SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal)

[Ruby]

Rogue/Suspect Anti-Spyware Products & Web Sites

SpyAxe & SpySheriff, SpywareStrike (Remover)
- German Version -

The SpyAxe & the SpySheriff fit not only in color well to each other, nevertheless, they also invite both cordially unsuspecting users to the Free Scan and the Download. Now they also stand combined with each other on the Red List of all those programs which simulate that they want to help users to clean up their systems of putatively Spyware.

They appear apparently from the Nothing. Suddenly they are there, on the desktop. Whether as a small Icone beside the clock, a quick linking or as a Wallpaper substitute, they become apparent and try to lure the user to their Websites to find there the suitable program for the cleaning of a system.

Where do they come from?
Spyaxe specifies it on her homepage:

* Hidden additions to legitimate programs you install
* False ActiveX certificates used by criminals
* Server-side scripts and vulnerabilities in Operational Systems
* Adult-related web sites
* Freeware and Shareware products
* Email attachments sent to your email address
* Chat rooms where you can exchange files
* File-sharing programs like KaZaa, eDonkey and other

Behavioral research of modern market economy or earning money to loads of all those user who try credulous or desperately to clean up their systems, with products which do not hold what they promise.

These Fake-Programs are installed with Zlob, a trojan downloader. Variants of Zlob silently download and install various third-party spyware and malware scanners to infected computers: Spy Trooper, SpyAxe, Security Toolbar and so on (f-secure.com).

What do they cause?
They hijack desktops, interfere with PopUps which do not disappear from the screen, slow down the speed of the computer, hijack the browser to faked Webpages ect.

How do they get this?
One takes them onto his own system, of as a Trojan no one knows nothing about, of as an additional Adware about which one knows nothing too.

SpyAxe and SpySheriff belong to the big family Smitfraud.
They and their relatives, PSGuard, WorldAntiSpy, RazeSpyware and more, like to change the user's desktop on a way that one becomes attent to them.

Once concerned on a system, they begin to work.
They install themselves with different processes, Dlls (Dynamic link Library) and Registry entries, grave themselves into the Windows System Directory, provide new folders, lead to Websites, allow to download code. For the fact they provide that the calculators are contaminated. They install themselves unknown to the knowledge of the user and, you are not able to uninstall these programs.

Now the SpySheriff has got an unistaller, only what happens if one applies it? On the part of SpyAxe one gets the offer to download two uninstall-files whose names sound very strange. One is supposed to uninstall this new Fake AntiSpyware tool with illegal files. As these both files are brought to run, they work in the background of the machine.

There should be user who could solve the visible problems in this manner, but which information do these uninstall-programs transmit to their manufacturers, running invisibly in the background of the calculaters? Take care, since this URL is handed from one famous forum to the other one. However, one searches them in vain on the homepage of SpyAxe.

There is no visible, readable declaration of SpyAxe to these incidents, on their own homepage. She present as an enterprise in the fight against Spyware. A blue-white deception to the good devoutness.

How to get rid of these Spyware Programs?
This question holds user, assistants and experts some time in breath. Thorough observation of the systems, returning files on different calculators with similar symptoms and one will be able to recognize and to bring a jigsaw puzzle slowly back to a Spyware Program. One recognizes what belongs together, and with empiric experience, one can clean up the system. A protracted, laborious work which takes up many hours.

Standard Cleansing Instructions for Spyware Infections on HijackThis.eu:

• Spyware Infection -> Win XP
• Spyware Infection -> Win 2000
• Spyware Infection -> Win ME
• Spyware Infection -> Win 98SE

(Solutions)

If you need to get rid of one of these fake tools which compromise the safety of your system we advise you to clean up your machine with one of the three removers which are actually offered to users all over the world:

S!Ri's
SmitFraudFix
ChangeLog

Noahdfear's
smitRem.exe
Filelist

Malwarebytes'
RogueRemover
Database


We Thank You All in the Name of our Users.

[Ruby]

SmitFraudFix
was brought to us
by our french Team-Members
BipBip and ipl_001

SmitfraudFix

for Desktop Hijack malware: AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, MalwareWiped, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareQuake, SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec, eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec, Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...

It has been develloped by
S!Ri, moe31 & balltrap34

We nearly daily use the SmitfraudFix on our Board.

Please follow these instructions (English Instructions):

• Load down the SmitfraudFix of S!Ri, moe31 and balltrap34: SmitfraudFix

Search:

• Double-click SmitfraudFix.exe
• Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Clean:

• Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
• Double-click SmitfraudFix.exe
• Select 2 and hit Enter to delete infect files.
• You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
• The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
• A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:

• To restore Trusted and Restricted site zone, select 3 and hit Enter.
• You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.

With many Thanks to
S!Ri, moe31 & balltrap34

Windows XP:
Turn off System Restore. Right-click My Computer. Click Properties. Click the System Restore tab. Check Turn off System Restore. Click Apply, and then click OK. Reboot. Turn System Restore Back On. Right-click My Computer. Click Properties. Click the System Restore tab. UN-Check *Turn off System Restore*. Click Apply, and then click OK. Reboot. Create a new system Restore Point.

[S!Ri]

Hello !

This is the Changelog of SmitfraudFix
( http://siri.urz.free.fr/Fix/SmitfraudFix.php )


Version 2.39 (May 3, 2006)


%userprofile%\Local Settings\Application Data\SpywareSheriff\*.*
%ProgramFiles%\SpywareSheriff\*.*
%Desktop%\SpywareSheriff.lnk
%AllUsersProfile%\StartMenu\Programs\SpywareSheriff\*.*
%userprofile%\StartMenu\Programs\Démarrage\spysheriff.lnk
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareSheriff.lnk

[-HKEY_CURRENT_USER\Software\ADV]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareSheriff_is1]

%SYSTEM%\dvdcap.dll

[-HKEY_CLASSES_ROOT\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}=-


Version 2.38 (May 3, 2006)

Fraud Notice added

Corrections made for Japanese OS - Thanks Gunjyou !

Corrections on Win2K message: "cannot import cleanup.reg: Error accessing the registry":

[HKEY_CURRENT_USER\]
"ColorTable19"=-
"ColorTable20"=-


C:\Documents and Settings\user\Menu Démarrer\Programmes\PestTrap\*.*
C:\Documents and Settings\user\Bureau\PestTrap.lnk
C:\Program Files\PestTrap\*.*

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\PestTrap]
[-HKEY_CURRENT_USER\Software\PestTrap]
[-HKEY_CURRENT_USER\Software\SNO2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"PestTrap"=-


%WINDIR%\pop06ap2.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"pop06ap"=-


Version 2.37 (April 28, 2006)

%SYSTEM%\atmclk.exe

%DESKTOP%\MalwareWipe.lnk
%STARTMENU%\MalwareWipe 4.1.lnk
%STARTMENU%\Programs\MalwareWipe\*.*
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\MalwareWipe 4.1.lnk
%PROGRAMFILES%\MalwareWipe\*.*

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MalwareWipe.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A5C70510-5A01-B2A5-CF84-D6DC13859967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B595E3D-27BE-4DA1-A278-CA4D904B5823}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D1E9B3D-5A4C-4C70-A9B4-5A19E0C625DC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A34546C-C437-460A-88AF-D4703A548EA9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D9FD47C-E0B5-4005-9ADE-552980D3761F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E5B0894-FE91-4063-BB41-D885C7691581}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{479B1AEA-4414-4E43-8CBF-94BFC7C69B56}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A2ECC12-46BA-4C52-9749-C0FAF38D507B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4D6079CB-FD9E-46AF-A896-6E8582E52827}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{511A9BB1-917A-414A-88FD-3128E37032A1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8CBED98F-8DDD-4AF0-A9EA-C75E10C937BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A44CAB15-6B7E-406B-9D9B-B1C1C6BA8CDB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A99AC77F-4DE5-4AA2-810A-35FAB5FC114B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B74B2B6C-9B8D-47D9-872F-E83D475AAF34}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CE5ECF63-6065-4B92-8B7E-72B5042C2F25}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4BFBB89-4BC5-4D13-8D3A-75EDCC0CF50C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E86D0281-FA5A-4E36-B993-84FD87DA9DF1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{177E74D6-E1D1-4D15-9D36-85399BA00729}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\MalwareWipe.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\MalwareWipe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\MalwareWipe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"MalwareWipe"=-


Version 2.36 (April 27, 2006)

Search SharedTaskScheduler v1.1.0.2
- IE7 SharedTaskScheduler White Listed


%SYSTEM%\dcomcfg.exe
%SYSTEM%\simpole.tlb
%SYSTEM%\stdole3.tlb

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp****.tmp

[-HKEY_CLASSES_ROOT\CLSID\{b0398eca-0bcd-4645-8261-5e9dc70248d0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0398ECA-0BCD-4645-8261-5E9DC70248D0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{b0398eca-0bcd-4645-8261-5e9dc70248d0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{b0398eca-0bcd-4645-8261-5e9dc70248d0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \policies\explorer\run]
"dcomcfg.exe"=-


Version 2.35 (April 26, 2006)

Search SharedTaskScheduler v1.1 (White List Trigger added)

%SYSTEM%\dlh9jkdq?.exe

%SYSTEM%\netfilt4.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"netfilt4"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"netfilt4"=-

%system%\twain32.dll

[-HKEY_CLASSES_ROOT\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"=-

O2 - BHO: Nothing - {edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e} - C:\WINDOWS\system32\hp????.tmp
[-HKEY_CLASSES_ROOT\CLSID\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{edbf1bc8-39ab-48eb-a0a9-c75078eb7c8e}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{008E3200-28EB-463b-9B58-75C23D80911A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0CBD1CBA-E034-4287-9B49-5F2912E1D33B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18575620-E41D-4204-BF6F-964069D80F45}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4B860BE9-5B96-4443-9714-6ACD89989D1E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5796859D-53C4-46C1-AD6F-2A3C4D4306EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{597892CA-A878-4A04-978F-DBA8DC2BB2FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{673A88D4-C0E0-40D2-9B93-AE39D9A1675F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7CC220DA-D962-4935-AD3A-21F7CA4962E3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DD57F95-DA3A-4EDA-9475-27CCF366A4FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B4D9C59B-A091-4D79-90CC-DD92F3BACF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B8F90F00-CF78-4431-A13F-58B979F7EE20}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CDEB1FD8-0917-40A2-B915-8FB9D7FDD75C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF277F5A-347E-40C2-BAF0-4F09D0607041}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5DE421A-4AA5-4FE3-AA43-7D2A87D6267F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD2D402A-DE41-47A6-AAC9-0D756776203E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E2F430FD-3062-4808-B23F-4B322BFED93F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E9B91E0C-305A-4DD2-9987-B3B0C254C6DE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EFD28371-A165-4873-A158-421D208FFE5A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B4E17829-DACB-4320-9ABF-DCB382221FC2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyFalcon.PopupBlockerCo nnector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyFalcon.PopupBlockerCo nnector.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon]


Version 2.34 (April 23, 2006)


%system%\sivudro.dll

[-HKEY_CLASSES_ROOT\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E}"=-


%userprofile%\Desktop\Spyware Soft Stop.lnk
%alluserprofile%\Start Menu\Programs\Spyware Soft Stop\
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Soft Stop.lnk
%Program Files%\Spyware Soft Stop\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Spyware Soft Stop_is1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"Software Soft Stop"=-

%WINDIR%\xpupdate.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"Windows update loader"=-

%userprofile%\Desktop\BraveSentry.lnk
%userprofile%\Start Menu\Programs\BraveSentry\
%Program Files%\BraveSentry\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\BraveSentry]
[-HKEY_CURRENT_USER\Software\BraveSentry]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"BraveSentry"=-


Version 2.33 (April 19, 2006)

Short paths (8.3) for desktop, start menu, favorites are retrieved from registry keys.


Version 2.32 (April 18, 2006)


%system%\xenadot.dll

[-HKEY_CLASSES_ROOT\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"=-



Version 2.31 (April 15, 2006)


%system%\suprox.dll

[-HKEY_CLASSES_ROOT\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}"=-


%userprofile%\Bureau\SpywareQuake.com.lnk
%userprofile%\Menu Démarrer\SpywareQuake.com 2.1.lnk
%userprofile%\Menu Démarrer\Programmes\SpywareQuake.com\
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake.com 2.1.lnk
%Program Files%\SpywareQuake.com\

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareQuake.com]

[-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
SpywareQuake.com=-


Version 2.30 (April 15, 2006)

Correction has been made on these 2 legitime files:
%SYSTEM%\amcompat.tlb
%SYSTEM%\interf.tlb


O2 - BHO: Nothing - {8d83b16e-0de1-452b-ac52-96ec0b34aa4b} - C:\WINDOWS\system32\hp????.tmp
[-HKEY_CLASSES_ROOT\CLSID\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{8d83b16e-0de1-452b-ac52-96ec0b34aa4b}]


[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}]



%SYSTEM%\lich.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
lich=-


%userprofile%\Start Menu\Programmes\SpyGuard
%userprofile%\desktop\SpyGuard.lnk
%ProgramFiles%\SpyGuard

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.key]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\The Spy Guard]

[-HKEY_CURRENT_USER\Software\TheSpyGuard]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"The Spy Guard"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"The Spy Guard Monitor"=-


Version 2.29 (April 9, 2006)

%SYSTEM%\amcompat.tlb
%SYSTEM%\interf.tlb
%SYSTEM%\nscompat.tlb
%SYSTEM%\__delete_on_reboot__stickrep.dll


O2 - BHO: Nothing - {7a932ed2-1737-4ab8-b84d-c71779958551} - C:\WINDOWS\system32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{7A932ED2-1737-4AB8-B84D-C71779958551}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A932ED2-1737-4AB8-B84D-C71779958551}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{7A932ED2-1737-4AB8-B84D-C71779958551}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7A932ED2-1737-4AB8-B84D-C71779958551}


%SYSTEM%\taskdir.dll
%SYSTEM%\taskdir.exe
%SYSTEM%\taskdir~.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"taskdir"=-

[HKEY_CURRENT_USER]
ColorTable20=-
ColorTable19=-


Version 2.28 (April 4, 2006)

Restore Enhanced Security Configuration Zone map:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Internet Settings\ZoneMap\EscDomains


%HOMEDRIVE%\country.exe
%HOMEDRIVE%\exit
%HOMEDRIVE%\kl1.exe
%HOMEDRIVE%\ms1.exe
%HOMEDRIVE%\tool1.exe
%HOMEDRIVE%\tool2.exe
%HOMEDRIVE%\tool3.exe
%HOMEDRIVE%\tool4.exe
%HOMEDRIVE%\tool5.exe
%HOMEDRIVE%\toolbar.exe
%HOMEDRIVE%\uniq
%SYSTEM%\parad.raw.exe
%PROGRAMFILES%\secure32.html


%PROGRAMFILES%\paytime.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
SysTray=-


%system32%\dcom_14.dll
%system32%\dcom_15.dll

[-HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
DCOM Server=-


%SYSTEM%\tetriz3.exe
%SYSTEM%\bin29a.log

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft]
ATI_VER=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
tetriz3=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \RunServices]
tetriz3=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
tetriz3=-


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run
nvchost=-

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run
Key=-


Version 2.27 (01/04/2006)

Francais/English Version

%WINDIR%\keyboard.exe
%WINDIR%\keyboard?.exe
%WINDIR%\mousepad.exe
%WINDIR%\mousepad?.exe
%WINDIR%\newname.exe
%WINDIR%\newname?.exe


Version 2.26 (26/03/2006)

%HOMEDRIVE%\newname?.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"newname"=-


%userprofile%\Startmenü\Programme\Autostart

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]


%system%\stickrep.dll

[-HKEY_CLASSES_ROOT\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"=-


%userprofile%\Bureau\SpywareQuake.lnk
%userprofile%\Menu Démarrer\SpywareQuake 2.0.lnk
%userprofile%\Menu Démarrer\Programmes\SpywareQuake\*.*
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareQuake 2.0.lnk
%Program Files%\SpywareQuake\*.*

[-HKEY_CLASSES_ROOT\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B55C4E3-C179-BA0B-B4FD-F2DB862D6202}]
[-HKEY_CLASSES_ROOT\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{189518DF-7EBA-4D31-A7E1-73B5BB60E8D5}]
[-HKEY_CLASSES_ROOT\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D627FE-3F02-44CF-9EE1-7B9E44BD9E13}]
[-HKEY_CLASSES_ROOT\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{43CFEFBE-8AE4-400E-BBE4-A2B61BB140FB}]
[-HKEY_CLASSES_ROOT\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5790B963-23C5-43C1-BCF5-01C9B5A3E44E}]
[-HKEY_CLASSES_ROOT\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D42DDF4-81EB-4668-9951-819A1D5BEFC8}]
[-HKEY_CLASSES_ROOT\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76D06077-D5D3-40CA-B32D-6A67A7FF3F06}]
[-HKEY_CLASSES_ROOT\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{86C7E6C3-EC47-44E5-AA08-EE0D0A25895F}]
[-HKEY_CLASSES_ROOT\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9283DAC1-43F5-4580-BF86-841F22AF2335}]
[-HKEY_CLASSES_ROOT\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AE90CAFC-09D4-47F0-9E11-CE621C424F08}]
[-HKEY_CLASSES_ROOT\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA397E39-F67F-423F-BC6E-65939450093A}]
[-HKEY_CLASSES_ROOT\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BEC8A83D-01D4-4F15-B8A9-4B4AB24253A7}]
[-HKEY_CLASSES_ROOT\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4EEDC19-992D-409A-B323-ED57D511AFA5}]
[-HKEY_CLASSES_ROOT\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD90F677-D205-4F70-9014-659614AABCB2}]
[-HKEY_CLASSES_ROOT\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3DF91F3-F24F-441E-9001-D61F36024322}]
[-HKEY_CLASSES_ROOT\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F459EADB-5903-48D5-864C-2B7B46AB1424}]
[-HKEY_CLASSES_ROOT\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4EDF66-0547-4F1A-AE96-7CFCAD711C90}]
[-HKEY_CLASSES_ROOT\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{661173EE-FA31-4769-97D4-B556B5D09BDA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\SpywareQuake.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareQuake]
[-HKEY_LOCAL_MACHINE\SOFTWARE\SpywareQuake]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"SpywareQuake"=-


Version 2.25

C:\Documents and Settings\user\Bureau\AdwareSheriff.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AdwareSheriff\*.*
C:\Documents and Settings\user\Local Settings\Application Data\AdwareSheriff\*.*
C:\Documents and Settings\user\Menu Démarrer\Programmes\Démarrage\asheriff.lnk
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AdwareSheriff.lnk
C:\Program Files\AdwareSheriff\*.*

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\AdwareSheriff_is1
HKEY_CURRENT_USER\Software\ADV

HKEY_CURRENT_USER\Software\SNO2


Version 2.24

Ajout de restart.exe=SuperFast Shutdown (http://www.xp-smoker.com/freeware.html) pour forcer un redemarrage rapide.

%WINDOWS%\adsldpbj.dll
%WINDOWS%\gimmygames.dat
%WINDOWS%\muwq\*.*
%WINDOWS%\teller2.chk
%WINDOWS%\winsysban8.exe
%HOMEDRIVE%\mousepad1.exe
%HOMEDRIVE%\mousepad.exe
%HOMEDRIVE%\gimmysmileys1.exe
%HOMEDRIVE%\keyboard.exe
%HOMEDRIVE%\keyboard1.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"keyboard"=-
"mousepad"=-

O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll

%Program Files%\Security Toolbar\Security Toolbar.dll
%SYSTEM%\Security Toolbar.dll

[-HKEY_CLASSES_ROOT\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB}=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Security Toolbar]

%WINDOWS%\sysvx_.exe
%SYSTEM%\comdlg64.dll
%SYSTEM%\sysvx.exe
%SYSTEM%\whitevx.lst
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"sysvx"=-


Version 2.23

%WINDOWS%\azesearch.bmp
%WINDOWS%\drsmartload95a.exe
%WINDOWS%\kl1.exe
%WINDOWS%\loadadv728.exe
%SYSTEM%\dfrgsrv.exe
%SYSTEM%\dxole32.exe
%userprofile%\Favorites\Antivirus Test Online.url

%WINDOWS%\osaupd.exe
%WINDOWS%\wupdmgr.exe
[-HKEY_CLASSES_ROOT\Balloon.Application]
[-HKEY_CLASSES_ROOT\CLSID\{1CA7DBAF-B066-4554-977E-5CEBB7FA59C8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Balloon.Application]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CA7DBAF-B066-4554-977E-5CEBB7FA59C8}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"mquu"=-
"qofk"=-

%HOMEDRIVE%\gimmysmileys.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"gimmysmileys"=-


Version 2.22

%system%\ginuerep.dll
[-HKEY_CLASSES_ROOT\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"=-


Version 2.21

%WINDOWS%\adw.htm
%WINDOWS%\back.gif
%WINDOWS%\bg.gif
%WINDOWS%\buy-btn.gif
%WINDOWS%\download-btn.gif
%WINDOWS%\temp.000.exe
%SYSTEM%\bu.exe
%SYSTEM%\intxt.exe
%SYSTEM%\mswinb32.dll
%SYSTEM%\mswinb32.exe
%SYSTEM%\mswinf32.exe
%SYSTEM%\mswinf32.dll
%SYSTEM%\mswinup32.dll
%SYSTEM%\mswinxml.dll
%SYSTEM%\shell386.exe
%SYSTEM%\winapi32.dll
%SYSTEM%\winlfl32.dll

%SYSTEM%\adsmart.exe
O4 - HKLM\..\Run: [Win32.Virus.Smart32]

%SYSTEM%\exa32.exe
O4 - HKLM\..\Run: [Win32.Exploit.A]

O2 - BHO: winapi32.MyBHO - {1CBC7F79-C21A-4468-8116-38E8AD875816} - C:\WINDOWS\System32\winapi32.dll
HKEY_CLASSES_ROOT\CLSID\{1CBC7F79-C21A-4468-8116-38E8AD875816}
HKEY_CLASSES_ROOT\Interface\{376C5E0D-E8DD-4161-B74B-37E6323E538E}
HKEY_CLASSES_ROOT\winapi32.MyBHO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CBC7F79-C21A-4468-8116-38E8AD875816}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{376C5E0D-E8DD-4161-B74B-37E6323E538E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winapi32.MyBHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{1CBC7F79-C21A-4468-8116-38E8AD875816}

HKEY_CLASSES_ROOT\CLSID\{9F230924-E275-4FD2-BC99-5C30362332E3}
HKEY_CLASSES_ROOT\Interface\{D4D2958F-EDBE-430B-AB15-793E921C3A09}
HKEY_CLASSES_ROOT\winapi32.Intelinks
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F230924-E275-4FD2-BC99-5C30362332E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4D2958F-EDBE-430B-AB15-793E921C3A09}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winapi32.Intelinks

HKEY_CLASSES_ROOT\CLSID\{4823B0A6-EAB4-4577-9792-C59231379CEA}
HKEY_CLASSES_ROOT\Interface\{50F91B80-0270-46CE-86B1-4C508F5CB280}
HKEY_CLASSES_ROOT\winapi32.MyBaner
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4823B0A6-EAB4-4577-9792-C59231379CEA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50F91B80-0270-46CE-86B1-4C508F5CB280}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\winapi32.MyBaner

HKEY_CLASSES_ROOT\TypeLib\{7885264B-8B30-46EB-8361-ECA766800258}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7885264B-8B30-46EB-8361-ECA766800258}

Version 2.20

C:\Documents and Settings\user\Bureau\SpyFalcon.lnk
C:\Documents and Settings\user\Menu Démarrer\SpyFalcon 2.0.lnk
C:\Documents and Settings\user\Menu Démarrer\Programmes\SpyFalcon\
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\SpyFalcon 2.0.lnk
C:\Program Files\SpyFalcon\

O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h

HKEY_CLASSES_ROOT\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
HKEY_CLASSES_ROOT\Interface\{001501E7-C970-4CB1-9740-E055BF3DDFD6}
HKEY_CLASSES_ROOT\Interface\{0FBBBC44-296D-4A2F-AF45-BE1EE387F569}
HKEY_CLASSES_ROOT\Interface\{163469FD-6009-48E2-AD8C-47BB2E0D88BE}
HKEY_CLASSES_ROOT\Interface\{1694E5C6-9E1F-4C3B-B79A-828C2FC40003}
HKEY_CLASSES_ROOT\Interface\{200BD3A6-A02B-4BAC-A364-A9D8017E3C4E}
HKEY_CLASSES_ROOT\Interface\{20C59F9F-33CB-4B1B-AFB6-B710DB845709}
HKEY_CLASSES_ROOT\Interface\{23D80835-4A3A-4572-9F5F-3F24A7A28AE5}
HKEY_CLASSES_ROOT\Interface\{255CDDA3-576B-44C9-B944-46EAC18D5D6F}
HKEY_CLASSES_ROOT\Interface\{3261F690-1CA4-4839-928B-F4F898B74EB7}
HKEY_CLASSES_ROOT\Interface\{37B9988B-1997-41F4-A832-DAE42CC3F7C2}
HKEY_CLASSES_ROOT\Interface\{5B861FB8-903C-4996-B1D3-E9A86ED4BBCF}
HKEY_CLASSES_ROOT\Interface\{6876543E-DA55-4F90-9CD2-5ED380D9516C}
HKEY_CLASSES_ROOT\Interface\{701E8C3A-7910-4CCD-A9F8-7B9A5F5B3947}
HKEY_CLASSES_ROOT\Interface\{850300D6-D53B-4720-9372-6D31B85537E1}
HKEY_CLASSES_ROOT\Interface\{8C803228-BD61-4744-8B79-949E3F512DDC}
HKEY_CLASSES_ROOT\Interface\{B7C685F0-1804-4382-A8EF-17D33DF97069}
HKEY_CLASSES_ROOT\TypeLib\{244B730E-D899-4E38-9428-03D1143242E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{330A77C2-C15A-43B5-055C-B4E35EAED279}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{001501E7-C970-4CB1-9740-E055BF3DDFD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FBBBC44-296D-4A2F-AF45-BE1EE387F569}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{163469FD-6009-48E2-AD8C-47BB2E0D88BE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1694E5C6-9E1F-4C3B-B79A-828C2FC40003}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{200BD3A6-A02B-4BAC-A364-A9D8017E3C4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20C59F9F-33CB-4B1B-AFB6-B710DB845709}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D80835-4A3A-4572-9F5F-3F24A7A28AE5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{255CDDA3-576B-44C9-B944-46EAC18D5D6F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3261F690-1CA4-4839-928B-F4F898B74EB7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{37B9988B-1997-41F4-A832-DAE42CC3F7C2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B861FB8-903C-4996-B1D3-E9A86ED4BBCF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6876543E-DA55-4F90-9CD2-5ED380D9516C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{701E8C3A-7910-4CCD-A9F8-7B9A5F5B3947}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{850300D6-D53B-4720-9372-6D31B85537E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C803228-BD61-4744-8B79-949E3F512DDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7C685F0-1804-4382-A8EF-17D33DF97069}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{244B730E-D899-4E38-9428-03D1143242E0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\SpyFalcon.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpyFalcon
HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
HKEY_LOCAL_MACHINE\SOFTWARE\SpyFalcon

Version 2.19

Ajout de l'utilitaire swsc.exe (SteelWerx) pour supprimer des services.

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Desktop Uninstall]

%SYSTEM%\msnscps.dll
[-HKEY_CLASSES_ROOT\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
[-HKEY_CLASSES_ROOT\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78364D99-A640-4ddf-B91A-67EFF8373045}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{78364D99-A640-4ddf-B91A-67EFF8373045}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplic ations\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedA ccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedAp plications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"=-

O4 - HKLM\..\Run: [AlfaCleaner]
%DESKTOP%\AlfaCleaner.lnk
C:\Documents and Settings\LocalService\Application Data\AlfaCleaner\
C:\Documents and Settings\user\Application Data\AlfaCleaner\
C:\Documents and Settings\user\Application Data\Skinux\
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AlfaCleaner\
C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\AlfaCleaner.lnk
C:\Program Files\AlfaCleaner\
%SYSTEM%\drivers\hesvc.sys

O23 - Service: AlfaCleanerService - AlfaCleaner.com - C:\Program Files\AlfaCleaner\ACServer.exe
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\AlfaCleaner.com_is1]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALF ACLEANER]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ALF ACLEANERSERVICE]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Sy stem\AlfaCleanerService]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\alfacleaner]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AlfaCleaner Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ALF ACLEANERSERVICE]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\alfacleaner]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AlfaCleaner Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Sy stem\AlfaCleanerService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _ALFACLEANER]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _ALFACLEANERSERVICE]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\alfacle aner]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AlfaCle anerService]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlo g\System\AlfaCleanerService]


Version 2.18

Utilisation de SrchSTS.exe pour la recherche des dll SharedTaskScheduler

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\Spy Sheriff

%SYSTEM%\intell321.exe
O4 - HKLM\..\Run: [intell321.exe]

%WINDOWS%\sachostx.exe
O4 - HKLM\..\Run: [HostSrv]

%SYSTEM%\sachostc.exe
%SYSTEM%\sachostp.exe
%SYSTEM%\sachosts.exe
%SYSTEM%\maxd64.exe
%SYSTEM%\paradise.raw.exe
%SYSTEM%\vxgame?.exe????.exe.bak
%SYSTEM%\vxgamet?.exe?????.exe

%WINDOWS%\uninstDsk.exe

%SYSTEM%\vxgame2.exe3584.exe
O4 - HKCU\..\Run: [WinMedia]

%WINDOWS%\inet20001\

%SYSTEM%\IeHelperEx.dll
HKEY_CLASSES_ROOT\CLSID\{673BA504-3DDA-4851-8B3C-37AE54E2D688}
HKEY_CLASSES_ROOT\CLSID\{BA12780E-B91E-41A7-A51A-528CBD64284E}
HKEY_CLASSES_ROOT\Interface\{57F88FBD-FFD2-4AF2-B138-CD644A8E62B5}
HKEY_CLASSES_ROOT\Interface\{9EF3F6BA-1BF9-4B4E-9475-437A02DBFA8B}
HKEY_CLASSES_ROOT\SpecSoft2.BrowserHook
HKEY_CLASSES_ROOT\SpecSoft2.BrowserHook.1
HKEY_CLASSES_ROOT\SpecSoft2.IExplorerHelper
HKEY_CLASSES_ROOT\SpecSoft2.IExplorerHelper.1
HKEY_CLASSES_ROOT\TypeLib\{B82C3D8C-F764-4B4E-8272-DC1185CE12FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{673BA504-3DDA-4851-8B3C-37AE54E2D688}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA12780E-B91E-41A7-A51A-528CBD64284E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{57F88FBD-FFD2-4AF2-B138-CD644A8E62B5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9EF3F6BA-1BF9-4B4E-9475-437A02DBFA8B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.BrowserHook
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.BrowserHook.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.IExplorerHelpe r
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpecSoft2.IExplorerHelpe r.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B82C3D8C-F764-4B4E-8272-DC1185CE12FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{BA12780E-B91E-41A7-A51A-528CBD64284E}


Version 2.17

%system%\dxmpp.dll
[-HKEY_CLASSES_ROOT\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"=-


Version 2.16

%WINDOWS%\inet20010\

%WINDOWS%\winsysupd.exe
O4 - HKLM\..\Run: [winsysupd]

%WINDOWS%\winsysban.exe
O4 - HKLM\..\Run: [winsysban]

%SYSTEM%\symsvcsa.exe

%system%\replmap.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}"="Replay for WindowsXP"
[-HKEY_CLASSES_ROOT\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{D81E2FC4-B0A2-11D3-21AC-07C04C21A18A}]

O4 - HKLM\..\Run: [A.tmp] %TEMP%\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp] %TEMP%\B.tmp.exe
O4 - HKLM\..\Run: [A.tmp.exe] %TEMP%\A.tmp.exe
O4 - HKLM\..\Run: [B.tmp.exe] %TEMP%\B.tmp.exe

O2 - BHO: HomepageBHO - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hp????.tmp
[-HKEY_CLASSES_ROOT\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{4da4616d-7e6e-4fd9-a2d5-b6c535733e22}]


Version 2.15

%HOMEDRIVE%\ntnc.exe

O4 - HKLM\..\Run: [C.tmp] %TEMP%\C.tmp.exe
O4 - HKLM\..\Run: [D.tmp] %TEMP%\D.tmp.exe
O4 - HKLM\..\Run: [C.tmp.exe] %TEMP%\C.tmp.exe
O4 - HKLM\..\Run: [D.tmp.exe] %TEMP%\D.tmp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{31EE3286-D785-4E3F-95FC-51D00FDABC01}"="Master Browseui"
[HKEY_CLASSES_ROOT\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]

Version 2.14

Remplacement de l'utilitaire du registre reg.exe [Microsoft] par wsreg.exe [SteelWerx]
Nettoyage %TEMP%

%WINDOWS%\sdkqq.exe
O4 - HKLM\..\Run: [sdkqq.exe]

%WINDOWS%\d3dn32.exe
O4 - HKLM\..\Run: [d3dn32.exe]

%WINDOWS%\d3pb.exe
O4 - HKLM\..\Run: [d3pb.exe]

%SYSTEM%\sysjv32.exe
O4 - HKLM\..\Run: [sysjv32.exe]

O2 - BHO: Class - {FEFEC367-0557-50DA-92D8-EFF9A710070B}
%WINDOWS%\d3??.dll
HKEY_CLASSES_ROOT\CLSID\{FEFEC367-0557-50DA-92D8-EFF9A710070B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEFEC367-0557-50DA-92D8-EFF9A710070B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{FEFEC367-0557-50DA-92D8-EFF9A710070B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{FEFEC367-0557-50DA-92D8-EFF9A710070B}

%userprofile%\Menu Démarrer\Programmes\SpywareStrike\
%userprofile%\Menu Démarrer\SpywareStrike 2.5.lnk
%DESKTOP%\SpywareStrike.lnk
%userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch\SpywareStrike 2.5.lnk

%SYSTEM%\wiatwain.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}=WaitWain for Windows
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curre

HKEY_LOCAL_MACHINE\SOFTWARE\SpywareStrike

HKEY_CLASSES_ROOT\AppID\SpywareStrike.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SpywareStrike.EXE

HKEY_CLASSES_ROOT\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\SpywareStrike.exe

HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
InprocServer32=Fs99c'tvV9[6a*%9La^qToolbox>M5KDYSUnf(HA*L[xeX)y

HKEY_CLASSES_ROOT\CLSID\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F25878F-F8AE-5D5D-2BB7-31B5F803290D}

HKEY_CLASSES_ROOT\Interface\{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C15CDEA-3EF4-4405-90B0-19A1389B36ED}

HKEY_CLASSES_ROOT\Interface\{3115A433-3FA0-483B-AB01-2A61C951FE58}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3115A433-3FA0-483B-AB01-2A61C951FE58}

HKEY_CLASSES_ROOT\Interface\{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51FEFA9C-1D5A-41C4-81FE-8C0FBE9254F0}

HKEY_CLASSES_ROOT\Interface\{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CCC8D01-9F75-4F07-9ACF-DEB314176C79}

HKEY_CLASSES_ROOT\Interface\{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5E7BF614-960B-4A1F-9236-9EC01AC4C5E2}

HKEY_CLASSES_ROOT\Interface\{66F0AC1C-DED5-4965-9E31-39788DF1B264}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66F0AC1C-DED5-4965-9E31-39788DF1B264}

HKEY_CLASSES_ROOT\Interface\{849E056A-D67A-431E-9370-2275F26D39B5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{849E056A-D67A-431E-9370-2275F26D39B5}

HKEY_CLASSES_ROOT\Interface\{8B7AFBFD-631C-45BA-9145-F059EB58DD73}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8B7AFBFD-631C-45BA-9145-F059EB58DD73}

HKEY_CLASSES_ROOT\Interface\{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AFEB8519-0B8B-4023-8C15-FFB17D5225F9}

HKEY_CLASSES_ROOT\Interface\{BA9CC151-4581-438E-94AF-4C703201B7CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BA9CC151-4581-438E-94AF-4C703201B7CA}

HKEY_CLASSES_ROOT\Interface\{BC74C336-FF2C-40C9-AD4E-3772C208406B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC74C336-FF2C-40C9-AD4E-3772C208406B}

HKEY_CLASSES_ROOT\Interface\{BDF00F24-A571-4392-95EC-04FDFF82A82C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BDF00F24-A571-4392-95EC-04FDFF82A82C}

HKEY_CLASSES_ROOT\Interface\{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C4E953E6-770E-4F59-A5E3-43E9F0D682E2}

HKEY_CLASSES_ROOT\Interface\{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E0105E7C-D0C4-4DEA-AA21-B02F2960ECAF}

HKEY_CLASSES_ROOT\Interface\{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ED39CB7C-1BF6-429B-A275-F183B4A3EFCB}

HKEY_CLASSES_ROOT\Interface\{F23AA637-31D5-4526-B5C6-9FF89E16202C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F23AA637-31D5-4526-B5C6-9FF89E16202C}

HKEY_CLASSES_ROOT\TypeLib\{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C1A4C0C9-DBD0-493A-93F8-0B05EDC96224}

Version 2.13

%HOMEDRIVE%\ntps.exe

O4 - HKLM\..\Run: [links.exe]
%SYSTEM%\links.exe

O4 - HKLM\..\Run: [sysen.exe]
%WINDOWS%\sysen.exe
HKEY_CLASSES_ROOT\CLSID\{29D3E589-2DCC-699E-1A0F-61AF30BAA3A4}
HKLM\SOFTWARE\Classes\CLSID\{29D3E589-2DCC-699E-1A0F-61AF30BAA3A4}

O2 - BHO: Class - {9114249C-F5E5-36A3-4480-169B869E0556}
%WINDOWS%\sdkcb.dll
HKEY_CLASSES_ROOT\CLSID\{9114249C-F5E5-36A3-4480-169B869E0556}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9114249C-F5E5-36A3-4480-169B869E0556}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{9114249C-F5E5-36A3-4480-169B869E0556}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{9114249C-F5E5-36A3-4480-169B869E0556}

O4 - HKLM\..\Run: [ieyi.exe]
%WINDOWS%\ieyi.exe
HKEY_CLASSES_ROOT\CLSID\{C1212066-16A4-F478-E898-BC64A80D4908}
HKLM\SOFTWARE\Classes\CLSID\{C1212066-16A4-F478-E898-BC64A80D4908}

O2 - BHO: Class - {66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
%WINDOWS%\ieyi.dll
HKEY_CLASSES_ROOT\CLSID\{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{66BD9D4C-FAF3-38B9-F43F-169E15DB1A3C}

Version 2.12

Clean Manager / Nettoyage de Disque

%windows%\System\csrss.exe
O4 - HKLM\..\Run: [CsRss] C:\WINDOWS\System\csrss.exe

%windows%\country.exe
%windows%\timessquare1.dat

%windows%\drsmartload.dat
%windows%\drsmartloadb1.dat
%homedrive%\drsmartloadb.exe
HKLM\SOFTWARE\Microsoft\drsmartload
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe

HKEY_LOCAL_MACHINE\SOFTWARE\muwq

%SYSTEM%\netwrap.dll
%PROGRAMFILES\SpywareStrike\
O4 - HKLM\..\Run: [SpywareStrike]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpywareStrike
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
"{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}"="NetWrap for Windows"
HKEY_CLASSES_ROOT\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}
HKEY_CURRENT_USER\Software\Classes\CLSID\{C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D}
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{27150f81-0877-42e9-af13-55e5a3439a26}
HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{27150f81-0877-42e9-af13-55e5a3439a26}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27150f81-0877-42e9-af13-55e5a3439a26}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{27150f81-0877-42e9-af13-55e5a3439a26}

%system%\browsela.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela

Version 2.11

%ProgramFiles%\Common Files\VCClient\*.*
O4 - HKCU\..\Run: [CU2]
O4 - HKCU\..\Run: [CU1]

%windows%\adtech2006a.exe
O4 - HKLM\..\Run: [adtech2006]

%windows%\batserv2.exe
O4 - HKLM\..\Run: [BatSrv]

%windows%\sysldr32.exe
O4 - HKLM\..\Run: [SystemLoader]

%system%\msvcp.exe
O4 - HKLM\..\Run: [Microsoft Office]

%userprofile%\Menu Démarrer\Programmes\SpyAxe
%userprofile%\Menu Démarrer\SpyAxe 3.0.lnk

%windows%\adsldpbe.dll
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9}
HKEY_CLASSES_ROOT\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7507739F-BC2E-4DC3-B233-816783C25DC9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7507739F-BC2E-4DC3-B233-816783C25DC9}

%windows%\adsldpbf.dll
O2 - BHO: C:\WINDOWS\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
HKEY_CLASSES_ROOT\CLSID\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6}

HKEY_CLASSES_ROOT\CLSID\{957bab51-81ff-8195-f273-d7e286ea702f}
HKEY_CLASSES_ROOT\interface\{0f68a8aa-a9a8-4711-be36-ae363efa6443}
HKEY_CLASSES_ROOT\interface\{28420952-c82b-47d9-a042-fa2217d8a082}
HKEY_CLASSES_ROOT\interface\{3c099c83-8587-4b35-8af0-fc3a169ce14f}
HKEY_CLASSES_ROOT\interface\{3fe13f31-e890-4c37-8213-4b5f9a511c26}
HKEY_CLASSES_ROOT\interface\{4cad27dc-1b60-42f4-820e-316fe0a13512}
HKEY_CLASSES_ROOT\interface\{54874d12-c0c6-44cc-83fb-2c35202f881b}
HKEY_CLASSES_ROOT\interface\{54a3200b-d76e-48d1-b35c-d87eaf6d90bd}
HKEY_CLASSES_ROOT\interface\{663dfe59-032c-46fb-a09a-ffc2dc074f54}
HKEY_CLASSES_ROOT\interface\{69ce4fbc-4861-4206-8211-dd5a9ee79ad3}
HKEY_CLASSES_ROOT\interface\{afa9056f-aa11-4771-ae01-04ecfde18206}
HKEY_CLASSES_ROOT\interface\{b8f2487f-aa6a-4914-9a3f-db84e6868d66}
HKEY_CLASSES_ROOT\interface\{e4645720-e02f-4bb2-8e6d-be7653dd1bf2}
HKEY_CLASSES_ROOT\interface\{fa46b160-c9dd-4040-b9d9-ccf5d3db5438}
HKEY_CLASSES_ROOT\interface\{fc1f0c2c-8117-427d-816c-215b68524f74}
HKEY_CLASSES_ROOT\interface\{fd1eee96-8dc7-478d-be3b-7d06ac67fb66}
HKEY_CLASSES_ROOT\interface\{fd8e5ed7-0091-416f-a55b-1d072d58a24f}


Version 2.10

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{e0103cd4-d1ce-411a-b75b-4fec072867f4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{e0103cd4-d1ce-411a-b75b-4fec072867f4}

%system%\wbeconm.dll
HKEY_CLASSES_ROOT\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
HKEY_CURRENT_USER\Software\Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F}"="Security Update"


Version 2.09

O2 - BHO: HomepageBHO - {7288c0bd-7f2f-4229-a0c4-3c90a6e2a881} - C:\WINDOWS\system32\hp???.tmp
HKEY_CLASSES_ROOT\CLSID\{7288C0BD-7F2F-4229-A0C4-3C90A6E2A881}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7288C0BD-7F2F-4229-A0C4-3C90A6E2A881}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{7288c0bd-7f2f-4229-a0c4-3c90a6e2a881}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7288c0bd-7f2f-4229-a0c4-3c90a6e2a881}

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP

Version 2.08

%system%\windesktop.dll
%system%\windesktop.exe
O4 - HKLM\..\Run: [windesktop]
O4 - HKLM\..\RunServices: [windesktop]

O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\System32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{1ca480cd-c0e5-4548-874e-b85b17905b3a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{1ca480cd-c0e5-4548-874e-b85b17905b3a}


Version 2.07

%windir%\System\svchost.dll
%windir%\System\svwhost.exe
%windir%\System\svwhost.dll
%system%\mspostsp.exe
%system%\kernels64.exe
%windows%\inet20066\*.*

%windows%\update13.js
O4 - HKLM\..\RunOnce: [tlc]

%system%\NTCommLib3.exe
%system%\tcpservice2.exe
%system%\wstart.dll
O4 - HKLM\..\Run: [NTCommLib3]
HKEY_CLASSES_ROOT\AppID\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21}
HKEY_CLASSES_ROOT\AppID\WStart.DLL
HKEY_CLASSES_ROOT\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
HKEY_CLASSES_ROOT\WStart.WHttpHelper
HKEY_CLASSES_ROOT\WStart.WHttpHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{F6BDB4E5-D6AA-4D1F-8B67-BCB0F2246E21}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WStart.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C5991634-0185-4B0D-B4F9-6C45597962B7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WStart.WHttpHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WStart.WHttpHelper.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{9896231A-C487-43A5-8369-6EC9B0A96CC0}
HKEY_LOCAL_MACHINE\SOFTWARE\WSoft

%system%\child.dll
HKEY_CLASSES_ROOT\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
HKEY_CURRENT_USER\Software\Classes\CLSID\{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
"{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"

%system%\chp.dll
HKEY_CLASSES_ROOT\CLSID\{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}
HKEY_CURRENT_USER\Software\Classes\CLSID\{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Explorer\CLSID\{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{429F4BB8-7BF7-4152-8011-3C6F9EB7E892}"="Module"

%system%\bre.dll
%system%\bre32.dll
HKEY_CLASSES_ROOT\CLSID\{203B1C4D9-BC71-8916-38AD-9DEA5D213614}
HKEY_CURRENT_USER\Software\Classes\CLSID\{203B1C4D9-BC71-8916-38AD-9DEA5D213614}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{203B1C4D9-BC71-8916-38AD-9DEA5D213614}"="OLE Module"

%system%\trf32.dll
HKEY_CLASSES_ROOT\CLSID\{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}
HKEY_CURRENT_USER\Software\Classes\CLSID\{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{0BC9BC01-54D4-4CCE-2B7D-955164314CD4}"="OLE Module"

%system%ioctrl.dll
HKEY_CLASSES_ROOT\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{C1A8B6A1-2C81-1C3D-A3C6-A1CCDB10B47F}"="Windows Update"


Version 2.06

O4 - HKLM\..\Run: [3.tmp]
O4 - HKLM\..\Run: [4.tmp]
O4 - HKLM\..\Run: [3.tmp.exe]
O4 - HKLM\..\Run: [4.tmp.exe]


Version 2.05

O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\System32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724510C3-F3C8-4FB7-879A-D99F29008A2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{724510c3-f3c8-4fb7-879a-d99f29008a2f}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{724510c3-f3c8-4fb7-879a-d99f29008a2f}


Version 2.04

%HOMEDRIVE%\xxx.exe
%userprofile%\desktop\asfds
%userprofile%\desktop\cdegfr
%userprofile%\desktop\fdsf
%userprofile%\desktop\sdfdsf
%userprofile%\desktop\sdfff
%userprofile%\desktop\wdcevf
%userprofile%\desktop\wdcsadsad
%userprofile%\desktop\zxczxc
%system%\cmd32.exe
%system%\dial23.exe
%system%\exeha2.exe
%system%\exeha3.exe
%system%\z11.exe
%system%\z12.exe
%system%\z13.exe
%system%\z14.exe
%system%\z15.exe
%system%\z16.exe
%windows%\icont.exe
%windows%\inet20099\*.*

F3 - REG:win.ini: run=C:\WINDOWS\inet20099\winlogon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
"run"="C:\WINDOWS\inet20099\winlogon.exe"

O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20099\3.00.11.dll
HKEY_CLASSES_ROOT\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
HKEY_CLASSES_ROOT\Replace.HBO
HKEY_CLASSES_ROOT\Replace.HBO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Replace.HBO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Replace.HBO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}

O4 - HKCU\..\Run: [pro]
O4 - HKCU\..\Run: [xp_system]
O4 - HKLM\..\Run: [xp_system]
O4 - HKLM\..\Run: [Microsoft standard protector]


Version 2.03

O2 - BHO: HomepageBHO - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E9B951E-6F72-431B-82CF-4A9FBF2F53BC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{3e9b951e-6f72-431b-82cf-4a9fbf2f53bc}


Version 2.02

C:\WINDOWS\bxproxy.exe
C:\WINDOWS\System32\bnmsrv.exe
C:\WINDOWS\System32\RpcxSs.dll
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPC XSS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcxSs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY _RPCXSS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcxSs


Version 2.01

%system%\~update.exe
%system%\ll.exe
%system%\bhoimpl.dll
%system%\ztoolbar.bmp
%system%\ztoolbar.xml

O2 - BHO: MyBHO - {784aa380-13f2-422e-8540-f2280f1dd4f1} - C:\WINDOWS\System32\bhoimpl.dll
HKEY_CLASSES_ROOT\AppID\{77a7d7ab-576a-4b90-b4ee-909093c3bc69}
HKEY_CLASSES_ROOT\AppID\MyBHOImpl.DLL
HKEY_CLASSES_ROOT\CLSID\{784aa380-13f2-422e-8540-f2280f1dd4f1}
HKEY_CLASSES_ROOT\Interface\{71237FD0-9DF9-46B3-8F1C-6F2998543EA2}
HKEY_CLASSES_ROOT\TDS.MyBHO
HKEY_CLASSES_ROOT\TDS.MyBHO.1
HKEY_CLASSES_ROOT\TypeLib\{77A7D7AB-576A-4B90-B4EE-909093C3BC69}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{77a7d7ab-576a-4b90-b4ee-909093c3bc69}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MyBHOImpl.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784aa380-13f2-422e-8540-f2280f1dd4f1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71237FD0-9DF9-46B3-8F1C-6F2998543EA2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TDS.MyBHO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TDS.MyBHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{77A7D7AB-576A-4B90-B4EE-909093C3BC69}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{784aa380-13f2-422e-8540-f2280f1dd4f1}
HKEY_LOCAL_MACHINE\SOFTWARE\TDS

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler]
"{F33812FB-F35C-4674-90F6-FD757C419C51}"="DDE"


Version 2.00

%system%\ot.ico
%system%\ts.ico
%system%\migicons.exe
%system%\1024\
%ProgramFiles%\SpyAxe\

O4 - HKLM\..\Run: [SpyAxe]

HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
HKEY_CLASSES_ROOT\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SpyAxe.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{70F17C8C-1744-41B6-9D07-575DB448DCC5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06506B3A-857D-431f-BE0B-038B1EC386B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BFF94F7-9748-43d1-BAC4-D963351B63E7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C580891-CA9D-4619-BDC9-85378EB65931}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53525A6C-3774-4b47-B317-BC7DFE4FC7ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5DEB9A24-19E0-49e6-A6B2-110BC3E1062A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E1ACE2A-8638-4775-8AA9-5C187AD40A82}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{629C4FE9-B627-4905-AF5B-AD652BB1B5C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{659F78EA-6FF2-40f8-8EA3-06F7418A209E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7616A7F7-DF99-432f-870D-4AFEA0D079F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB22F36-2CCD-4003-89EE-6CF40EBC4282}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0D06AA3-499B-4156-9FFD-0BE236F0D4E5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6610F1D-DA77-42c4-8300-721D9DA9D70B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Backup
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Backup.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.EngineListener
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.EngineListener.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Log
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Log.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.LogRecord
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.LogRecord.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Paths
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Paths.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Quarantine
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Quarantine.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.RunAs.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Scanner
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.Scanner.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.SearchItem
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.SearchItem.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.ThreatCollection
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SpyAxe.ThreatCollection. 1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BB3BCBF-411A-4C67-8E69-F4BB301DC333}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \App Paths\spyaxe.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\SpyAxe
HKEY_LOCAL_MACHINE\SOFTWARE\SpyAxe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler
{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}


Version 1.99

%HOMEDRIVE%\contextplus.exe
%HOMEDRIVE%\drsmartload1.exe
%windir%\notepad.com
%windir%\psg.exe
%windir%\rzs.exe
%windir%\sec.exe
%system%\msbe.dll
%system%\notepad.com
%system%\nvms.dll
%system%\shdochp.dll
%system%\shdochp.exe
%system%\sh***l32.dll
%system%\x.exe
%ProgramFiles%\WinHound\
C:\Documents and Settings\****\Desktop\access
C:\Documents and Settings\****\Desktop\domains
C:\Documents and Settings\****\Desktop\map.txt
C:\Documents and Settings\All Users\Desktop\WinHound spyware remover.lnk
%allusersprofile%\Menu Démarrer\Programmes\WinHound spyware remover
O4 - HKLM\..\Run: [FHPage]
O4 - HKLM\..\Run: [WinHound]
HKEY_LOCAL_MACHINE\SOFTWARE\WinHound.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Uninstall\WinHound spyware remover
HKEY_CLASSES_ROOT\CLSID\{0878F045-B52E-46B3-9724-D3AE69D50067}
HKEY_CLASSES_ROOT\CLSID\{0EA04667-E53B-4E81-8E7C-DE2CA114CBD6}
HKEY_CLASSES_ROOT\CLSID\{265C2AF8-C94C-4AFF-B2B6-340D3982562C}
HKEY_CLASSES_ROOT\CLSID\{3946A33D-BBC6-4792-A383-D855E0F76D91}
HKEY_CLASSES_ROOT\CLSID\{41D7BB0A-64E0-4AB2-BD0B-69EA78E462E8}
HKEY_CLASSES_ROOT\CLSID\{4AA55E8C-2C19-4F3A-91EC-43B6DF937C4F}
HKEY_CLASSES_ROOT\CLSID\{4F93062D-7BDA-48BE-AEB6-88AF2B1FE2D4}
HKEY_CLASSES_ROOT\CLSID\{5206DF89-97FC-41AD-BAE3-993E87053A99}
HKEY_CLASSES_ROOT\CLSID\{58E68548-42E2-479D-A9E0-86D9F2EAF02E}
HKEY_CLASSES_ROOT\CLSID\{5E5A79A6-C67B-444E-BE58-BD0ACEFCDA07}
HKEY_CLASSES_ROOT\CLSID\{67196B3E-55A0-49DE-BA11-66F07DF804DB}
HKEY_CLASSES_ROOT\CLSID\{7198F8DA-012C-4DB4-ABD8-923A54C87900}
HKEY_CLASSES_ROOT\CLSID\{82847700-FE61-46A3-B3EE-761A1E312ACA}
HKEY_CLASSES_ROOT\CLSID\{8C2A05C5-780F-4A2E-AE1C-FB8181F860E4}
HKEY_CLASSES_ROOT\CLSID\{8DCA6B3D-1FCA-4500-B210-76119BB5C69E}
HKEY_CLASSES_ROOT\CLSID\{ACC647EE-991A-4811-B420-F063F50CDDC1}
HKEY_CLASSES_ROOT\CLSID\{C5B70256-5B08-4056-B84E-C6CE084967F5}
HKEY_CLASSES_ROOT\CLSID\{CBE4B748-08F9-44DB-8FB1-9AD25979DA35}
HKEY_CLASSES_ROOT\CLSID\{CDD964C2-FB78-4A74-BB1E-1CB1FCB72018}
HKEY_CLASSES_ROOT\CLSID\{D25F7446-4D36-4203-9EA5-5422B26FA9D0}
HKEY_CLASSES_ROOT\CLSID\{E12AAACF-8AF2-4C31-BA94-E3787B44F90E}
HKEY_CLASSES_ROOT\CLSID\{E479197F-49E5-4E60-9FA2-A71D4C7C2BBC}
HKEY_CLASSES_ROOT\CLSID\{F880B4F2-75BF-44EC-B7AA-45EC37448027}
HKEY_CLASSES_ROOT\TypeLib\{31E956BF-8CA9-4D75-B534-7EBC79770002}
HKEY_CLASSES_ROOT\TypeLib\{6E9E448E-B195-4627-953C-5377FA9BBA36}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0878F045-B52E-46B3-9724-D3AE69D50067}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EA04667-E53B-4E81-8E7C-DE2CA114CBD6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{265C2AF8-C94C-4AFF-B2B6-340D3982562C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3946A33D-BBC6-4792-A383-D855E0F76D91}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41D7BB0A-64E0-4AB2-BD0B-69EA78E462E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4AA55E8C-2C19-4F3A-91EC-43B6DF937C4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F93062D-7BDA-48BE-AEB6-88AF2B1FE2D4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5206DF89-97FC-41AD-BAE3-993E87053A99}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58E68548-42E2-479D-A9E0-86D9F2EAF02E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E5A79A6-C67B-444E-BE58-BD0ACEFCDA07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67196B3E-55A0-49DE-BA11-66F07DF804DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7198F8DA-012C-4DB4-ABD8-923A54C87900}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82847700-FE61-46A3-B3EE-761A1E312ACA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C2A05C5-780F-4A2E-AE1C-FB8181F860E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DCA6B3D-1FCA-4500-B210-76119BB5C69E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ACC647EE-991A-4811-B420-F063F50CDDC1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5B70256-5B08-4056-B84E-C6CE084967F5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE4B748-08F9-44DB-8FB1-9AD25979DA35}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDD964C2-FB78-4A74-BB1E-1CB1FCB72018}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D25F7446-4D36-4203-9EA5-5422B26FA9D0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E12AAACF-8AF2-4C31-BA94-E3787B44F90E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E479197F-49E5-4E60-9FA2-A71D4C7C2BBC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F880B4F2-75BF-44EC-B7AA-45EC37448027}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{31E956BF-8CA9-4D75-B534-7EBC79770002}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6E9E448E-B195-4627-953C-5377FA9BBA36}

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
HKEY_CLASSES_ROOT\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
HKEY_CLASSES_ROOT\NLS.UrlCatcher
HKEY_CLASSES_ROOT\NLS.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
HKEY_CLASSES_ROOT\ADP.UrlCatcher
HKEY_CLASSES_ROOT\ADP.UrlCatcher.1
HKEY_CLASSES_ROOT\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}

O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp????.tmp
HKEY_CLASSES_ROOT\CLSID\{7caf96a2-c556-460a-988e-76fc7895d284}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7caf96a2-c556-460a-988e-76fc7895d284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objecta\{7caf96a2-c556-460a-988e-76fc7895d284}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7caf96a2-c556-460a-988e-76fc7895d284}


Version 1.98

%HOMEDRIVE%\ecsiin.stub.exe
%HOMEDRIVE%\stub_113_4_0_4_0.exe
%windir%\adtech2005.exe
%windir%\secure32.html
%windir%\timessquare.exe
%windir%\toolbar.exe
%system%\sywsvcs.exe
%ProgramFiles%\Fichiers communs\muwq\
%ProgramFiles%\SpyAxe\
O4 - HKLM\..\Run: [ecsiin]
O4 - HKLM\..\Run: [timessquare]
O4 - HKLM\..\Run: [adtech2005]
O4 - HKCU\..\Run: [muwq]
O4 - HKCU\..\Run: [qwum]
O16 - DPF: {10003000-1000-0000-1000-000000000000}


Version 1.97

%ProgramFiles%\Fichiers communs\Download\mc-58-12-0000113.exe
%ProgramFiles%\Common Files\Download\mc-58-12-0000113.exe
%ProgramFiles%\Fichiers communs\InetGet\mc-58-12-0000113.exe
%ProgramFiles%\Common Files\InetGet\mc-58-12-0000113.exe
%ProgramFiles%\Fichiers communs\Windows\mc-58-12-0000113.exe
%ProgramFiles%\Common Files\Windows\mc-58-12-0000113.exe
%ProgramFiles%\Fichiers communs\Windows\services32.exe
%ProgramFiles%\Common Files\Windows\services32.exe
%allusersprofile%\Menu Démarrer\Programmes\P.S.Guard spyware remover
%system%\msupdate32.dll
%system%\MTC.dll
%system%\MTC.ini
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443}
O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443}
O4 - HKCU\..\Run: [services32]
O20 - Winlogon Notify: msupdate


Version 1.96

%bureau%\m00.exe
%windir%\adsldpbc.dll
%windir%\q*_disk.dll
%windir%\slassac.dll
%windir%\svchost.exe
%system%\cnymxw32.dll
%system%\prflbmsgp32.dll
%system%\sysbho.exe
%system%\sysmain.dll
%system%\winstyle2.dll
%system%\winstyle3.dll
%system%\winstyle32.dll
O4 - HKLM\..\Run: [System Redirect]
O4 - HKCU\..\Run: [System]
HKEY_CLASSES_ROOT\CLSID\{0976BE78-EA53-4DD6-91E6-E6175940032B}
HKEY_CLASSES_ROOT\CLSID\{16875E09-927B-4494-82BD-158A1CD46BA0}
HKEY_CLASSES_ROOT\CLSID\{405132A4-5DD1-4BA8-A181-95C8D435093A}
HKEY_CLASSES_ROOT\CLSID\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
HKEY_CLASSES_ROOT\CLSID\{826B2228-BC09-49F2-B5F8-42CE26B1B712}
HKEY_CLASSES_ROOT\CLSID\{8D82BB89-B58C-4F21-9C5D-377F65947806}
HKEY_CLASSES_ROOT\CLSID\{B212D577-05B7-4963-911E-4A8588160DFA}
HKEY_CLASSES_ROOT\CLSID\{C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}
HKEY_CLASSES_ROOT\CLSID\{C7CF1142-0785-4B12-A280-B64681E4D45E}
HKEY_CLASSES_ROOT\CLSID\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_CURRENT_USER\Software\Microsoft\style2
HKEY_CURRENT_USER\Software\Microsoft\style3
HKEY_CURRENT_USER\Software\Microsoft\style32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{0976BE78-EA53-4DD6-91E6-E6175940032B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{16875E09-927B-4494-82BD-158A1CD46BA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{405132A4-5DD1-4BA8-A181-95C8D435093A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{6AC3806F-8B39-4746-9C38-6B01CB7331FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{826B2228-BC09-49F2-B5F8-42CE26B1B712}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{8D82BB89-B58C-4F21-9C5D-377F65947806}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{B212D577-05B7-4963-911E-4A8588160DFA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{C0E5FF11-4AE0-4699-A6A7-2FB7118F2081}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{C7CF1142-0785-4B12-A280-B64681E4D45E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{16875E09-927B-4494-82BD-158A1CD46BA0}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{6AC3806F-8B39-4746-9C38-6B01CB7331FF}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{7A7E6D97-B492-4884-9ABB-C31281DCC4F2}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{B212D577-05B7-4963-911E-4A8588160DFA}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{C7CF1142-0785-4B12-A280-B64681E4D45E}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\SharedTaskScheduler: [{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gggg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ggggg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3i



Version 1.95

%system%\priva.exe
O4 - HKLM\..\Run: [ControlPanel]
O4 - HKLM\..\RunServices: [Explorer64]


Version 1.94

%HOMEDRIVE%\secure32.html
%system%\svchosts.exe
%system%\shdocsvc.dll
%system%\shdocsvc.exe
%system%\ztoolb011.dll
O4 - HKLM\..\Run: [FHStart]


Version 1.93

%windir%\adsldpbd.dll
%system%\multitran.exe
%system%\performent217.dll
%system%\qvxgamet?.exe
%system%\nuclabdll.dll
%system%\st3.dll
%system%\svwhost.exe
%system%\zolker011.dll
C:\Documents and Settings\All Users\Bureau\Blowjob.url
C:\Documents and Settings\All Users\Bureau\Cigarettes Discount.url
C:\Documents and Settings\All Users\Bureau\Forex Trading.url
C:\Documents and Settings\All Users\Bureau\Free Ringtones.url
C:\Documents and Settings\All Users\Bureau\Gift Ideas.url
C:\Documents and Settings\All Users\Bureau\Group ***.url
C:\Documents and Settings\All Users\Bureau\Home Loan.url
C:\Documents and Settings\All Users\Bureau\Mp3 Download.url
C:\Documents and Settings\All Users\Bureau\Online Casino.url
C:\Documents and Settings\All Users\Bureau\Online Dating.url
C:\Documents and Settings\All Users\Bureau\Play Poker.url
C:\Documents and Settings\All Users\Bureau\PopUp Blocker.url
C:\Documents and Settings\All Users\Bureau\Porn Dvd.url
C:\Documents and Settings\All Users\Bureau\Real Estate.url
C:\Documents and Settings\All Users\Bureau\Sport Betting.url
C:\Documents and Settings\All Users\Bureau\Spyware Remover.url
C:\Documents and Settings\All Users\Bureau\Texas Holdem.url
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\vxgame3.exe
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
O2 - BHO: (no name) - {9C5875B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\performent217.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb011.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll
O4 - HKLM\..\Run: [multitran]
O4 - HKLM\..\RunServices: [multitran]
O4 - HKLM\..\Run: [WindowsUpdateNT]
O4 - HKCU\..\Run: [multitran]
O4 - HKCU\..\Run: [WindowsUpdateNT]
O20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll
O20 - Winlogon Notify: nuclabdll - C:\WINDOWS\SYSTEM32\nuclabdll.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll


Version 1.92

%system%\cvxh8jkdq?.exe
%system%\sdfdil.exe
%system%\winldra.exe
%windows%\blank.mht
O4 - HKLM\...\Run: [load32]


Version 1.91

%system%\split.exe
%system%\split1.exe
%system%\split2.exe
%system%\maxd1.exe
%system%\efsdfgxg.exe
%system%\birdihuy.dll
%system%\birdihuy32.dll
%system%\web.exe
%system%\yaemu.exe
%system%\svchop.exe
%system%\shdochop.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main: [Start Page]
O4 - HKLM\...\Run: [Explorer32]
O4 - HKLM\...\Run: [yaemu.exe]
O4 - HKLM\...\Run: [FH]
HKEY_CLASSES_ROOT\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}
HKEY_CURRENT_USER\Software\Classes\CLSID\{F33812FB-F35C-4674-90F6-FD757C419C51}


Version 1.89

%system%\shdocnva.dll
HKLM\SOFTWARE\PSGuard.com

Version 1.88

%windir%\warnhp.html


Version 1.87

O4 - HKLM\..\Run: [P.S.Guard]
O4 - HKLM\..\Run: [AdService]
O4 - HKLM\..\Run: [FSH]
%ProgramFiles%\P.S.Guard\
%system%\AdService.dll
%system%\svcnva.exe


Version 1.86

%homedrive%\loader.exe
%windir%\kl.exe
%windir%\ms1.exe
%system%\cmdtel.exe
%system%\combo.exe
%system%\doser.exe
%system%\latest.exe
%system%\paytime.exe
%system%\sender.exe
%system%\socks.exe
%system%\sysvcs.exe
%system%\zlbw.dll
O4 - HKLM\..\Run: [combo.exe]
O4 - HKLM\..\Run: [PayTime]
O4 - HKCU\..\Run: [aupd]
O4 - HKCU\..\Run: [PayTime]


Version 1.85

[HKey_Classes_Root\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}]
[HKey_Classes_Root\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}]
[HKey_Classes_Root\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}]
[HKey_Classes_Root\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}]
[HKey_Classes_Root\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}]
[HKey_Classes_Root\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}]
[HKey_Classes_Root\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}]
[HKey_Classes_Root\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}]
[HKey_Classes_Root\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}]
[HKey_Classes_Root\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}]
[HKey_Classes_Root\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}]
[HKey_Classes_Root\CLSID\{52034AD2-914C-4634-B375-9299631E5525}]
[HKey_Classes_Root\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}]
[HKey_Classes_Root\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}]
[HKey_Classes_Root\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}]
[HKey_Classes_Root\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}]
[HKey_Classes_Root\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}]
[HKey_Classes_Root\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}]
[HKey_Classes_Root\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}]
[HKey_Classes_Root\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15DC7116-E58E-4395-A45A-A1C99B17C030}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17E02586-A91D-4A9D-A74E-187B05DFFE6F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BD98DFD-2DA9-4C54-85D7-BE03A0F9C487}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C94EA51-3800-4F08-B5DC-A5B67823FFEA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D1AF34-6E19-42D8-AF9F-BDFBE45C2454}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21E132C9-1F98-4151-BDAD-7D9B49C60A8E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23F7AD29-F51A-4BA1-BE70-143B1CB25BD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C59D5EC-6B91-4896-BD6F-5F121D87A7F8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F34E0E0-F0BB-477F-AFB8-509262FA0AD1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35ED274E-3F42-4A78-BBDC-3B7D73E85578}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3D74D140-F780-4AE3-8D6D-F8DC39107213}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49443D6E-CE4E-47A9-8DEB-F5774CE14984}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52034AD2-914C-4634-B375-9299631E5525}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7702C521-76AE-42C0-A181-3B5A96C2EEF7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ADDA344-1D36-4446-9F4B-B2351FB19EFD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D98221E-AF8F-4D29-8BB1-1DFABC288173}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9746B450-6064-4EC8-9480-72A289AA2237}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5A40FCE-0A0F-40CA-985E-661C28B5B431}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7F22879-7151-4C71-8C50-9557AFDA66C6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA5E7959-60B5-47B7-80AC-1606309733F3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEABF027-6CDC-4D47-ADF6-AC5D065826A6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0AA0493-C410-4CBD-B1DB-1723374FA8E0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D78BD8-3874-4AA0-9D45-CFB79382C484}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \policies\explorer\run]
"wininet.dll"="mscornet.exe"
"kernel32.dll"="C:\WINDOWS\System32\mssearchnet.exe"
"nvctrl.exe"="nvctrl.exe"
SOFTWARE\Classes\CLSID\{893FAD3A-931E-4E53-B515-B1426D63799B}
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion \Explorer\Browser Helper Objecta\{893fad3a-931e-4e53-b515-b1426d63799b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion \Explorer\Browser Helper Objects\{893fad3a-931e-4e53-b515-b1426d63799b}]
%system%\mscornet.exe
%system%\mssearchnet.exe
%system%\nvctrl.exe
%system%\ncompat.tlb
%system%\msvol.tlb
%system%\ld????.tmp
%appdata%\Shudder Global Limited\
%appdata%\PSGuard.com\


Version 1.84

%system%\casino.ico
%system%\date.ico
%system%\games.ico
%system%\mobile.ico
%system%\network.ico
%system%\pharm.ico
%system%\pharm2.ico
%system%\scanner.ico
%system%\spam.ico
%system%\spyware.ico


Version 1.82

C:\Windows\tool1.exe
C:\Windows\tool3.exe
C:\Windows\tool4.exe
C:\Windows\tool5.exe
C:\Windows\__delete_on_reboot__popuper.exe
C:\WINDOWS\system32\svcnt32.exe
C:\Windows\System32\__delete_on_reboot__intmon.exe
C:\Windows\System32\__delete_on_reboot__intel32.exe
C:\Windows\System32\__delete_on_reboot__intell32.exe
C:\Windows\System32\__delete_on_reboot__OLEADM.dll
C:\Windows\System32\Air Tickets.ico
C:\Windows\System32\Big Tits.ico
C:\Windows\System32\Blackjack.ico
C:\Windows\System32\Britney Spears.ico
C:\Windows\System32\Car Insurance.ico
C:\Windows\System32\Cheap Cigarettes.ico
C:\Windows\System32\Credit Card.ico
C:\Windows\System32\Cruises.ico
C:\Windows\System32\Currency Trading.ico
C:\Windows\System32\Lesbian ***.ico
C:\Windows\System32\MP3.ico
C:\Windows\System32\Online Betting.ico
C:\Windows\System32\Online Gambling.ico
C:\Windows\System32\Oral ***.ico
C:\Windows\System32\Party Poker.ico
C:\Windows\System32\Pharmacy.ico
C:\Windows\System32\Phentermine.ico
C:\Windows\System32\Pornstars.ico
C:\Windows\System32\Remove Spyware.ico
C:\Windows\System32\viagra.ico
C:\Documents and Settings\****\Desktop\Air Tickets.url
C:\Documents and Settings\****\Desktop\AntivirusGold.lnk
C:\Documents and Settings\****\Desktop\Big Tits.url
C:\Documents and Settings\****\Desktop\Blackjack.url
C:\Documents and Settings\****\Desktop\Britney Spears.url
C:\Documents and Settings\****\Desktop\Car Insurance.url
C:\Documents and Settings\****\Desktop\Cheap Cigarettes.url
C:\Documents and Settings\****\Desktop\Credit Card.url
C:\Documents and Settings\****\Desktop\Cruises.url
C:\Documents and Settings\****\Desktop\Currency Trading.url
C:\Documents and Settings\****\Desktop\Lesbian ***.url
C:\Documents and Settings\****\Desktop\MP3.url
C:\Documents and Settings\****\Desktop\Online Betting.url
C:\Documents and Settings\****\Desktop\Online Gambling.url
C:\Documents and Settings\****\Desktop\Oral ***.url
C:\Documents and Settings\****\Desktop\Party Poker.url
C:\Documents and Settings\****\Desktop\Pharmacy.url
C:\Documents and Settings\****\Desktop\Phentermine.url
C:\Documents and Settings\****\Desktop\Pornstars.url
C:\Documents and Settings\****\Desktop\Remove Spyware.url
C:\Documents and Settings\****\Desktop\SpySheriff.lnk
C:\Documents and Settings\****\Desktop\viagra.url
O4 - HKLM\..\Run: [Start Page]


Version 1.8

C:\Program Files\internet explorer\ieengine.exe
O4 - HKCU\..\Run: [IEengine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\ShudderLTD\PSGuard]


version 1.7

F2 - REG:system.ini: Shell=Explorer.exe sysinit32z.exe
C:\WINDOWS\system32\sysinit32z.exe
C:\WINDOWS\system32\taras.exe


version 1.6

C:\Windows\tool2.exe


Version 1.5

C:\ntdetecd.exe
C:\Windows\System32\vxh8jkdq?.exe


Version 1.4

C:\Program Files\Daily Weather Forecast\
04 - HKLM\..\Run: [Daily Weather Forecast]


Version 1.3

C:\Windows\System32\oleext.dll
C:\Windows\System32\oleext32.dll
C:\Windows\System32\wppp.html
O4 - HKCU\..\Run: [SNInstall]


Version 1.1

C:\Program Files\SpyKiller\
C:\Windows\System\svchost.exe
C:\Windows\System32\intell32.exe
C:\Windows\System32\kernels32.exe
C:\Windows\System32\vxgame?.exe
C:\Windows\System32\vxgamet?.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O4 - HKCU\..\Run: [SpyKiller]
O4 - HKLM\..\Run: [intell32.exe]
O4 - HKLM\..\Run: [System]
O4 - HKLM\..\Run: [WindowsUpdate]
O4 - HKLM\..\RunServices: [SystemTools]


Version 1.0

C:\Windows\System32\gunist.exe
C:\Windows\System32\param32.dll
C:\Windows\System32\pop_up.dll
C:\Windows\System32\searchdll.dll
C:\Windows\System32\svchosts.dll
C:\Windows\System32\LogFiles\T54111925.so
C:\Windows\System32\LogFiles\H53131712.so
C:\Windows\System32\LogFiles\A54102200.so
C:\Windows\System32\LogFiles\S53252000.so
C:\Windows\System32\LogFiles\A04111925.so
C:\Windows\System32\LogFiles\M54111925.so
C:\Windows\System32\LogFiles\P54111925.so


Version 0.x

C:\bsw.exe
C:\r.exe
C:\winstall.exe
C:\wp.bmp
C:\wp.exe
C:\Windows\desktop.html
C:\Windows\popuper.exe
C:\Windows\screen.html
C:\Windows\sites.ini
C:\Windows\uninstIU.exe
C:\Windows\windows.html
C:\Windows\zloader3.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\hhk.dll
C:\Windows\System32\hookdump.exe
C:\Windows\System32\hp????.tmp
C:\Windows\System32\intel32.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\msole32.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\System32\oleadm.dll
C:\Windows\System32\oleadm32.dll
C:\Windows\System32\perfcii.ini
C:\Windows\System32\runsrv32.dll
C:\Windows\System32\runsrv32.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\spoolsrv32.exe
C:\Windows\System32\srpcsrv32.dll
C:\Windows\System32\srpcsrv32.exe
C:\Windows\System32\svcnt.exe
C:\Windows\System32\txfdb32.dll
C:\Windows\System32\w8673492.exe
C:\Windows\System32\winnook.exe
C:\Windows\System32\wldr.dll
C:\Windows\System32\wp.bmp
C:\Windows\System32\LogFiles\A5281300.so
C:\Windows\web\desktop.html
C:\Windows\web\wallpaper.html
C:\Documents and Settings\****\Application Data\Install.dat
C:\Program Files\AdwareDelete\
C:\Program Files\AntivirusGold\
C:\Program Files\PSGuard\
C:\Program Files\Search Maid\
C:\Program Files\Security IGuard\
C:\Program Files\SpySheriff\
C:\Program Files\Virtual Maid\
C:\spywarevanisher-free\
O4 - HKCU\..\Run: [Intel system tool]
O4 - HKCU\..\Run: [SpySheriff]
O4 - HKCU\..\Run: [Windows installer]
O4 - HKCU\..\Run: [WindowsFY]
O4 - HKCU\..\Run: [WindowsFZ]
O4 - HKLM\..\Run: [Fast Start]
O4 - HKLM\..\Run: [intel32.exe]
O4 - HKLM\..\Run: [Intel system tool]
O4 - HKLM\..\Run: [MSN Messenger]
O4 - HKLM\..\Run: [PSGuard]
O4 - HKLM\..\Run: [PSGuard spyware remover]
O4 - HKLM\..\Run: [RegSvr32]
O4 - HKLM\..\Run: [WindowsFZ]
[-HKEY_CURRENT_USER\SOFTWARE\SpySheriff]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusGold]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDelete]

[ipl_001]

Hi Ruby, S!Ri, hello everyone,

Ruby, thanks to you kind words but I don't deserve them.
( SpyAxe|SpySheriff|SpywareStrike|AlfaCleaner|SpyFal con|Smitfraud (Removal) )

You wrote:

Alternative to Marc's Remover
our french Team-Members
BipBip and ipl_001
have
brought to us
the
SmitfraudFix
which has been develloped on
Zebulon.fr
by their members
S!Ri, moe31 and balltrap34

SmitfraudFix was developped on another French forum, the name of which is CCM - CommentCaMarche (HowItWorks) ( http://www.commentcamarche.net/forum/index.php3?cat=7 ).
SmitfraudFix has well been created by S!Ri, a member of CCM, Zebulon and HJT.de, moe31, a member of CCM and balltrap34, a member of CCM and Zebulon.

Thanks to S!Ri for his wonderful tool along with his kindness and knowledge and generosity!
This tool belongs to them and S!Ri is very glad to help anyone on any forum in order to eradicate this damn malware!

(I'm sorry to write this post but as a moderator, I cannot let think -unfortunately- SmitfraudFix has something to do with Zebulon).

[Ruby]

Hi ipl_001

Without BipBip and you I think that it would have lasted some time longer that we would have heard anything about the Smitfraudfix.

Fine that you are here @ ipl_001 and that you have brought S!Ri to us

Regards

[Ruby]

You could think it would be bordering to use always the same methods, but the producers of Fake-Programs go on... Now we have SpywareStrike, a clone of SpyAxe. You can find it on the Red list of Spyware Warrior.

For more information have a look to Suzi Turner - zdnet.com
and to Mark's Sysinternals Blog The Antispyware Conspiracy.

Take care, dear User. Don't use SpywareStrike, otherwise you will have to clean up your system. Don't worry, use:

SmitfraudFix
(WinXP, Win2K)

Update 02/11/2006 - the show must go on:
AlfaCleaner & SpyFalcon

[Ruby]

One more method to win the battle against Smitfraud on Windows 2000 and XP
is Noadfear's SmitRem fix, which is used in a new program of Nick-YF19.

It works against these variants of Smitfraud:

* SpyAxe
* Smitfraud
* Security IGuard
* Virtual Maid
* Search Maid
* AntiVirusGold or AV Gold
* PSGuard
* SpySheriff
* Spy Trooper
* SpywareStrike -->added 7-Jan-2006
* Security Toolbar

The new Malware Removal can be downloaded under this link: smitRem.exe.

For more information, please have a look here: wiki.castlecops.com

Many thanks to our Team-Candidate karl83 for this information.

[Ruby]

-> Information (DE) -> Information (EN)

Spyware Warrior

If YOU
need a program
to get free from spyware


*****

Brauchst du ein Programm
gegen Spyware
Schau vorher nach, ob es auf der Roten Liste steht:

Spyware Warrior
R o t e L i s t e

[Ruby]

Hello S!Ri, moe31 & balltrap34

Thank you very much
for going on adding your SmitfraudFix
with all kinds of new variants.

All the best

[Lupine]

After 2 days of ripping my hair out and installing 20+ programs which did nothing i am finally free of the dreaded flashing box in the corner of my screen

Thank you all so much for making my pc fun again! (Even if you were just linking someone elses work, you enabled me to get rid of the damn virus; especially big thanks to the peron(s) who wrote the fix)