTEM%\sachostp.exe
    %SYSTEM%\sachosts.exe
    %SYSTEM%\maxd64.exe
    %SYSTEM%\paradise.raw.exe
    %SYSTEM%\vxgame?.exe????.exe.bak
    %SYSTEM%\vxgamet?.exe?????.exe

    %WINDOWS%\uninstDsk.exe

    %SYSTEM%\vxgame2.exe3584.exe
    O4 - HKCU\..\Run: [WinMedia]

    %WINDOWS%\inet20001\

    %SYSTEM%\IeHelperEx.dll
    HKEY_CLASSES_ROOT\CLSID\{673BA504-3DDA-4851-8B3C-37AE54E2D688}
    HKEY_CLASSES_ROOT\CLSID\{BA12780E-B91E-41A7-A51A-528CBD64284E}
    HKEY_CLASSES_ROOT\Interface\{57F88FBD-FFD2-4AF2-B138-CD644A8E62B5}
    HKEY_CLASSES_ROOT\Interface\{9EF3F6BA-1BF9-4B4E-9475-437A02DBFA8B}
    HKEY_CLASSES_ROOT\SpecSoft2.BrowserHook
    HKEY_CLASSES_ROOT\SpecSoft2.BrowserHook.1
    HKEY_CLASSES_ROOT\SpecSoft2.IExplorerHelper
    HKEY_CLASSES_ROOT\SpecSoft2.IExplorerHelper.1
    HKEY_CLASSES_ROOT\TypeLib\{B82C3D8C-F764-4B4E-8272-DC1185CE12FC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{673BA504-3DDA-4851-8B3C-37AE54E2D688}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA12780E-B91E-41A7-A51A-528CBD64284E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57F88FBD-FFD2-4AF2-B138-CD644A8E62B5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EF3F6BA-1BF9-4B4E-9475-437A02DBFA8B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.BrowserHook
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.BrowserHook.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.IExplorerHelpe r
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.IExplorerHelpe r.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B82C3D8C-F764-4B4E-8272-DC1185CE12FC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{BA12780E-B91E-41A7-A51A-528CBD64284E}


    Version 2.17

    %system%\dxmpp.dll
    [-HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"=-


    Version 2.16

    %WINDOWS%\inet20010\

    %WINDOWS%\winsysupd.exe
    O4 - HKLM\..\Run: [winsysupd]

    %WINDOWS%\winsysban.exe
    O4 - HKLM\..\Run: [winsysban]

    %SYSTEM%\symsvcsa.exe

    %system%\replmap.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
    [-HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}]
    [-HKEY_CURRENT_USER\Software\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}]

    O4 - HKLM\..\Run: [A.tmp] %TEMP%\A.tmp.exe
    O4 - HKLM\..\Run: [B.tmp] %TEMP%\B.tmp.exe
    O4 - HKLM\..\Run: [A.tmp.exe] %TEMP%\A.tmp.exe
    O4 - HKLM\..\Run: [B.tmp.exe] %TEMP%\B.tmp.exe

    O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp????.tmp
    [-HKEY_CLASSES_ROOT\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]


    Version 2.15

    %HOMEDRIVE%\ntnc.exe

    O4 - HKLM\..\Run: [C.tmp] %TEMP%\C.tmp.exe
    O4 - HKLM\..\Run: [D.tmp] %TEMP%\D.tmp.exe
    O4 - HKLM\..\Run: [C.tmp.exe] %TEMP%\C.tmp.exe
    O4 - HKLM\..\Run: [D.tmp.exe] %TEMP%\D.tmp.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{31EE3286-D785-4E3F-95FC-51D00FDABC01}"="Master Browseui"
    [HKEY_CLASSES_ROOT\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]
    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]

    Version 2.14

    Remplacement de l'utilitaire du registre reg.exe [Microsoft] par wsreg.exe [SteelWerx]
    Nettoyage %TEMP%

    %WINDOWS%\sdkqq.exe
    O4 - HKLM\..\Run: [sdkqq.exe]

    %WINDOWS%\d3dn32.exe
    O4 - HKLM\..\Run: [d3dn32.exe]

    %WINDOWS%\d3pb.exe
    O4 - HKLM\..\Run: [d3pb.exe]

    %SYSTEM%\sysjv32.exe
    O4 - HKLM\..\Run: [sysjv32.exe]

    O2 - BHO: Class - {FEFEC367-0557-50DA-92D8-EFF9A710070B}
    %WINDOWS%\d3??.dll
    HKEY_CLASSES_ROOT\CLSID\{FEFEC367-0557-50DA-92D8-EFF9A710070B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFEC367-0557-50DA-92D8-EFF9A710070B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
    {FEFEC367-0557-50DA-92D8-EFF9A710070B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{FEFEC367-0557-50DA-92D8-EFF9A710070B}

    %userprofile%\Menu Démarrer\Programmes\SpywareStrike\
    %userprofile%\Menu Démarrer\SpywareStrike 2.5.lnk
    %DESKTOP%\SpywareStrike.lnk
    %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareStrike 2.5.lnk

    %SYSTEM%\wiatwain.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
    {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}=WaitWain for Windows
    HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre

    HKEY_LOCAL_MACHINE\SOFTWARE\SpywareStrike

    HKEY_CLASSES_ROOT\AppID\SpywareStrike.EXE
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SpywareStrike.EXE

    HKEY_CLASSES_ROOT\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\SpywareStrike.exe

    HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
    InprocServer32=Fs99c'tvV9[6a*%9La^qToolbox>M5KDYSUnf(HA*L[xeX)y

    HKEY_CLASSES_ROOT\CLSID\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}

    HKEY_CLASSES_ROOT\Interface\{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}

    HKEY_CLASSES_ROOT\Interface\{3115A433-3FA0-483B-AB01-2A61C951FE58}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3115A433-3FA0-483B-AB01-2A61C951FE58}

    HKEY_CLASSES_ROOT\Interface\{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}

    HKEY_CLASSES_ROOT\Interface\{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}

    HKEY_CLASSES_ROOT\Interface\{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}

    HKEY_CLASSES_ROOT\Interface\{66F0AC1C-DED5-4965-9E31-39788DF1B264}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66F0AC1C-DED5-4965-9E31-39788DF1B264}

    HKEY_CLASSES_ROOT\Interface\{849E056A-D67A-431E-9370-2275F26D39B5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{849E056A-D67A-431E-9370-2275F26D39B5}

    HKEY_CLASSES_ROOT\Interface\{8B7AFBFD-631C-45BA-9145-F059EB58DD73}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7AFBFD-631C-45BA-9145-F059EB58DD73}

    HKEY_CLASSES_ROOT\Interface\{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}

    HKEY_CLASSES_ROOT\Interface\{BA9CC151-4581-438E-94AF-4C703201B7CA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA9CC151-4581-438E-94AF-4C703201B7CA}

    HKEY_CLASSES_ROOT\Interface\{BC74C336-FF2C-40C9-AD4E-3772C208406B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC74C336-FF2C-40C9-AD4E-3772C208406B}

    HKEY_CLASSES_ROOT\Interface\{BDF00F24-A571-4392-95EC-04FDFF82A82C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF00F24-A571-4392-95EC-04FDFF82A82C}

    HKEY_CLASSES_ROOT\Interface\{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}

    HKEY_CLASSES_ROOT\Interface\{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}

    HKEY_CLASSES_ROOT\Interface\{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}

    HKEY_CLASSES_ROOT\Interface\{F23AA637-31D5-4526-B5C6-9FF89E16202C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F23AA637-31D5-4526-B5C6-9FF89E16202C}

    HKEY_CLASSES_ROOT\TypeLib\{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}

    Version 2.13

    %HOMEDRIVE%\ntps.exe

    O4 - HKLM\..\Run: [links.exe]
    %SYSTEM%\links.exe

    O4 - HKLM\..\Run: [sysen.exe]
    %WINDOWS%\sysen.exe
    HKEY_CLASSES_ROOT\CLSID\{29D3E589-2DCC-699E-1A0F-61AF30BAA3A4}
    HKLM\SOFTWARE\Classes\CLSID\{29D3E589-2DCC-699E-1A0F-61AF30BAA3A4}

    O2 - BHO: Class - {9114249C-F5E5-36A3-4480-169B869E0556}
    %WINDOWS%\sdkcb.dll
    HKEY_CLASSES_ROOT\CLSID\{9114249C-F5E5-36A3-4480-169B869E0556}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9114249C-F5E5-36A3-4480-169B869E0556}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
    {9114249C-F5E5-36A3-4480-169B869E0556}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{9114249C-F5E5-36A3-4480-169B869E0556}

    O4 - HKLM\..\Run: [ieyi.exe]
    %WINDOWS%\ieyi.exe
    HKEY_CLASSES_ROOT\CLSID\{C1212066-16A4-F478-E898-BC64A80D4908}
    HKLM\SOFTWARE\Classes\CLSID\{C1212066-16A4-F478-E898-BC64A80D4908}

    O2 - BHO: Class - {66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
    %WINDOWS%\ieyi.dll
    HKEY_CLASSES_ROOT\CLSID\{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
    {66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}

    Version 2.12

    Clean Manager / Nettoyage de Disque

    %windows%\System\csrss.exe
    O4 - HKLM\..\Run: [CsRss] C:\WINDOWS\System\csrss.exe

    %windows%\country.exe
    %windows%\timessquare1.dat

    %windows%\drsmartload.dat
    %windows%\drsmartloadb1.dat
    %homedrive%\drsmartloadb.exe
    HKLM\SOFTWARE\Microsoft\drsmartload
    O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe

    HKEY_LOCAL_MACHINE\SOFTWARE\muwq

    %SYSTEM%\netwrap.dll
    %PROGRAMFILES\SpywareStrike\
    O4 - HKLM\..\Run: [SpywareStrike]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareStrike
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
    "{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}"="NetWrap for Windows"
    HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}
    O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{27150f81-0877-42e9-af13-55e5a3439a26}
    HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{27150f81-0877-42e9-af13-55e5a3439a26}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27150f81-0877-42e9-af13-55e5a3439a26}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{27150f81-0877-42e9-af13-55e5a3439a26}

    %system%\browsela.dll
    O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela

    Version 2.11

    %ProgramFiles%\Common Files\VCClient\*.*
    O4 - HKCU\..\Run: [CU2]
    O4 - HKCU\..\Run: [CU1]

    %windows%\adtech2006a.exe
    O4 - HKLM\..\Run: [adtech2006]

    %windows%\batserv2.exe
    O4 - HKLM\..\Run: [BatSrv]

    %windows%\sysldr32.exe
    O4 - HKLM\..\Run: [SystemLoader]

    %system%\msvcp.exe
    O4 - HKLM\..\Run: [Microsoft Office]

    %userprofile%\Menu Démarrer\Programmes\SpyAxe
    %userprofile%\Menu Démarrer\SpyAxe 3.0.lnk

    %windows%\adsldpbe.dll
    O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9}
    HKEY_CLASSES_ROOT\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7507739F-BC2E-4DC3-B233-816783C25DC9}

    %windows%\adsldpbf.dll
    O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
    HKEY_CLASSES_ROOT\CLSID\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}

    HKEY_CLASSES_ROOT\CLSID\{957bab51-81ff-8195-f273-d7e286ea702f}
    HKEY_CLASSES_ROOT\interface\{0f68a8aa-a9a8-4711-be36-ae363efa6443}
    HKEY_CLASSES_ROOT\interface\{28420952-c82b-47d9-a042-fa2217d8a082}
    HKEY_CLASSES_ROOT\interface\{3c099c83-8587-4b35-8af0-fc3a169ce14f}
    HKEY_CLASSES_ROOT\interface\{3fe13f31-e890-4c37-8213-4b5f9a511c26}
    HKEY_CLASSES_ROOT\interface\{4cad27dc-1b60-42f4-820e-316fe0a13512}
    HKEY_CLASSES_ROOT\interface\{54874d12-c0c6-44cc-83fb-2c35202f881b}
    HKEY_CLASSES_ROOT\interface\{54a3200b-d76e-48d1-b35c-d87eaf6d90bd}
    HKEY_CLASSES_ROOT\interface\{663dfe59-032c-46fb-a09a-ffc2dc074f54}
    HKEY_CLASSES_ROOT\interface\{69ce4fbc-4861-4206-8211-dd5a9ee79ad3}
    HKEY_CLASSES_ROOT\interface\{afa9056f-aa11-4771-ae01-04ecfde18206}
    HKEY_CLASSES_ROOT\interface\{b8f2487f-aa6a-4914-9a3f-db84e6868d66}
    HKEY_CLASSES_ROOT\interface\{e4645720-e02f-4bb2-8e6d-be7653dd1bf2}
    HKEY_CLASSES_ROOT\interface\{fa46b160-c9dd-4040-b9d9-ccf5d3db5438}
    HKEY_CLASSES_ROOT\interface\{fc1f0c2c-8117-427d-816c-215b68524f74}
    HKEY_CLASSES_ROOT\interface\{fd1eee96-8dc7-478d-be3b-7d06ac67fb66}
    HKEY_CLASSES_ROOT\interface\{fd8e5ed7-0091-416f-a55b-1d072d58a24f}


    Version 2.10

    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{e0103cd4-d1ce-411a-b75b-4fec072867f4}

    %system%\wbeconm.dll
    HKEY_CLASSES_ROOT\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"="Security Update"


    Version 2.09

    O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hp???.tmp
    HKEY_CLASSES_ROOT\CLSID\{7288C0BD-7F2F-4229-A0C4-3C90A6E2A881}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7288C0BD-7F2F-4229-A0C4-3C90A6E2A881}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{7288c0bd-7f2f-4229-a0c4-3c90a6e2a881}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7288c0bd-7f2f-4229-a0c4-3c90a6e2a881}

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP

    Version 2.08

    %system%\windesktop.dll
    %system%\windesktop.exe
    O4 - HKLM\..\Run: [windesktop]
    O4 - HKLM\..\RunServices: [windesktop]

    O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\System32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{1ca480cd-c0e5-4548-874e-b85b17905b3a}


    Version 2.07

    %windir%\System\svchost.dll
    %windir%\System\svwhost.exe
    %windir%\System\svwhost.dll
    %system%\mspostsp.exe
    %system%\kernels64.exe
    %windows%\inet20066\*.*

    %windows%\update13.js
    O4 - HKLM\..\RunOnce: [tlc]

    %system%\NTCommLib3.exe
    %system%\tcpservice2.exe
    %system%\wstart.dll
    O4 - HKLM\..\Run: [NTCommLib3]
    HKEY_CLASSES_ROOT\AppID\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21}
    HKEY_CLASSES_ROOT\AppID\WStart.DLL
    HKEY_CLASSES_ROOT\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
    HKEY_CLASSES_ROOT\WStart.WHttpHelper
    HKEY_CLASSES_ROOT\WStart.WHttpHelper.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WStart.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C5991634-0185-4B0D-B4F9-6C45597962B7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WStart.WHttpHelper
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WStart.WHttpHelper.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
    HKEY_LOCAL_MACHINE\SOFTWARE\WSoft

    %system%\child.dll
    HKEY_CLASSES_ROOT\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
    "{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"

    %system%\chp.dll
    HKEY_CLASSES_ROOT\CLSID\{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\CLSID\{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}"="Module"

    %system%\bre.dll
    %system%\bre32.dll
    HKEY_CLASSES_ROOT\CLSID\{203B1C4D9-BC71-8916-38AD-9DEA5D213614}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{203B1C4D9-BC71-8916-38AD-9DEA5D213614}
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{203B1C4D9-BC71-8916-38AD-9DEA5D213614}"="OLE Module"

    %system%\trf32.dll
    HKEY_CLASSES_ROOT\CLSID\{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}"="OLE Module"

    %system%ioctrl.dll
    HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update"


    Version 2.06

    O4 - HKLM\..\Run: [3.tmp]
    O4 - HKLM\..\Run: [4.tmp]
    O4 - HKLM\..\Run: [3.tmp.exe]
    O4 - HKLM\..\Run: [4.tmp.exe]


    Version 2.05

    O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\System32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{724510c3-f3c8-4fb7-879a-d99f29008a2f}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f}


    Version 2.04

    %HOMEDRIVE%\xxx.exe
    %userprofile%\desktop\asfds
    %userprofile%\desktop\cdegfr
    %userprofile%\desktop\fdsf
    %userprofile%\desktop\sdfdsf
    %userprofile%\desktop\sdfff
    %userprofile%\desktop\wdcevf
    %userprofile%\desktop\wdcsadsad
    %userprofile%\desktop\zxczxc
    %system%\cmd32.exe
    %system%\dial23.exe
    %system%\exeha2.exe
    %system%\exeha3.exe
    %system%\z11.exe
    %system%\z12.exe
    %system%\z13.exe
    %system%\z14.exe
    %system%\z15.exe
    %system%\z16.exe
    %windows%\icont.exe
    %windows%\inet20099\*.*

    F3 - REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
    HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    "run"="C:\WINDOWS\inet20099\winlogon.exe"

    O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20099\3.00.11.dll
    HKEY_CLASSES_ROOT\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
    HKEY_CLASSES_ROOT\Replace.HBO
    HKEY_CLASSES_ROOT\Replace.HBO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Replace.HBO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Replace.HBO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

    O4 - HKCU\..\Run: [pro]
    O4 - HKCU\..\Run: [xp_system]
    O4 - HKLM\..\Run: [xp_system]
    O4 - HKLM\..\Run: [Microsoft standard protector]


    Version 2.03

    O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}


    Version 2.02

    C:\WINDOWS\bxproxy.exe
    C:\WINDOWS\System32\bnmsrv.exe
    C:\WINDOWS\System32\RpcxSs.dll
    O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
    O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPC XSS
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcxSs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _RPCXSS
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcxSs


    Version 2.01

    %system%\~update.exe
    %system%\ll.exe
    %system%\bhoimpl.dll
    %system%\ztoolbar.bmp
    %system%\ztoolbar.xml

    O2 - BHO: MyBHO - {784aa380-13f2-422e-8540-f2280f1dd4f1} - C:\WINDOWS\System32\bhoimpl.dll
    HKEY_CLASSES_ROOT\AppID\{77a7d7ab-576a-4b90-b4ee-909093c3bc69}
    HKEY_CLASSES_ROOT\AppID\MyBHOImpl.DLL
    HKEY_CLASSES_ROOT\CLSID\{784aa380-13f2-422e-8540-f2280f1dd4f1}
    HKEY_CLASSES_ROOT\Interface\{71237FD0-9DF9-46B3-8F1C-6F2998543EA2}
    HKEY_CLASSES_ROOT\TDS.MyBHO
    HKEY_CLASSES_ROOT\TDS.MyBHO.1
    HKEY_CLASSES_ROOT\TypeLib\{77A7D7AB-576A-4B90-B4EE-909093C3BC69}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{77a7d7ab-576a-4b90-b4ee-909093c3bc69}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MyBHOImpl.DLL
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784aa380-13f2-422e-8540-f2280f1dd4f1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71237FD0-9DF9-46B3-8F1C-6F2998543EA2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TDS.MyBHO
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TDS.MyBHO.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{77A7D7AB-576A-4B90-B4EE-909093C3BC69}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{784aa380-13f2-422e-8540-f2280f1dd4f1}
    HKEY_LOCAL_MACHINE\SOFTWARE\TDS

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
    "{F33812FB-F35C-4674-90F6-FD757C419C51}"="DDE"


    Version 2.00

    %system%\ot.ico
    %system%\ts.ico
    %system%\migicons.exe
    %system%\1024\
    %ProgramFiles%\SpyAxe\

    O4 - HKLM\..\Run: [SpyAxe]

    HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
    HKEY_CLASSES_ROOT\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SpyAxe.EXE
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06506B3A-857D-431f-BE0B-038B1EC386B3}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BFF94F7-9748-43d1-BAC4-D963351B63E7}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C580891-CA9D-4619-BDC9-85378EB65931}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53525A6C-3774-4b47-B317-BC7DFE4FC7ED}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DEB9A24-19E0-49e6-A6B2-110BC3E1062A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E1ACE2A-8638-4775-8AA9-5C187AD40A82}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{629C4FE9-B627-4905-AF5B-AD652BB1B5C5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{659F78EA-6FF2-40f8-8EA3-06F7418A209E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7616A7F7-DF99-432f-870D-4AFEA0D079F4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB22F36-2CCD-4003-89EE-6CF40EBC4282}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0D06AA3-499B-4156-9FFD-0BE236F0D4E5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6610F1D-DA77-42c4-8300-721D9DA9D70B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Backup
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Backup.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.EngineListener
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.EngineListener.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Log
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Log.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.LogRecord
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.LogRecord.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Paths
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Paths.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Quarantine
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Quarantine.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.RunAs
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.RunAs.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Scanner
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Scanner.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.SearchItem
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.SearchItem.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.ThreatCollection
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.ThreatCollection. 1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BB3BCBF-411A-4C67-8E69-F4BB301DC333}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\spyaxe.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpyAxe
    HKEY_LOCAL_MACHINE\SOFTWARE\SpyAxe

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
    {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
    {E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}


    Version 1.99

    %HOMEDRIVE%\contextplus.exe
    %HOMEDRIVE%\drsmartload1.exe
    %windir%\notepad.com
    %windir%\psg.exe
    %windir%\rzs.exe
    %windir%\sec.exe
    %system%\msbe.dll
    %system%\notepad.com
    %system%\nvms.dll
    %system%\shdochp.dll
    %system%\shdochp.exe
    %system%\sh***l32.dll
    %system%\x.exe
    %ProgramFiles%\WinHound\
    C:\Documents and Settings\****\Desktop\access
    C:\Documents and Settings\****\Desktop\domains
    C:\Documents and Settings\****\Desktop\map.txt
    C:\Documents and Settings\All Users\Desktop\WinHound spyware remover.lnk
    %allusersprofile%\Menu Démarrer\Programmes\WinHound spyware remover
    O4 - HKLM\..\Run: [FHPage]
    O4 - HKLM\..\Run: [WinHound]
    HKEY_LOCAL_MACHINE\SOFTWARE\WinHound.com
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\WinHound spyware remover
    HKEY_CLASSES_ROOT\CLSID\{0878F045-B52E-46B3-9724-D3AE69D50067}
    HKEY_CLASSES_ROOT\CLSID\{0EA04667-E53B-4E81-8E7C-DE2CA114CBD6}
    HKEY_CLASSES_ROOT\CLSID\{265C2AF8-C94C-4AFF-B2B6-340D3982562C}
    HKEY_CLASSES_ROOT\CLSID\{3946A33D-BBC6-4792-A383-D855E0F76D91}
    HKEY_CLASSES_ROOT\CLSID\{41D7BB0A-64E0-4AB2-BD0B-69EA78E462E8}
    HKEY_CLASSES_ROOT\CLSID\{4AA55E8C-2C19-4F3A-91EC-43B6DF937C4F}
    HKEY_CLASSES_ROOT\CLSID\{4F93062D-7BDA-48BE-AEB6-88AF2B1FE2D4}
    HKEY_CLASSES_ROOT\CLSID\{5206DF89-97FC-41AD-BAE3-993E87053A99}
    HKEY_CLASSES_ROOT\CLSID\{58E68548-42E2-479D-A9E0-86D9F2EAF02E}
    HKEY_CLASSES_ROOT\CLSID\{5E5A79A6-C67B-444E-BE58-BD0ACEFCDA07}
    HKEY_CLASSES_ROOT\CLSID\{67196B3E-55A0-49DE-BA11-66F07DF804DB}
    HKEY_CLASSES_ROOT\CLSID\{7198F8DA-012C-4DB4-ABD8-923A54C87900}
    HKEY_CLASSES_ROOT\CLSID\{82847700-FE61-46A3-B3EE-761A1E312ACA}
    HKEY_CLASSES_ROOT\CLSID\{8C2A05C5-780F-4A2E-AE1C-FB8181F860E4}
    HKEY_CLASSES_ROOT\CLSID\{8DCA6B3D-1FCA-4500-B210-76119BB5C69E}
    HKEY_CLASSES_ROOT\CLSID\{ACC647EE-991A-4811-B420-F063F50CDDC1}
    HKEY_CLASSES_ROOT\CLSID\{C5B70256-5B08-4056-B84E-C6CE084967F5}
    HKEY_CLASSES_ROOT\CLSID\{CBE4B748-08F9-44DB-8FB1-9AD25979DA35}
    HKEY_CLASSES_ROOT\CLSID\{CDD964C2-FB78-4A74-BB1E-1CB1FCB72018}
    HKEY_CLASSES_ROOT\CLSID\{D25F7446-4D36-4203-9EA5-5422B26FA9D0}
    HKEY_CLASSES_ROOT\CLSID\{E12AAACF-8AF2-4C31-BA94-E3787B44F90E}
    HKEY_CLASSES_ROOT\CLSID\{E479197F-49E5-4E60-9FA2-A71D4C7C2BBC}
    HKEY_CLASSES_ROOT\CLSID\{F880B4F2-75BF-44EC-B7AA-45EC37448027}
    HKEY_CLASSES_ROOT\TypeLib\{31E956BF-8CA9-4D75-B534-7EBC79770002}
    HKEY_CLASSES_ROOT\TypeLib\{6E9E448E-B195-4627-953C-5377FA9BBA36}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0878F045-B52E-46B3-9724-D3AE69D50067}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA04667-E53B-4E81-8E7C-DE2CA114CBD6}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265C2AF8-C94C-4AFF-B2B6-340D3982562C}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3946A33D-BBC6-4792-A383-D855E0F76D91}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41D7BB0A-64E0-4AB2-BD0B-69EA78E462E8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AA55E8C-2C19-4F3A-91EC-43B6DF937C4F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F93062D-7BDA-48BE-AEB6-88AF2B1FE2D4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5206DF89-97FC-41AD-BAE3-993E87053A99}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58E68548-42E2-479D-A9E0-86D9F2EAF02E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5A79A6-C67B-444E-BE58-BD0ACEFCDA07}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67196B3E-55A0-49DE-BA11-66F07DF804DB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7198F8DA-012C-4DB4-ABD8-923A54C87900}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82847700-FE61-46A3-B3EE-761A1E312ACA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C2A05C5-780F-4A2E-AE1C-FB8181F860E4}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DCA6B3D-1FCA-4500-B210-76119BB5C69E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACC647EE-991A-4811-B420-F063F50CDDC1}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B70256-5B08-4056-B84E-C6CE084967F5}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE4B748-08F9-44DB-8FB1-9AD25979DA35}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD964C2-FB78-4A74-BB1E-1CB1FCB72018}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D25F7446-4D36-4203-9EA5-5422B26FA9D0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E12AAACF-8AF2-4C31-BA94-E3787B44F90E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E479197F-49E5-4E60-9FA2-A71D4C7C2BBC}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F880B4F2-75BF-44EC-B7AA-45EC37448027}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{31E956BF-8CA9-4D75-B534-7EBC79770002}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E9E448E-B195-4627-953C-5377FA9BBA36}

    O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
    HKEY_CLASSES_ROOT\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
    HKEY_CLASSES_ROOT\NLS.UrlCatcher
    HKEY_CLASSES_ROOT\NLS.UrlCatcher.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}

    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    HKEY_CLASSES_ROOT\ADP.UrlCatcher
    HKEY_CLASSES_ROOT\ADP.UrlCatcher.1
    HKEY_CLASSES_ROOT\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}

    O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp????.tmp
    HKEY_CLASSES_ROOT\CLSID\{7caf96a2-c556-460a-988e-76fc7895d284}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7caf96a2-c556-460a-988e-76fc7895d284}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{7caf96a2-c556-460a-988e-76fc7895d284}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7caf96a2-c556-460a-988e-76fc7895d284}


    Version 1.98

    %HOMEDRIVE%\ecsiin.stub.exe
    %HOMEDRIVE%\stub_113_4_0_4_0.exe
    %windir%\adtech2005.exe
    %windir%\secure32.html
    %windir%\timessquare.exe
    %windir%\toolbar.exe
    %system%\sywsvcs.exe
    %ProgramFiles%\Fichiers communs\muwq\
    %ProgramFiles%\SpyAxe\
    O4 - HKLM\..\Run: [ecsiin]
    O4 - HKLM\..\Run: [timessquare]
    O4 - HKLM\..\Run: [adtech2005]
    O4 - HKCU\..\Run: [muwq]
    O4 - HKCU\..\Run: [qwum]
    O16 - DPF: {10003000-1000-0000-1000-000000000000}


    Version 1.97

    %ProgramFiles%\Fichiers communs\Download\mc-58-12-0000113.exe
    %ProgramFiles%\Common Files\Download\mc-58-12-0000113.exe
    %ProgramFiles%\Fichiers communs\InetGet\mc-58-12-0000113.exe
    %ProgramFiles%\Common Files\InetGet\mc-58-12-0000113.exe
    %ProgramFiles%\Fichiers communs\Windows\mc-58-12-0000113.exe
    %ProgramFiles%\Common Files\Windows\mc-58-12-0000113.exe
    %ProgramFiles%\Fichiers communs\Windows\services32.exe
    %ProgramFiles%\Common Files\Windows\services32.exe
    %allusersprofile%\Menu Démarrer\Programmes\P.S.Guard spyware remover
    %system%\msupdate32.dll
    %system%\MTC.dll
    %system%\MTC.ini
    O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443}
    O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443}
    O4 - HKCU\..\Run: [services32]
    O20 - Winlogon Notify: msupdate


    Version 1.96

    %bureau%\m00.exe
    %windir%\adsldpbc.dll
    %windir%\q*_disk.dll
    %windir%\slassac.dll
    %windir%\svchost.exe
    %system%\cnymxw32.dll
    %system%\prflbmsgp32.dll
    %system%\sysbho.exe
    %system%\sysmain.dll
    %system%\winstyle2.dll
    %system%\winstyle3.dll
    %system%\winstyle32.dll
    O4 - HKLM\..\Run: [System Redirect]
    O4 - HKCU\..\Run: [System]
    HKEY_CLASSES_ROOT\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}
    HKEY_CLASSES_ROOT\CLSID\{16875E09-927B-4494-82BD-158A1CD46BA0}
    HKEY_CLASSES_ROOT\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}
    HKEY_CLASSES_ROOT\CLSID\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
    HKEY_CLASSES_ROOT\CLSID\{826B2228-BC09-49F2-B5F8-42CE26B1B712}
    HKEY_CLASSES_ROOT\CLSID\{8D82BB89-B58C-4F21-9C5D-377F65947806}
    HKEY_CLASSES_ROOT\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}
    HKEY_CLASSES_ROOT\CLSID\{C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}
    HKEY_CLASSES_ROOT\CLSID\{C7CF1142-0785-4B12-A280-B64681E4D45E}
    HKEY_CLASSES_ROOT\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
    HKEY_CURRENT_USER\Software\Microsoft\style2
    HKEY_CURRENT_USER\Software\Microsoft\style3
    HKEY_CURRENT_USER\Software\Microsoft\style32
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{16875E09-927B-4494-82BD-158A1CD46BA0}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{405132A4-5DD1-4BA8-A181-95C8D435093A}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{826B2228-BC09-49F2-B5F8-42CE26B1B712}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{8D82BB89-B58C-4F21-9C5D-377F65947806}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{B212D577-05B7-4963-911E-4A8588160DFA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{C7CF1142-0785-4B12-A280-B64681E4D45E}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{16875E09-927B-4494-82BD-158A1CD46BA0}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{6AC3806F-8B39-4746-9C38-6B01CB7331FF}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{B212D577-05B7-4963-911E-4A8588160DFA}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{C7CF1142-0785-4B12-A280-B64681E4D45E}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gggg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ggggg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3i



    Version 1.95

    %system%\priva.exe
    O4 - HKLM\..\Run: [ControlPanel]
    O4 - HKLM\..\RunServices: [Explorer64]


    Version 1.94

    %HOMEDRIVE%\secure32.html
    %system%\svchosts.exe
    %system%\shdocsvc.dll
    %system%\shdocsvc.exe
    %system%\ztoolb011.dll
    O4 - HKLM\..\Run: [FHStart]


    Version 1.93

    %windir%\adsldpbd.dll
    %system%\multitran.exe
    %system%\performent217.dll
    %system%\qvxgamet?.exe
    %system%\nuclabdll.dll
    %system%\st3.dll
    %system%\svwhost.exe
    %system%\zolker011.dll
    C:\Documents and Settings\All Users\Bureau\Blowjob.url
    C:\Documents and Settings\All Users\Bureau\Cigarettes Discount.url
    C:\Documents and Settings\All Users\Bureau\Forex Trading.url
    C:\Documents and Settings\All Users\Bureau\Free Ringtones.url
    C:\Documents and Settings\All Users\Bureau\Gift Ideas.url
    C:\Documents and Settings\All Users\Bureau\Group ***.url
    C:\Documents and Settings\All Users\Bureau\Home Loan.url
    C:\Documents and Settings\All Users\Bureau\Mp3 Download.url
    C:\Documents and Settings\All Users\Bureau\Online Casino.url
    C:\Documents and Settings\All Users\Bureau\Online Dating.url
    C:\Documents and Settings\All Users\Bureau\Play Poker.url
    C:\Documents and Settings\All Users\Bureau\PopUp Blocker.url
    C:\Documents and Settings\All Users\Bureau\Porn Dvd.url
    C:\Documents and Settings\All Users\Bureau\Real Estate.url
    C:\Documents and Settings\All Users\Bureau\Sport Betting.url
    C:\Documents and Settings\All Users\Bureau\Spyware Remover.url
    C:\Documents and Settings\All Users\Bureau\Texas Holdem.url
    F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\vxgame3.exe
    O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
    O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
    O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent217.dll
    O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll
    O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb011.dll
    O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll
    O4 - HKLM\..\Run: [multitran]
    O4 - HKLM\..\RunServices: [multitran]
    O4 - HKLM\..\Run: [WindowsUpdateNT]
    O4 - HKCU\..\Run: [multitran]
    O4 - HKCU\..\Run: [WindowsUpdateNT]
    O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll
    O20 - Winlogon Notify: nuclabdll - C:\WINDOWS\SYSTEM32\nuclabdll.dll
    O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll


    Version 1.92

    %system%\cvxh8jkdq?.exe
    %system%\sdfdil.exe
    %system%\winldra.exe
    %windows%\blank.mht
    O4 - HKLM\...\Run: [load32]


    Version 1.91

    %system%\split.exe
    %system%\split1.exe
    %system%\split2.exe
    %system%\maxd1.exe
    %system%\efsdfgxg.exe
    %system%\birdihuy.dll
    %system%\birdihuy32.dll
    %system%\web.exe
    %system%\yaemu.exe
    %system%\svchop.exe
    %system%\shdochop.dll
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main: [Start Page]
    O4 - HKLM\...\Run: [Explorer32]
    O4 - HKLM\...\Run: [yaemu.exe]
    O4 - HKLM\...\Run: [FH]
    HKEY_CLASSES_ROOT\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}
    HKEY_CURRENT_USER\Software\Classes\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}


    Version 1.89

    %system%\shdocnva.dll
    HKLM\SOFTWARE\PSGuard.com

    Version 1.88

    %windir%\warnhp.html


    Version 1.87

    O4 - HKLM\..\Run: [P.S.Guard]
    O4 - HKLM\..\Run: [AdService]
    O4 - HKLM\..\Run: [FSH]
    %ProgramFiles%\P.S.Guard\
    %system%\AdService.dll
    %system%\svcnva.exe


    Version 1.86

    %homedrive%\loader.exe
    %windir%\kl.exe
    %windir%\ms1.exe
    %system%\cmdtel.exe
    %system%\combo.exe
    %system%\doser.exe
    %system%\latest.exe
    %system%\paytime.exe
    %system%\sender.exe
    %system%\socks.exe
    %system%\sysvcs.exe
    %system%\zlbw.dll
    O4 - HKLM\..\Run: [combo.exe]
    O4 - HKLM\..\Run: [PayTime]
    O4 - HKCU\..\Run: [aupd]
    O4 - HKCU\..\Run: [PayTime]


    Version 1.85

    [HKey_Classes_Root\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}]
    [HKey_Classes_Root\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}]
    [HKey_Classes_Root\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}]
    [HKey_Classes_Root\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}]
    [HKey_Classes_Root\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}]
    [HKey_Classes_Root\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}]
    [HKey_Classes_Root\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}]
    [HKey_Classes_Root\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}]
    [HKey_Classes_Root\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}]
    [HKey_Classes_Root\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}]
    [HKey_Classes_Root\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}]
    [HKey_Classes_Root\CLSID\{52034AD2-914C-4634-B375-9299631E5525}]
    [HKey_Classes_Root\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}]
    [HKey_Classes_Root\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}]
    [HKey_Classes_Root\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}]
    [HKey_Classes_Root\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}]
    [HKey_Classes_Root\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}]
    [HKey_Classes_Root\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}]
    [HKey_Classes_Root\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}]
    [HKey_Classes_Root\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DC7116-E58E-4395-A45A-A1C99B17C030}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52034AD2-914C-4634-B375-9299631E5525}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0AA0493-C410-4CBD-B1DB-1723374FA8E0}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D78BD8-3874-4AA0-9D45-CFB79382C484}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \policies\explorer\run]
    "wininet.dll"="mscornet.exe"
    "kernel32.dll"="C:\WINDOWS\System32\mssearchnet.exe"
    "nvctrl.exe"="nvctrl.exe"
    SOFTWARE\Classes\CLSID\{893FAD3A-931E-4E53-B515-B1426D63799B}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion \Explorer\Browser Helper Objecta\{893fad3a-931e-4e53-b515-b1426d63799b}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion \Explorer\Browser Helper Objects\{893fad3a-931e-4e53-b515-b1426d63799b}]
    %system%\mscornet.exe
    %system%\mssearchnet.exe
    %system%\nvctrl.exe
    %system%\ncompat.tlb
    %system%\msvol.tlb
    %system%\ld????.tmp
    %appdata%\Shudder Global Limited\
    %appdata%\PSGuard.com\


    Version 1.84

    %system%\casino.ico
    %system%\date.ico
    %system%\games.ico
    %system%\mobile.ico
    %system%\network.ico
    %system%\pharm.ico
    %system%\pharm2.ico
    %system%\scanner.ico
    %system%\spam.ico
    %system%\spyware.ico


    Version 1.82

    C:\Windows\tool1.exe
    C:\Windows\tool3.exe
    C:\Windows\tool4.exe
    C:\Windows\tool5.exe
    C:\Windows\__delete_on_reboot__popuper.exe
    C:\WINDOWS\system32\svcnt32.exe
    C:\Windows\System32\__delete_on_reboot__intmon.exe
    C:\Windows\System32\__delete_on_reboot__intel32.exe
    C:\Windows\System32\__delete_on_reboot__intell32.exe
    C:\Windows\System32\__delete_on_reboot__OLEADM.dll
    C:\Windows\System32\Air Tickets.ico
    C:\Windows\System32\Big Tits.ico
    C:\Windows\System32\Blackjack.ico
    C:\Windows\System32\Britney Spears.ico
    C:\Windows\System32\Car Insurance.ico
    C:\Windows\System32\Cheap Cigarettes.ico
    C:\Windows\System32\Credit Card.ico
    C:\Windows\System32\Cruises.ico
    C:\Windows\System32\Currency Trading.ico
    C:\Windows\System32\Lesbian ***.ico
    C:\Windows\System32\MP3.ico
    C:\Windows\System32\Online Betting.ico
    C:\Windows\System32\Online Gambling.ico
    C:\Windows\System32\Oral ***.ico
    C:\Windows\System32\Party Poker.ico
    C:\Windows\System32\Pharmacy.ico
    C:\Windows\System32\Phentermine.ico
    C:\Windows\System32\Pornstars.ico
    C:\Windows\System32\Remove Spyware.ico
    C:\Windows\System32\viagra.ico
    C:\Documents and Settings\****\Desktop\Air Tickets.url
    C:\Documents and Settings\****\Desktop\AntivirusGold.lnk
    C:\Documents and Settings\****\Desktop\Big Tits.url
    C:\Documents and Settings\****\Desktop\Blackjack.url
    C:\Documents and Settings\****\Desktop\Britney Spears.url
    C:\Documents and Settings\****\Desktop\Car Insurance.url
    C:\Documents and Settings\****\Desktop\Cheap Cigarettes.url
    C:\Documents and Settings\****\Desktop\Credit Card.url
    C:\Documents and Settings\****\Desktop\Cruises.url
    C:\Documents and Settings\****\Desktop\Currency Trading.url
    C:\Documents and Settings\****\Desktop\Lesbian ***.url
    C:\Documents and Settings\****\Desktop\MP3.url
    C:\Documents and Settings\****\Desktop\Online Betting.url
    C:\Documents and Settings\****\Desktop\Online Gambling.url
    C:\Documents and Settings\****\Desktop\Oral ***.url
    C:\Documents and Settings\****\Desktop\Party Poker.url
    C:\Documents and Settings\****\Desktop\Pharmacy.url
    C:\Documents and Settings\****\Desktop\Phentermine.url
    C:\Documents and Settings\****\Desktop\Pornstars.url
    C:\Documents and Settings\****\Desktop\Remove Spyware.url
    C:\Documents and Settings\****\Desktop\SpySheriff.lnk
    C:\Documents and Settings\****\Desktop\viagra.url
    O4 - HKLM\..\Run: [Start Page]


    Version 1.8

    C:\Program Files\internet explorer\ieengine.exe
    O4 - HKCU\..\Run: [IEengine]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGuard]


    version 1.7

    F2 - REG:system.ini: Shell=Explorer.exe sysinit32z.exe
    C:\WINDOWS\system32\sysinit32z.exe
    C:\WINDOWS\system32\taras.exe


    version 1.6

    C:\Windows\tool2.exe


    Version 1.5

    C:\ntdetecd.exe
    C:\Windows\System32\vxh8jkdq?.exe


    Version 1.4

    C:\Program Files\Daily Weather Forecast\
    04 - HKLM\..\Run: [Daily Weather Forecast]


    Version 1.3

    C:\Windows\System32\oleext.dll
    C:\Windows\System32\oleext32.dll
    C:\Windows\System32\wppp.html
    O4 - HKCU\..\Run: [SNInstall]


    Version 1.1

    C:\Program Files\SpyKiller\
    C:\Windows\System\svchost.exe
    C:\Windows\System32\intell32.exe
    C:\Windows\System32\kernels32.exe
    C:\Windows\System32\vxgame?.exe
    C:\Windows\System32\vxgamet?.exe
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
    F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
    O4 - HKCU\..\Run: [SpyKiller]
    O4 - HKLM\..\Run: [intell32.exe]
    O4 - HKLM\..\Run: [System]
    O4 - HKLM\..\Run: [WindowsUpdate]
    O4 - HKLM\..\RunServices: [SystemTools]


    Version 1.0

    C:\Windows\System32\gunist.exe
    C:\Windows\System32\param32.dll
    C:\Windows\System32\pop_up.dll
    C:\Windows\System32\searchdll.dll
    C:\Windows\System32\svchosts.dll
    C:\Windows\System32\LogFiles\T54111925.so
    C:\Windows\System32\LogFiles\H53131712.so
    C:\Windows\System32\LogFiles\A54102200.so
    C:\Windows\System32\LogFiles\S53252000.so
    C:\Windows\System32\LogFiles\A04111925.so
    C:\Windows\System32\LogFiles\M54111925.so
    C:\Windows\System32\LogFiles\P54111925.so


    Version 0.x

    C:\bsw.exe
    C:\r.exe
    C:\winstall.exe
    C:\wp.bmp
    C:\wp.exe
    C:\Windows\desktop.html
    C:\Windows\popuper.exe
    C:\Windows\screen.html
    C:\Windows\sites.ini
    C:\Windows\uninstIU.exe
    C:\Windows\windows.html
    C:\Windows\zloader3.exe
    C:\Windows\System32\helper.exe
    C:\Windows\System32\hhk.dll
    C:\Windows\System32\hookdump.exe
    C:\Windows\System32\hp????.tmp
    C:\Windows\System32\intel32.exe
    C:\Windows\System32\intmon.exe
    C:\Windows\System32\intmonp.exe
    C:\Windows\System32\msmsgs.exe
    C:\Windows\System32\msole32.exe
    C:\Windows\System32\ole32vbs.exe
    C:\Windows\System32\oleadm.dll
    C:\Windows\System32\oleadm32.dll
    C:\Windows\System32\perfcii.ini
    C:\Windows\System32\runsrv32.dll
    C:\Windows\System32\runsrv32.exe
    C:\Windows\System32\shnlog.exe
    C:\Windows\System32\spoolsrv32.exe
    C:\Windows\System32\srpcsrv32.dll
    C:\Windows\System32\srpcsrv32.exe
    C:\Windows\System32\svcnt.exe
    C:\Windows\System32\txfdb32.dll
    C:\Windows\System32\w8673492.exe
    C:\Windows\System32\winnook.exe
    C:\Windows\System32\wldr.dll
    C:\Windows\System32\wp.bmp
    C:\Windows\System32\LogFiles\A5281300.so
    C:\Windows\web\desktop.html
    C:\Windows\web\wallpaper.html
    C:\Documents and Settings\****\Application Data\Install.dat
    C:\Program Files\AdwareDelete\
    C:\Program Files\AntivirusGold\
    C:\Program Files\PSGuard\
    C:\Program Files\Search Maid\
    C:\Program Files\Security IGuard\
    C:\Program Files\SpySheriff\
    C:\Program Files\Virtual Maid\
    C:\spywarevanisher-free\
    O4 - HKCU\..\Run: [Intel system tool]
    O4 - HKCU\..\Run: [SpySheriff]
    O4 - HKCU\..\Run: [Windows installer]
    O4 - HKCU\..\Run: [WindowsFY]
    O4 - HKCU\..\Run: [WindowsFZ]
    O4 - HKLM\..\Run: [Fast Start]
    O4 - HKLM\..\Run: [intel32.exe]
    O4 - HKLM\..\Run: [Intel system tool]
    O4 - HKLM\..\Run: [MSN Messenger]
    O4 - HKLM\..\Run: [PSGuard]
    O4 - HKLM\..\Run: [PSGuard spyware remover]
    O4 - HKLM\..\Run: [RegSvr32]
    O4 - HKLM\..\Run: [WindowsFZ]
    [-HKEY_CURRENT_USER\SOFTWARE\SpySheriff]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDelete]
    Geändert von Ruby (04.05.2006 um 00:37 Uhr) Grund: UPDATE/Ruby

  4. #4
    Forenbenutzer Avatar von ipl_001
    Registriert seit
    13.11.2005
    Ort
    Paris, Frankreich
    Beiträge
    80

    Re: SpyAxe & SpySheriff (Removal)

    Hi Ruby, S!Ri, hello everyone,

    Ruby, thanks to you kind words but I don't deserve them.
    ( SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal) )

    You wrote:
    Alternative to Marc's Remover
    our french Team-Members
    BipBip and ipl_001
    have
    brought to us
    the
    SmitfraudFix
    which has been develloped on
    Zebulon.fr
    by their members
    S!Ri, moe31 and balltrap34
    SmitfraudFix was developped on another French forum, the name of which is CCM - CommentCaMarche (HowItWorks) ( http://www.commentcamarche.net/forum/index.php3?cat=7 ).
    SmitfraudFix has well been created by S!Ri, a member of CCM, Zebulon and HJT.de, moe31, a member of CCM and balltrap34, a member of CCM and Zebulon.

    Thanks to S!Ri for his wonderful tool along with his kindness and knowledge and generosity!
    This tool belongs to them and S!Ri is very glad to help anyone on any forum in order to eradicate this damn malware!

    (I'm sorry to write this post but as a moderator, I cannot let think -unfortunately- SmitfraudFix has something to do with Zebulon).
    Gérard, aus Paris, Frankreich

  5. #5
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: SpyAxe & SpySheriff (Removal)

    Hi ipl_001

    Without BipBip and you I think that it would have lasted some time longer that we would have heard anything about the Smitfraudfix.

    Fine that you are here @ ipl_001 and that you have brought S!Ri to us

    Regards

  6. #6
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: SpyAxe & SpySheriff (Removal)

    You could think it would be bordering to use always the same methods, but the producers of Fake-Programs go on... Now we have SpywareStrike, a clone of SpyAxe. You can find it on the Red list of Spyware Warrior.

    For more information have a look to Suzi Turner - zdnet.com
    and to Mark's Sysinternals Blog The Antispyware Conspiracy.

    Take care, dear User. Don't use SpywareStrike, otherwise you will have to clean up your system. Don't worry, use:
    SmitfraudFix
    (WinXP, Win2K)

    Update 02/11/2006 - the show must go on:
    AlfaCleaner & SpyFalcon
    Geändert von Ruby (11.02.2006 um 07:25 Uhr) Grund: Update

  7. #7
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: SpyAxe|SpySheriff|SpywareStrike|Smitfraud (Removal)

    One more method to win the battle against Smitfraud on Windows 2000 and XP
    is Noadfear's SmitRem fix, which is used in a new program of Nick-YF19.

    It works against these variants of Smitfraud:

    * SpyAxe
    * Smitfraud
    * Security IGuard
    * Virtual Maid
    * Search Maid
    * AntiVirusGold or AV Gold
    * PSGuard
    * SpySheriff
    * Spy Trooper
    * SpywareStrike -->added 7-Jan-2006
    * Security Toolbar

    The new Malware Removal can be downloaded under this link: smitRem.exe.

    For more information, please have a look here: wiki.castlecops.com

    Many thanks to our Team-Candidate karl83 for this information.

  8. #8
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    Spyware Information

    -> Information (DE) -> Information (EN)

    Spyware Warrior

    If YOU
    need a program
    to get free from spyware


    *****

    Brauchst du ein Programm
    gegen Spyware
    Schau vorher nach, ob es auf der Roten Liste steht:


    Spyware Warrior
    R o t e L i s t e

  9. #9
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.038

    AW: SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal)

    Hello S!Ri, moe31 & balltrap34

    Thank you very much
    for going on adding your SmitfraudFix
    with all kinds of new variants.

    All the best

  10. #10
    Lupine
    Gast

    Lächeln Re: SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal)

    After 2 days of ripping my hair out and installing 20+ programs which did nothing i am finally free of the dreaded flashing box in the corner of my screen

    Thank you all so much for making my pc fun again! (Even if you were just linking someone elses work, you enabled me to get rid of the damn virus; especially big thanks to the peron(s) who wrote the fix)

Seite 1 von 2 12 LetzteLetzte

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. SpyFalcon & AlfaCleaner (Remover)
    Von Ruby im Forum Sicherheits-News
    Antworten: 3
    Letzter Beitrag: 13.02.2006, 18:54
  2. AlfaCleaner & SpyFalcon (Remover)
    Von Ruby im Forum Solutions
    Antworten: 1
    Letzter Beitrag: 13.02.2006, 00:26

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •