virus inconus aidemois Résolu/Fermé

Question

Bonjour,
jais quelque virus mais je ne sais pas ces quoi
jais asseyes d,ouvrir installation de HijackThis mais ses marque HijackThis.exe a généré des erreurs et sera ferme
par windows. un journal des erreur est en cours de création alors je ok je rasai sa ne marche pas ses marque a chaque fois ce si dis HijackThis.exe a généré des erreurs et sera ferme
par windows. un journal des erreur est en cours de création aide mois s.v.p

loloetseb · Answer

Peux tu faire un scan hijack this (renommes le hijack-this avant de lancer le scan),

Fais "do a scan and save a log",copies le rapport (ctrl+c) et postes le (ctrl+v) sur cette page 


http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

satune · Answer

OK sa marche sa dis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:27:30, on 2009-02-04
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v7.00 SP1 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Avira\WebProtector\difsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32
vsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32undll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\Nouveau dossier\mario.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: {28626e35-8141-5228-05d4-10cfcc7bd713} - {317db7cc-fc01-4d50-8225-141853e62682} - C:\WINNT\system32\plbbfq.dll
O2 - BHO: (no name) - {422243B8-05F1-414A-9C96-57350390F90D} - C:\WINNT\system32\geBtuSMC.dll
O2 - BHO: (no name) - {6C23AB0C-0244-4B01-8253-BEE724D0D2EC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\MSDXM.OCX
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NewsUpd] C:\Program Files\Creative\News\NewsUpd.EXE /q
O4 - HKLM\..\Run: [Détecteur de disque] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WebFilter] "C:\Program Files\Avira\WebProtector\difapp" /defuser
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Norman\Norman Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanicegmech.exe /QS
O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\deskmech.exe /QS
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: plbbfq.dll
O20 - Winlogon Notify: wvUkJbcC - wvUkJbcC.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: Avira Web Filter Service (difsvc) - Unknown owner - C:\Program Files\Avira\WebProtector\difsvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32
vsvc32.exe

loloetseb · Answer

Télécharge Malwarebytes’ Anti-Malware et postes moi le rapport apres mise a jour

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

- Sur la page cliques sur Télécharger Malwarebyte’s Anti-Malware 
- Enregistres le sur le bureau 
- Double cliques sur le fichier téléchargé pour lancer le processus d’installation 
- Lorsqu’il te le sera demandé, met à jour Malwarebytes anti malware 
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes 
- Une fois la mise à jour terminée, ferme Malwarebytes 
- Double-cliques sur l’icône de malwarebytes pour le relancer 
- Dans l’onglet, Recherche, probablement ouvert par défaut, 
- Sélectionne Exécuter un examen complet 
- Clique sur Rechercher 
- Le scan démarre 
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés. 
- Cliques sur Ok pour poursuivre. 
- Si des malwares ont été détectés, cliques sur Afficher les résultats 
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse. 
- Rends toi dans l’onglet rapport/log 
- Tu cliques dessus pour l’afficher une fois affiché 
- Tu cliques sur édition en haut du bloc notes, et puis sur sélectionner tout 
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse 
- Tu cliques droit dans le cadre de la réponse et coller 

Si tu as besoin d’aide regarde ce tutorial 

https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

satune · Answer

ok je le télé charge

satune · Answer

OK il analyse.............................

loloetseb · Answer

Parfait

satune · Answer

et voilas Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1729
Windows 5.0.2195 Service Pack 4

2009-02-04 20:44:02
mbam-log-2009-02-04 (20-43-58).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 166810
Temps écoulé: 56 minute(s), 45 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINNT\system32\internat.exe (Trojan.Agent) -> No action taken.

Module(s) mémoire infecté(s):
C:\WINNT\system32\geBtuSMC.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\plbbfq.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{317db7cc-fc01-4d50-8225-141853e62682} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{317db7cc-fc01-4d50-8225-141853e62682} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{422243b8-05f1-414a-9c96-57350390f90d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{422243b8-05f1-414a-9c96-57350390f90d} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SpyProtector (Rogue.SpyProtector) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\gebtusmc -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\gebtusmc  -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINNT\system32\plbbfq.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\geBtuSMC.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\CMSutBeg.ini (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\CMSutBeg.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\qcfuulip.dll (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\piluufcq.ini (Trojan.Vundo.H) -> No action taken.
C:\WINNT\system32\cbsexlwc.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\lxaffc.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32
mekmihk.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\internat.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\jean-luc\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\jean-luc\Local Settings\Temp\s1408.php (Trojan.FakeAlert) -> No action taken.

loloetseb · Answer

Tu n'as pas terminer la fin du scan donc aucune action a ete prise quand le scan est terminé malwarebytes te propose de mettre en quarantaine,tu mets en quarantaine et les fichiers deviennent inactif (regardes bien le tutorial.

C'est du trojan vundo,on en as pour 2 ou 3 heures,si tu veux relancer le scan et terminer en mettant en quarantaine,on continuera demain soir.Je vais me coucher la trop fatigué.Je me leve a 7h30

satune · Answer

ok jais conpris
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1729
Windows 5.0.2195 Service Pack 4

2009-02-04 20:55:10
mbam-log-2009-02-04 (20-55-10).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 166810
Temps écoulé: 56 minute(s), 45 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
C:\WINNT\system32\internat.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINNT\system32\geBtuSMC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\plbbfq.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{317db7cc-fc01-4d50-8225-141853e62682} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{317db7cc-fc01-4d50-8225-141853e62682} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{422243b8-05f1-414a-9c96-57350390f90d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{422243b8-05f1-414a-9c96-57350390f90d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\SpyProtector (Rogue.SpyProtector) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\gebtusmc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\winnt\system32\gebtusmc  -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINNT\system32\plbbfq.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\geBtuSMC.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINNT\system32\CMSutBeg.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\CMSutBeg.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\qcfuulip.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\piluufcq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINNT\system32\cbsexlwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\lxaffc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32
mekmihk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINNT\system32\internat.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-luc\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean-luc\Local Settings\Temp\s1408.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.

il est
21:40

loloetseb · Answer

Supprimes ce que tu as en quarantaine dans malwarebytes

1)Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : 

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option "1" puis valide en appuyant sur "Entrée". 
! Ne ferme pas la fenêtre lors de la suppression ! 
Un rapport sera généré, poste son contenu ici.

satune · Answer

ok mais sa ne marche pas Toolbar-S&D après avoir fait le 1 sa dis pares pour quoi sa fait sas ?

satune · Answer

OK jais fais se que ta dis mais dais que ja puis sur 1 on dirais comme si je laves fermer

loloetseb · Answer

Télécharge SDFix d' AndyManchesta (avant de dézipper le dossier,renommes le sd-fix)

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau. 

Tutorial ici
1)
https://www.malekal.com/slenfbot-still-an-other-irc-bot/

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\) 
N y touche pas pour l instant. 

2) Redémarre en mode sans échec 

3) SDFix 
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
* Appuie sur Y pour commencer le processus de nettoyage. 
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
* Appuie sur une touche pour redémarrer le PC. 
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

loloetseb · Answer

On fera toolbar sd plus tard.Supprimes ce que tu as dans la quarantaine de malwarebytes

satune · Answer

dessole sa recommence des que je pais se sur RunThis sa fairme

satune · Answer

a tan jais trouve sa pour 

  -- Changelog ToolBar S&D --


==================================
Upd: December 21, 2008 ( v 1.2.8 )
==================================

"%ProgramFiles%\Mozilla Firefox\searchplugins\crawlersrch.xml"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-

Folder : Smart-Shopper

==================================
Upd: December 19, 2008 ( v 1.2.7 )
==================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealio Toolbar 3.2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Settings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23A287DB-449A-462F-BDE1-8635A61671CE}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiweeHook"=-

# [Service] ASKService
# [Service] ASKUpgrade

Folder : Kiwee Toolbar

==================================
Upd: December 4, 2008  ( v 1.2.6 )
==================================

"%ProgramFiles%\Mozilla Firefox\plugins
pbasic.dll"
"%ProgramFiles%\Mozilla Firefox\chrome\chrome\content\browser.js"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3}]

==================================
Upd: November 20, 2008 ( v 1.2.5 )
==================================

"%Windir%\Downloaded Program Files\ZangoInstaller.dll"

Folder : M3Development_WhenUSave_Installer

[-HKEY_CLASSES_ROOT\zangoinstaller.zangoinstaller]
[-HKEY_CLASSES_ROOT\zangoinstaller.zangoinstaller.1]

[-HKEY_CLASSES_ROOT\TypeLib\{ff0312e0-f60c-4109-94b8-0a564a58e43b}]

[-HKEY_CLASSES_ROOT\Interface\{a077a462-0b6c-43bd-af09-5e55a0cc902c}]

[-HKEY_CLASSES_ROOT\CLSID\{99410cde-6f16-42ce-9d49-3807f78f0287}]
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\Accoona Search]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5146c40-189a-4311-bda9-fbae3e023187}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B21-F830-49DE-A31B-5BB9D7F6B407}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"=-
"{b5146c40-189a-4311-bda9-fbae3e023187}"=-

==================================
Upd: October 27, 2008  ( v 1.2.4 )
==================================

# Other infection

==================================
Upd: October 23, 2008  ( v 1.2.3 )
==================================

# Other infection

==================================
Upd: October 4, 2008   ( v 1.2.2 )
==================================

Folder : alot
Folder : baidu
Folder : Starware381

"%ProgramFiles%\Mozilla Firefox\plugins\NPAskSBr.dll"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion­\Uninstall\starware381]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a7f05ee4-0426-454f-8013-c41e3596e9e9}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}]

[-HKEY_CLASSES_ROOT\Interface\{92b82580-b1d5-4528-8b42-35526141a4d0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BIE"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{02496EBD-8455-48db-B3C7-5DAC97D9F5A7}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}"=-

[-HKEY_CURRENT_USER\SOFTWARE\starware381]
[-HKEY_CURRENT_USER\SOFTWARE\starware354]

===================================
Upd: September 24, 2008 ( v 1.2.1 )
===================================

"%Windir%\system32\iiyrelekeynmmfbh.dll"

Folder : AskBarDis
Folder : 2ACA5CC3-0F83-453D-A079-1076FE1A8B65

[-HKEY_CLASSES_ROOT\coresrv.coreservices]
[-HKEY_CLASSES_ROOT\coresrv.coreservices.1]
[-HKEY_CLASSES_ROOT\coresrv.lfgax]
[-HKEY_CLASSES_ROOT\coresrv.lfgax.1]
[-HKEY_CLASSES_ROOT\hbmain.commband]
[-HKEY_CLASSES_ROOT\hbr.hbmain.1]
[-HKEY_CLASSES_ROOT\hostol.mailanim]
[-HKEY_CLASSES_ROOT\hostol.mailanim.1]
[-HKEY_CLASSES_ROOT\hostol.webmailsend]
[-HKEY_CLASSES_ROOT\hostol.webmailsend.1]
[-HKEY_CLASSES_ROOT\instie.hbinstobj]
[-HKEY_CLASSES_ROOT\instie.hbinstobj.1]
[-HKEY_CLASSES_ROOT\srv.coreservices]
[-HKEY_CLASSES_ROOT\srv.coreservices.1]
[-HKEY_CLASSES_ROOT	oolbar.htmlmenuui]
[-HKEY_CLASSES_ROOT	oolbar.htmlmenuui.1]
[-HKEY_CLASSES_ROOT	oolbar.toolbarctl]
[-HKEY_CLASSES_ROOT	oolbar.toolbarctl.1]
[-HKEY_CLASSES_ROOT\zango.desktopflash]
[-HKEY_CLASSES_ROOT\zango.desktopflash.1]
[-HKEY_CLASSES_ROOT\zangoax.clientdetector]
[-HKEY_CLASSES_ROOT\zangoax.clientdetector.1]
[-HKEY_CLASSES_ROOT\zangoax.userprofiles]
[-HKEY_CLASSES_ROOT\zangoax.userprofiles.1]
[-HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1]
[-HKEY_CLASSES_ROOT\asapcom.asapclass]
[-HKEY_CLASSES_ROOT\asapcom.asapclass.1]
[-HKEY_CLASSES_ROOT\asapcom.asapenvelope]
[-HKEY_CLASSES_ROOT\asapcom.asapenvelope.1]
[-HKEY_CLASSES_ROOT\asapcom.asapmain]
[-HKEY_CLASSES_ROOT\asapcom.asapmain.1]
[-HKEY_CLASSES_ROOT\asapcom.asapmessage]
[-HKEY_CLASSES_ROOT\asapcom.asapmessage.1]
[-HKEY_CLASSES_ROOT\asapcom.asaprecipients]
[-HKEY_CLASSES_ROOT\asapcom.asaprecipients.1]
[-HKEY_CLASSES_ROOT\xml.xml]
[-HKEY_CLASSES_ROOT\xml.xml.1]
[-HKEY_CLASSES_ROOT\asearchassist.adefaultsearch]
[-HKEY_CLASSES_ROOT\asearchassist.adefaultsearch.1]

[-HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b}]
[-HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9}]
[-HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184}]
[-HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e}]
[-HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8}]
[-HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d}]
[-HKEY_CLASSES_ROOT\CLSID\{f80c1d93-0d22-436e-963e-9d3156997a4e}]
[-HKEY_CLASSES_ROOT\CLSID\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d}]
[-HKEY_CLASSES_ROOT\CLSID\{2e54ac53-efa4-4831-a3f6-b47b1a1937cf}]
[-HKEY_CLASSES_ROOT\CLSID\{8971cb48-9fca-445a-be77-e8e8a4cc9df7}]
[-HKEY_CLASSES_ROOT\CLSID\{bfc08cff-c737-4433-bd5a-0ee7efcfee54}]
[-HKEY_CLASSES_ROOT\CLSID\{5b2e150d-4c8a-40e4-8c36-dd9c02771c67}]
[-HKEY_CLASSES_ROOT\CLSID\{627d894a-8a77-416e-b522-432eaf2c818e}]
[-HKEY_CLASSES_ROOT\CLSID\{54a3f8b7-228e-4ed8-895b-de832b2c3959}]
[-HKEY_CLASSES_ROOT\CLSID\{7138f250-5b72-48dd-adfb-9a83b429dd9e}]
[-HKEY_CLASSES_ROOT\CLSID\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf}]
[-HKEY_CLASSES_ROOT\CLSID\{bf1bf02c-5a86-4ecf-adac-472c54c4d21e}]
[-HKEY_CLASSES_ROOT\CLSID\{b88e4484-3ff6-4ea9-815b-a54fe20d4387}]
[-HKEY_CLASSES_ROOT\CLSID\{ab502149-ccf3-3f33-2241-84152b364b18}]
[-HKEY_CLASSES_ROOT\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_CLASSES_ROOT\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_CLASSES_ROOT\CLSID\{b0cb585f-3271-4e42-88d9-ae5c9330d554}]
[-HKEY_CLASSES_ROOT\CLSID\{d2221ccb-f2bb-4858-aad4-57c754153603}]
[-HKEY_CLASSES_ROOT\CLSID\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c}]
[-HKEY_CLASSES_ROOT\CLSID\{ea0b6a1a-6a59-4a58-9c41-9966504898a5}]

[-HKEY_CLASSES_ROOT\TypeLib\{ad71e48f-6f47-4b63-9312-fae879541c4d}]
[-HKEY_CLASSES_ROOT\TypeLib\{08755390-f46d-4d09-968c-3430166b3189}]
[-HKEY_CLASSES_ROOT\TypeLib\{ccc6e232-aa4c-4813-a019-9c14b27776b6}]
[-HKEY_CLASSES_ROOT\TypeLib\{229d2451-a617-4b30-b5e8-8138694240cb}]
[-HKEY_CLASSES_ROOT\TypeLib\{c23fa5a4-1fea-419f-8b14-f7465df062bc}]
[-HKEY_CLASSES_ROOT\Typelib\{0923208c-e259-4ed5-a778-cb607da350ad}]
[-HKEY_CLASSES_ROOT\Typelib\{dd1cb2d7-161d-4b84-ae5c-08d3faed894f}]
[-HKEY_CLASSES_ROOT\TypeLib\{9720de03-5820-4059-b4a4-639d5e52bd09}]
[-HKEY_CLASSES_ROOT\Typelib\{45397063-d7d0-47c2-9508-26487608a298}]
[-HKEY_CLASSES_ROOT\Typelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}]
[-HKEY_CLASSES_ROOT\Typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}]
[-HKEY_CLASSES_ROOT\Typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}]
[-HKEY_CLASSES_ROOT\TypeLib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb}]

[-HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51­cff10}]
[-HKEY_CLASSES_ROOT\Interface\{00b77587-be1b-4201-b8e9-09fcf50ab771}]
[-HKEY_CLASSES_ROOT\Interface\{49155dae-c471-40fa-98ee-b2b3cad115ce}]
[-HKEY_CLASSES_ROOT\Interface\{4d783385-0dda-4188-a529-c97dc3d67cbd}]
[-HKEY_CLASSES_ROOT\Interface\{34e29700-0d13-46aa-b9a5-ace68e21a091}]
[-HKEY_CLASSES_ROOT\Interface\{e420a65f-9984-4b8c-9fa9-1ed69d3b0a13}]
[-HKEY_CLASSES_ROOT\Interface\{3661af2d-c27b-499c-9bcf-66c8502a3806}]
[-HKEY_CLASSES_ROOT\Interface\{99123ac9-7dda-4c82-b252-44c2804bf392}]
[-HKEY_CLASSES_ROOT\Interface\{6e10479b-31e8-4a3b-81b1-ddaf39097f19}]
[-HKEY_CLASSES_ROOT\Interface\{1985fce1-4043-4346-ae70-d0a0cd90bdd3}]
[-HKEY_CLASSES_ROOT\Interface\{2b81f920-6660-4f76-93bf-b1c67bf5d1a0}]
[-HKEY_CLASSES_ROOT\Interface\{3f0915b8-b238-4c2d-ad1e-60db1e14d27a}]
[-HKEY_CLASSES_ROOT\Interface\{5a4737a8-b92a-4e54-970e-c2891d98ce3f}]
[-HKEY_CLASSES_ROOT\Interface\{ace99e77-aa2a-43c2-8c9d-caf2020fdf2b}]
[-HKEY_CLASSES_ROOT\Interface\{e0fb1610-b25b-49f6-be20-751b2f230e6f}]
[-HKEY_CLASSES_ROOT\Interface\{ea58c2ea-be26-49dd-9b9a-c8e4e5ca7791}]
[-HKEY_CLASSES_ROOT\Interface\{fca28ac5-c1e1-4d67-a5ae-c44d6c374d9f}]
[-HKEY_CLASSES_ROOT\Interface\{067c6a37-72ea-4437-863a-5be20c246f3c}]
[-HKEY_CLASSES_ROOT\Interface\{1a2af056-1fe1-47ca-993d-5d09d18e674e}]
[-HKEY_CLASSES_ROOT\Interface\{b247f5bf-bd9d-4ecd-8fc1-365f36a1fda1}]
[-HKEY_CLASSES_ROOT\Interface\{bbbfb891-98ae-4678-86f3-bd5a2eed86c9}]
[-HKEY_CLASSES_ROOT\Interface\{1230cf51-6bc4-4a23-b3f1-c7cf0afed619}]
[-HKEY_CLASSES_ROOT\Interface\{2e623b96-b166-4c70-8169-820761794299}]
[-HKEY_CLASSES_ROOT\Interface\{4e8b851b-05b0-4baf-b24d-d0dfe88dded3}]
[-HKEY_CLASSES_ROOT\Interface\{50c3e2b3-4fd7-4cb9-91f9-641a6e6b3689}]
[-HKEY_CLASSES_ROOT\Interface\{62b0b239-f9ac-4a5b-bfae-62c7a23f7627}]
[-HKEY_CLASSES_ROOT\Interface\{726f0ab9-b842-4ae4-90c7-230e233e6a99}]
[-HKEY_CLASSES_ROOT\Interface\{b9cc2b92-5611-453f-8381-8b6f72d9c0b8}]
[-HKEY_CLASSES_ROOT\Interface\{c4543e64-1498-410d-8e72-4744eea99ab9}]
[-HKEY_CLASSES_ROOT\Interface\{397a208b-3d09-4b3e-93e8-ca171886612e}]
[-HKEY_CLASSES_ROOT\Interface\{421745e9-16df-4ee4-a758-d51f939c49cb}]
[-HKEY_CLASSES_ROOT\Interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}]
[-HKEY_CLASSES_ROOT\Interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}]
[-HKEY_CLASSES_ROOT\Interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}]
[-HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6}]
[-HKEY_CLASSES_ROOT\Interface\{8e98faf8-794f-47f9-af90-15305564ed81}]
[-HKEY_CLASSES_ROOT\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}]
[-HKEY_CLASSES_ROOT\Interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}]
[-HKEY_CLASSES_ROOT\Interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}]
[-HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}]
[-HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb}]
[-HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181}]
[-HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e}]
[-HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9}]
[-HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e}]

[-HKEY_CLASSES_ROOT\AppID\{dbf00e12-281c-4dc8-a7ec-1ff45182439b}]
[-HKEY_CLASSES_ROOT\AppID\ZangoSA_df.exe]
[-HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}]
[-HKEY_CLASSES_ROOT\AppID\WeatherOnTray.EXE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab502149-ccf3-3f33-2241-84152b364b18}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{bd937ffe-0352-4fde-88f2-c30d1a9b25cf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE15}]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Products\568267acfc5644dab06f058006ddbae3]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9]

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{93b0fa7b-50f6-41b4-ac7e-612a72ce8c3c}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}]

[-HKEY_CURRENT_USER\SOFTWARE\zangosa]

[-HKEY_LOCAL_MACHINE\SOFTWARE\zango]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{6cfbd76d-7a06-26a5-076f-24c6af0b5257}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{944864a5-3916-46e2-96a9-a2e84f3f1208}"=-

===================================
Upd: September 14, 2008 ( v 1.2.0 )
===================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWay Search Assistant]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4D25F926-B9FE-4682-BF72-8AB8210D6D75}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]

[-HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75}]

===================================
Upd: September 13, 2008 ( v 1.1.9 )
===================================

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll] 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=-

===================================
Upd: September 7, 2008  ( v 1.1.8 )
===================================

Folder : Multi_Media
Folder : Multi_Media_France
Folder : MultiMedia France Toolbar

Firefox Extension : {7009fcd4-05be-44f4-9583-93fe419ab7b0}

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7009fcd4-05be-44f4-9583-93fe419ab7b0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7009fcd4-05be-44f4-9583-93fe419ab7b0}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{7009fcd4-05be-44f4-9583-93fe419ab7b0}"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar]

===================================
Upd: September 4, 2008  ( v 1.1.7 )
===================================

"%Windir%\system32
slFC.dll"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{914f1f82-eab1-874f-1284-6a9136e6d163}]

===================================
Upd: August 30, 2008    ( v 1.1.6 )
===================================

"%Windir%\System32\dmubsi.dll"
"%Windir%\System32\dspvfx.dll"

"%Temp%
s*.tmp"
"%Temp%\whenu.ini"
"%Temp%\banner.bmp"
"%Temp%\VVSNInst.exe"
"%Temp%\730.WUT\whenu.inf"
"%Temp%\730.WUT\vvsn.cab"
"%Temp%\WUS3E.bat"

"%ProgramFiles%\Torrent Search"
"%ProgramFiles%\Torrent-Search"

"%Programs%\Torrent Search"

"%Desktop%\Torrent Search.lnk"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0c7b854-d5ce-4db6-9804-be1438603d89}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24D0D7D2-1D72-4ADA-82DE-AE07910CA084}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D1F87E7-4D72-41AB-9D57-D101A08F20E5}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DAC4A72-BA26-4329-B66E-8D973035B524}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9D5EA38-F5A0-456B-B05B-DFF81FBFEF0F}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{678DB4CC-A041-4565-B49B-3F5ADE9558E3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{78E4BE47-F8C7-405E-87A6-84F4ABAB32EC}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dmubsw.clsdll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HyperTerminal.HyperTerminalExt]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HyperTerminal.HyperTerminalExt.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Torrent Search]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Rasmpc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Torrent Search]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e0c7b854-d5ce-4db6-9804-be1438603d89}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{e0c7b854-d5ce-4db6-9804-be1438603d89}"=-

Folder : AskBarFr

================================
Maj/Upd : 26/08/2008 ( v 1.1.5 )
================================

Folder : Platrium
Folder : PlatriumSA

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B12ACA14-C7FB-44FE-883B-6121FD02BAD3}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Platrium]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D53E4ACF-EDF5-4071-903B-F84B64FC1EA2}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PlatriumWeather"=-
"PlatriumSA"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Platrium]

[-HKEY_CLASSES_ROOT\clsid\{d53e4acf-edf5-4071-903b-f84b64fc1ea2}]
[-HKEY_CLASSES_ROOT\BRNstIE.Stock.1]
[-HKEY_CLASSES_ROOT\BRNstIE.Stock]
[-HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager]
[-HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1]

================================
Maj/Upd : 24/08/2008 ( v 1.1.4 )
================================

Folder : AskPBar

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A94B111-4504-4e26-AB05-E61E474AA38B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4D76F01-7896-458a-890F-E1F05C46069F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F4D76F09-7896-458a-890F-E1F05C46069F}"=-

================================
Maj/Upd : 22/08/2008 ( v 1.1.3 )
================================

Folder : Burn4Free
Folder : Burn4Free CD and DVD

"%Windir%\Burn4Free_Toolbar_Uninstaller_????.exe"
"%Windir%\Prefetch\BURN4FREE_SETUP.EXE*.pf"
"%Windir%\Prefetch\BURN4FREE.EXE*.pf"
"%Windir%\System32\b4fm.dll"
"%Common Desktop%\Burn4Free.lnk"
"%Desktop%\burn4free_setup.exe"
"%Appdata%\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.b4f]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\b4fm.SxContextMenu1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Burn4Free project]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Burn4Free]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Burn4Free Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search settings 1.2]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Burn4Free]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
"{70DE7956-479D-4EB7-8641-2B45774C350E}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}"=-
"{70DE7956-479D-4EB7-8641-2B45774C350E}"=-

[-HKEY_CURRENT_USER\Software\Burn4Free]

[-HKEY_CLASSES_ROOT\CLSID\{D187A56B-A33F-4CBE-9D77-459FC0BAE012}]
[-HKEY_CLASSES_ROOT\CLSID\{4F11ACBB-393F-4C86-A214-FF3D0D155CC3}]
[-HKEY_CLASSES_ROOT\CLSID\{1C311AAA-D8B1-4A0A-BEE5-2387FEC583DA}]
[-HKEY_CLASSES_ROOT\Burn4Free project]
[-HKEY_CLASSES_ROOT\b4fm.SxContextMenu1]
[-HKEY_CLASSES_ROOT\.b4f]

Processus - Burn4Free.exe

================================
Maj/Upd : 21/08/2008 ( v 1.1.2 )
================================

Folder : DAEMON Tools Toolbar
Folder : Bit Lord 1.1
Folder : BitLord
Folder : VVSN

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitLord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BitLord.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\bittorrent]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BitLordUnfinishedFile]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bc!]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BitLord]
[-HKEY_CURRENT_USER\Software\BitLord]

[-HKEY_CLASSES_ROOT\bittorrent]
[-HKEY_CLASSES_ROOT\BitLordUnfinishedFile]
[-HKEY_CLASSES_ROOT\.bc!]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VVSN"=-

Processus - BitLord.exe
Processus - vvsn.exe

================================
Maj/Upd : 20/08/2008 ( v 1.1.1 )
================================

Reset values :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Window Title"=""

================================
Maj/Upd : 19/08/2008 ( v 1.1.0 )
================================

# [Service] MyWebSearchService

Folder : Accoona
Folder : ActiveShopper
Folder : ADS Plugins
Folder : Adssite Advanced Toolbar
Folder : Adssite Games Collection
Folder : Adult-Links
Folder : AdvancedTool
Folder : AltNet
Folder : AntivirusGold
Folder : AskSBar
Folder : AskTBar
Folder : Browser Accelerator
Folder : Browser Optimizer Dcads
Folder : Browser Optimizer Superiorads
Folder : BrowsingAdvisor
Folder : BrowsingEnhancer
Folder : BrowsingProgram
Folder : BrowsingSoftware
Folder : BrowsingTool
Folder : Burn4Free Toolbar
Folder : ContextAdvisor
Folder : ContextEnhancer
Folder : ContextProgram
Folder : ContextTool
Folder : Crawler
Folder : Dcads Advanced Toolbar
Folder : Dcads Games Collection
Folder : Dealio
Folder : DR_S
Folder : dynamic toolbar
Folder : ErrorsTool
Folder : EZshopper
Folder : FastFinder
Folder : FBrowserAdvisor
Folder : FBrowsingAdvisor
Folder : FFTOOLBAR ToolBar
Folder : Flyordie_games
Folder : FunWebProducts
Folder : Fun Web Products
Folder : GamesBar
Folder : Gossiper
Folder : Hbtools
Folder : HbTools_Icons
Folder : Hotbar
Folder : HotbarSA
Folder : INSTAFIN
Folder : INSTAFINK
Folder : Instant Buzz
Folder : IntelligentAdvisor
Folder : InternetProgram
Folder : InternetSoftware
Folder : ISTbar
Folder : IstSvc
Folder : KaZaA
Folder : Kugoo
Folder : live-online-tv
Folder : Mirar
Folder : Morpheus Toolbar
Folder : My Downloaded Games
Folder : MyGlobalSearch
Folder : MyQuickSearch
Folder : MySearch
Folder : MyToolbar
Folder : MyTotalSearch
Folder : Myway
Folder : MyWaySA
Folder : MyWaySearch
Folder : MyWebSearch
Folder : MyWebSearchWB
Folder : PlayMP3z
Folder : NavExcel
Folder : NavExcel Search Toolbar
Folder : NavigationAdvisor
Folder : NavigationEnhancer
Folder : NavigationProgram
Folder : NavigationTool
Folder : Need2Find
Folder : Online_TV_toolbar
Folder : PageRevisor
Folder : PCHealthCenter
Folder : Piolet
Folder : Piolet Toolbar
Folder : Push toolbar
Folder : P2P_Energy
Folder : P2P Networking
Folder : P2P_Torrent
Folder : Rax Search
Folder : RXToolbar
Folder : Sbar Toolbar
Folder : SearchEssistant
Folder : searchessistant toolbar
Folder : SearchSettings
Folder : Search Settings
Folder : Seekmo
Folder : Seekmo Programs
Folder : seekmo search assistant
Folder : ShopNav
Folder : Shopper Report
Folder : ShopperReports
Folder : ShoppingReport
Folder : SideFind
Folder : SLMSS
Folder : Slotchbar
Folder : SmartShopper
Folder : Snrg
Folder : SpamBlockerUtility
Folder : Starware
Folder : Starware305
Folder : Starware316
Folder : Starware343
Folder : Starware347
Folder : Starware354
Folder : Starware370
Folder : Starware390
Folder : StatsTool
Folder : SurfAccuracy
Folder : ToolBar888
Folder : TrustIn Bar
Folder : Try2Find
Folder : UCmore
Folder : VMNToolbar
Folder : VSAdd-in
Folder : VS Toolbar
Folder : WeatherDPA
Folder : WeatherStudio
Folder : WhenU
Folder : WinAble
Folder : Wssclient
Folder : XXXToolbar
Folder : YourSiteBar
Folder : Zango
Folder : 2020Search
Folder : 7Search
Folder : 8848

"%Systemdrive%\dfndr.exe"
"%Systemdrive%\dfndrff_7.exe"
"%Systemdrive%\kybrd.exe"
"%Systemdrive%\kybrdff_7.exe"
"%Systemdrive%
wnm.exe"

"%Windir%\adrsb.exe"
"%Windir%\autolfn.exe"
"%Windir%\azentretien.dll"
"%Windir%\CJet.exe"
"%Windir%\csrss.exe"
"%Windir%\dpvsetup.exe"
"%Windir%\dsndup.exe"
"%Windir%\gxvpsafm.dll"
"%Windir%\iewww.exe"
"%Windir%\iun6002.exe"
"%Windir%\label.exe"
"%Windir%\lasss.exe"
"%Windir%\mdm.exe"
"%Windir%\mmc.exe"
"%Windir%\mshepl.exe"
"%Windir%\mshta.exe"
"%Windir%\mssetup.exe"
"%Windir%\msswchx.exe"
"%Windir%\mstask.exe"
"%Windir%
etdde.exe"
"%Windir%
ne.bin"
"%Windir%
nv.bin"
"%Windir%
nmgr.dat"
"%Windir%
nmgr.exe"
"%Windir%
nmgr.ocx"
"%Windir%
tvdm.exe"
"%Windir%\omi.dll"
"%Windir%\osk.exe"
"%Windir%edirect7.exe"
"%Windir%\sbar.dll"
"%Windir%\sfita.exe"
"%Windir%\smdat32a.sys"
"%Windir%\smdat32m.sys"
"%Windir%\smss.exe"
"%Windir%\spoolsv.exe"
"%Windir%\sptsupd.exe"
"%Windir%\subst.exe"
"%Windir%\svchost.exe"
"%Windir%\SYSfit.exe"
"%Windir%\ups.exe"
"%Windir%\waladhpr.exe"
"%Windir%\w32tm.exe"
"%Windir%\xcopy.exe"

"%Windir%\System\mdc.dll"

"%Windir%\System32\adrot-uninst.exe"
"%Windir%\System32\adrotate.dll"
"%Windir%\System32\adrotate1.dll"
"%Windir%\System32\adspipe.dll"
"%WinDir%\system32\adssite-remove.exe"
"%WinDir%\system32\adssite_sidebar.dll"
"%WinDir%\system32\adssite_sidebar_uninstall.exe"
"%Windir%\System32\adv.dll"
"%Windir%\System32\azesearch4.ocx"
"%Windir%\System32\brrotate.dll"
"%Windir%\System32\ca2.dll"
"%Windir%\System32\cpmrotate.dll"
"%Windir%\System32\czuehf.exe"
"%Windir%\System32\Dcads-remove.exe"
"%WinDir%\system32\dcads_sidebar.dll"
"%WinDir%\system32\dcads_sidebar_uninstall.exe"
"%Windir%\System32\DcadsSocial-uninstall.exe"
"%WinDir%\system32\dcadssuggest.dll"
"%Windir%\System32\eplaceSearch.dll"
"%Windir%\System32\ewxcksr.exe"
"%Windir%\System32\fufudc.exe"
"%Windir%\System32\f3PSSavr.scr"
"%Windir%\System32\globobar.ocx"
"%Windir%\System32\gzmrotate.dll"
"%WinDir%\system32\gzmrt.dll"
"%Windir%\System32\ha3f.exe"
"%Windir%\System32\hookdump.exe"
"%Windir%\System32\HyperLinker3.exe"
"%Windir%\System32\iasad.dll"
"%Windir%\System32\iasada.dll"
"%Windir%\System32\jbhbolcl.exe"
"%Windir%\System32\kcnzrop6.exe"
"%Windir%\System32\lmdv.bin"
"%Windir%\System32\lmf32v.dll"
"%Windir%\System32\mnopdb.exe"
"%Windir%\System32\mwsvm.exe"
"%Windir%\System32\mwsvm.ocx"
"%WinDir%\system32\mysidesearch_sidebar_uninstall.exe"
"%WinDir%\system32\mysidesearch_sidebar.dll"
"%WinDir%\system32
injaext-uninstall.exe"
"%Windir%\System32
odeipproc.dll"
"%Windir%\System32
ss2C.dll"
"%Windir%\System32
slFC.dll"
"%Windir%\System32\otpddpea5.dll"
"%Windir%\System32\PreUninstall.exe"
"%Windir%\System32\PreUninstallFF.exe"
"%Windir%\System32\p2p.exe"
"%Windir%\System32\P2P Networking"
"%Windir%\system32\QaBar.dll"
"%Windir%\system32\QcBar.dll"
"%Windir%\System32a8pv.exe"
"%WinDir%\system32ightonadz-uninst.exe"
"%Windir%\System32\ShowFF.exe"
"%Windir%\System32\SmartShopper"
"%WinDir%\system32\sprt_ads.dll"
"%WinDir%\system32\superiorads-uninst.exe"
"%Windir%\System32\syssfitb.dll"
"%Windir%\System32	bc.dll"
"%Windir%\System32\TopSearch.dll"
"%Windir%\System32	ubby.dll"
"%Windir%\System32\uninst.exe"
"%Windir%\System32\uninst.log"
"%Windir%\System32\uninsticn.exe"
"%Windir%\System32\vtlbar1.dll"
"%Windir%\system32\WinATS.dll"
"%Windir%\System32\WinDmy.dll"
"%Windir%\System32\WinNB*.dll"
"%Windir%\System32\winnook.exe"
"%Windir%\System32\zolk.dll"
"%Windir%\System32\zolker005.dll"
"%Windir%\System32\zolker009.dll"
"%Windir%\System32\zolker010.dll"
"%Windir%\System32\zolker011.dll"
"%Windir%\System32\ztoolb005.dll"
"%Windir%\System32\ztoolb006.dll"
"%Windir%\System32\ztoolb010.dll"
"%Windir%\System32\ztoolber.dll"
"%Windir%\system32\{0936fcf1-60ca-f7bf-5899-d2dbff2fa288}.dll"

"%Windir%\system32\SearchTool
su9F8.dll"
"%Windir%\system32\SearchTool\SearchTool.dll"

"%Windir%\System32\drivers\ csrss.exe"

"%Windir%\System32\Macromed\Flash\FlashPlayerTrust\activeshopper.cfg"

"%Fonts%\acrsec.fon"
"%Fonts%\acrsecB.fon"
"%Fonts%\acrsecI.fon"

"%Windir%\Downloaded Program Files\dotcomtoolbar.asp"
"%Windir%\Downloaded Program Files\hbtools.inf"
"%Windir%\Downloaded Program Files\hotbar.inf"
"%Windir%\Downloaded Program Files\instafin.dll"
"%Windir%\Downloaded Program Files\istactivex.dll"
"%Windir%\Downloaded Program Files\logo.bmp"
"%Windir%\Downloaded Program Files\logo.gif"
"%Windir%\Downloaded Program Files\logo2.gif"
"%Windir%\Downloaded Program Files\MirarSetup.exe"
"%Windir%\Downloaded Program Files\mwsearch.dll"
"%Windir%\Downloaded Program Files\MySearch.CAB"
"%Windir%\Downloaded Program Files
av.bmp"
"%Windir%\Downloaded Program Files
av_hot.bmp"
"%Windir%\Downloaded Program Files	oolbar_nieuw14.dll"
"%Windir%\Downloaded Program Files\ysbactivex.dll"
"%Windir%\downloaded program files\webp2pinstaller.dll"

"%Programfiles%\Internet Explorer\msimg32.dll"
"%programfiles%\internet explorer\setup.exe"

"%Programfiles%\Mozilla Firefox\plugins\NPMyWebS.dll"

"%ProgramFiles%\MSN Messenger\msimg32.dll"
"%ProgramFiles%\MSN Messengeriched20.dll"

"%ProgramFiles%\ieshnv.ini"
"%ProgramFiles%\ieshnv.bmp"
"%ProgramFiles%\ieshnv.dat"
"%ProgramFiles%\ieshnv.lng"

"%Temp%\ASearchAssist.dll"
"%Temp%\ICD1.tmp"
"%Temp%\ISTbar.dll"
"%Temp%\is-B3DFI.tmp"
"%Temp%\mc*.tmp"
"%Temp%\mit3.tmp"
"%Temp%\mit3.tmp.cab"
"%Temp%\TBQuiesceKB.exe"
"%Temp%\sidefind.exe"
"%Temp%\s11k..exe"
"%Temp%	em*.tmp.exe"
"%Temp%\11-9df8e247b1ab6e4ea9303b15294a3428.exe"
"%Temp%\875455-NOSB.exe"

"%Temp%\Random_Folder\Toolbar.exe"

"%Personal%\work7\load03.exe"
"%Personal%\work7\loadppc.exe"

"%Startup%\MyTotalSearch Email Plugin.lnk"
"%Startup%\MyWebSearch Email Plugin.lnk"

"%Desktop%\atoolbar200002.exe"
"%Desktop%\DealioKit127.exe"
"%Desktop%\m00.exe"
"%Desktop%\SetupActiv.exe"
"%Desktop%\sportsinteraction.com - bet on sports!.lnk"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E552EEFC-DE97-45D4-BA1A-F534A1B4A579}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04011C11-2F3B-44ed-977C-270CA669C6B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E677221-E309-4341-81BD-3CC3018BF5B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C4ECE5C-7CB8-36C5-6F3B-D414CE8F8E22}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1E58A84-95B3-4630-B8C2-D06B77B7A0FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26E45419-7205-4fac-BBFE-174BC7337A79}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{971C3384-F75E-4562-95B3-CBE7417529BC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10F3E8BD-257A-4702-A2F5-DC02055B068C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C8A568E-4201-478a-8536-526CF371D2E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB71E94E-3DC4-41eb-BBD5-31E82C9FD1D4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D9362F8-77D8-4b29-97B5-621D550890C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D80C4E21-C346-4E21-8E64-20746AA20AEB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E60A8FF7-B9B4-8ABC-10E8-10F2461DFA50}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{391C0909-C026-3B63-FFDB-93FFF4E81675}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D93B3CA5-6552-0DAA-353B-FB9D4F20B168}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B8AE75C-A139-558A-AB5B-5F07BC2FD566}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5bf48cbf-6ca5-495a-c3f9-0574983d4eb2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14b3d246-6274-40b5-8d50-6c2ade2ab29b}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ADBCCE8-CF84-441E-9B38-AFC7A19C06A4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{2a8a997f-bb9f-48f6-aa2b-2762d50f9289}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36A91CEC-6C71-4758-B492-397BFC8E96A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4035DE1B-D54A-411E-9EE7-923295D2E86E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45A4902E-4479-4EAE-A186-8D0F7E4C78DE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-86FF-FD60BB9AAE3B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ed7d3de-6dbe-4516-8712-01b1b64b7057}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ABBD91B-0215-2FE1-7A7E-753F05B40CB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CFEE306-E014-48A4-876D-06FF09EBB0F3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ED7D3DE-6DBE-4516-8712-436325722327}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A6E50DC-BFA8-4B40-AB1B-159E03E829FD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7475D3FD-5D85-49DB-8B9B-6968467B2D80}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74CC49F7-EB32-4A08-B204-948962A6E3DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{753B9349-7E46-4E5C-A27F-A60A6BF1EAB5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{832BEBED-C3DA-4534-A2C2-B2FFF220C820}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87E68009-29A8-D669-F7C2-B31D08635C50}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EAC0102-5E61-2312-BC2D-4D54434D5443}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9EAC0102-5E61-2312-BC2D-76746C56544C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF7E9EBB-E1CF-7F7C-C608-13185698F3E9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5F3970B-745E-46AC-B890-E08F69777D80}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B886C1F4-D1D3-45F5-F45E-75EB024320AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0661233-42D4-F7F1-80E1-8A9E0E99E71D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6FC35D1-04AB-4D40-94CF-2E5AE4D0F8D2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4D1D56C-3EC9-2F5D-FAA3-4112CCDD61DC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E82E0739-0AAE-4E99-9052-B40F7DABFA34}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1E96EDC-E0C8-BE98-1F15-C29DBED83B53}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f65b197f-8260-4d52-909a-f70118e646eb}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8EACE56-0AF4-3AE3-6EF8-F8CC39675729}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2BA1C226-EC1B-4471-A65F-D0688AC6EE3A}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-C0FF-FD7FF4D5FA7D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{E552EEFC-DE97-45D4-BA1A-F534A1B4A579}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4e7bd74f-2b8d-46a1-83b8-bd2ae6d9fa2e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F17C005-7BF0-4f13-8473-F3C3D2619DBD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDDF3383-EC5F-49DF-A8B6-CEC2D8F6164C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4c01-93F5-673BCA03DA86}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a52­3-4961-b6bb-170de4475cca}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-957­1-4d7b-9389-0f166788785a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c­1-4c29-bc2b-68e057e22340}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c­9-499c-a11f-23c360d7c3f8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73­b-42d5-8c85-4469cda897ab}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b47­2-4954-b7aa-33069eb53906}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45­b-4458-8b3b-60c69bbbd83c}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7b­b-4f24-ae82-7e2ce94bb6a9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b03­0-46fc-94b8-81276e4e27df}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-907­5-4a65-98a6-19fd29cf7374}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-569­7-4fbd-94e5-5b2a9c7c1612}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0566A191-D675-4911-9C7E-50EDBEF90F32}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5F1ABCDB-A875-46C1-8345-B72A4567E483}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CODE Store Database\Distribution Units\{BFA03761-5565-41b3-93D9-82B354C0A8EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79B96C72-C0D0-4DC8-BC7E-9F314A918228}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C109664B-CEB1-420B-B353-D55A561536DD}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{119DBEDA-9c41-4F97-94B4-B6BCD01133CF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{88E50F1D-4790-4C6B-BEE3-D54E46B6EEF6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{066040F0-5018-4E15-8AA0-81D36136D989}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{BFA03761-5565-41b3-93D9-82B354C0A8EC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E908B145-C847-4e85-B315-07E2E70DECF8}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{3EA5C408-2437-4c40-ADAC-DFDA9AEEEA96}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{9CB65206-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Mi

loloetseb · Answer

dessole sa recommence des que je pais se sur RunThis sa fairme

As tu fais ca ,ci dessous avant de le dezipper?

Télécharge SDFix d' AndyManchesta (avant de dézipper le dossier,renommes le sd-fix)

satune · Answer

oui je les fait mes sa continus

loloetseb · Answer

Télécharge FindyKill sur ton bureau : 

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe 

Renommes le killbagle

--> Lance l'installation avec les paramètres par defaut 

--> Double-clique sur le raccourci killbagle sur ton bureau 

--> Au menu principal, choisis l'option 1 (Recherche) 

--> Poste le rapport FindyKill.txt 
 
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.

satune · Answer

sa dis version non supportee !!
findykill ne peut continuer a s,executer..
appuyez sur une touche pour quitter findykill.

loloetseb · Answer

Ah ben ,tu as un vieux coucou aussi qui doit être bourré d'infection.Je dois partir ,je reviens vers 18h,on fera d'autres procedures.Je vais me renseigner afin de voir si findykill est compatible avec windows,ou si c'est l'infection qui te bloque le programme. En attendant: Telecharge GENPROC Ouvre ce lien d'aide < < http://www.alt-shift-return.org/Info/GenProc-HowTo.html > , et le téléchargement est dedans < http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip > repond oui à la question à la fin et poste le rapport stp

satune · Answer

jais seul ment Windows 2000 si sa peut aide

loloetseb · Answer

As tu pu faire genproc?

satune · Answer

ses marque error: the target system must be running windows xp or above
error: the target system must be running windows xp or above
error: the target system must be running windows xp or above

loloetseb · Answer

Ok gen proc est aussi pour windows xp.On va avoir du mal a se battre avec des virus du 21 eme siecle et des logiciels du 20 eme.Je regarde les prog qui marchent avec windows 2000

satune · Answer

alors tu las trouvez oui ou non ?????????????????????????????????????????????????????????????????????????????????????????????????????????

loloetseb · Answer

Je m'en occuppe demain,j'ai pas eu le temps ce soir,je pars me coucher la.Je te dis quoi demain

Bonne fin de soirée

satune · Answer

alor ??????????????????/??????????????????????????????????????????????????

loloetseb · Answer

Supprimes ce que tu as en quarantaine dans malwarebytes

Je te conseille deja de remplacer avast par antivir

Telecharges  antivir

http://www.commentcamarche.net/telecharger/telecharger 55 antivir

Tutorial antivir

http://www.libellules.ch/tuto_antivir.php

Deconnectes toi d'internet

Ensuite,Desactives la protection residente d'avast ,vas dans le panneau desinstaller,supprimes avast.

Ensuite installes antivir

Fais la mise a jour et lances un scan complet,postes moi le rapport

loloetseb · Answer

Ensuite telecharges superantispyware,fais un scan complet apres mise a jour et postes moi le rapport

http://www.commentcamarche.net/telecharger/telecharger 34055294 superantispyware

satune · Answer

ok je fait mais inutile d insiste je ne peux pas désinstaller avast parce-que mon père ne veux pas

satune · Answer

OK
le vois si 
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 02/07/2009 at 07:04 PM

Application Version : 4.25.1012

Core Rules Database Version : 3746
Trace Rules Database Version: 1714

Scan type       : Complete Scan
Total Scan Time : 01:49:29

Memory items scanned      : 275
Memory threats detected   : 0
Registry items scanned    : 2841
Registry threats detected : 88
File items scanned        : 34908
File threats detected     : 13

Adware.Vundo Variant
	HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6C23AB0C-0244-4B01-8253-BEE724D0D2EC}

Adware.Zango/ShoppingReport
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\InprocServer32
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\InprocServer32#ThreadingModel
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\ProgID
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\Programmable
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\TypeLib
	HKCR\CLSID\{2D00AA2A-69EF-487a-8A40-B3E27F07C91E}\VersionIndependentProgID
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\InprocServer32
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\InprocServer32#ThreadingModel
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\ProgID
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\Programmable
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\TypeLib
	HKCR\CLSID\{3788E535-897B-463d-B6D6-FEE5B86EC144}\VersionIndependentProgID
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Control
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\InprocServer32
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\InprocServer32#ThreadingModel
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\MiscStatus
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\MiscStatus\1
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\ProgID
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Programmable
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\TypeLib
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\Version
	HKCR\CLSID\{62906E60-BCE2-4E1B-9ED0-8B9042EE15E4}\VersionIndependentProgID
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\InprocServer32
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\InprocServer32#ThreadingModel
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\ProgID
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\Programmable
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\TypeLib
	HKCR\CLSID\{69725738-CD68-4F36-8D02-8C43722EE5DA}\VersionIndependentProgID
	HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}
	HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\ProgID
	HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\Programmable
	HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\TypeLib
	HKCR\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA}\VersionIndependentProgID
	HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}
	HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\InprocServer32
	HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\InprocServer32#ThreadingModel
	HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\ProgID
	HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\TypeLib
	HKCR\CLSID\{86C5840B-80C4-4C30-A655-37344A542009}\VersionIndependentProgID
	HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}
	HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\ProgID
	HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\Programmable
	HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\TypeLib
	HKCR\CLSID\{9473559B-50FC-4A8A-829B-E152E8D6A307}\VersionIndependentProgID
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Control
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\InprocServer32#ThreadingModel
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\ProgID
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\Programmable
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\TypeLib
	HKCR\CLSID\{A5B6FA30-D317-41CA-9CB1-C898D3C7F34E}\VersionIndependentProgID
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\InprocServer32#ThreadingModel
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\ProgID
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\Programmable
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\TypeLib
	HKCR\CLSID\{CC19A5F2-B4AD-41D5-A5C9-0680904C1483}\VersionIndependentProgID
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\Control
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\InprocServer32
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\InprocServer32#ThreadingModel
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\MiscStatus
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\MiscStatus\1
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\ProgID
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\Programmable
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\TypeLib
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\Version
	HKCR\CLSID\{D3F940EA-4E87-423b-9091-934E1E4FCEAE}\VersionIndependentProgID
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\InprocServer32
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\InprocServer32#ThreadingModel
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\ProgID
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\Programmable
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\TypeLib
	HKCR\CLSID\{F9BFA98D-9935-4EA4-A05A-72C7F0778F02}\VersionIndependentProgID

Rogue.Component/Trace
	HKLM\Software\Microsoft\F8A3981F
	HKLM\Software\Microsoft\F8A3981F#f8a3981f
	HKLM\Software\Microsoft\F8A3981F#Version
	HKLM\Software\Microsoft\F8A3981F#f8a3359f
	HKLM\Software\Microsoft\F8A3981F#f8a35c7a
	HKU\S-1-5-21-1220945662-1993962763-725345543-500\Software\Microsoft\FIAS4018

Adware.Tracking Cookie
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@adtrafficdriver[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@adultcomix[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@clicks.smartbizsearch[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@hentaicounter[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@porncomicbook[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@teen-titans.cartoonpornguide[2].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@topsexart[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@www.aro-traffic[1].txt
	C:\Documents and Settings\jean-luc\Cookies\jean-luc@www.sex-cartoons[1].txt

Rootkit.TDSServ-Trace
	C:\WINDOWS\SYSTEM32\TDSSINIT.DLL
	C:\WINDOWS\SYSTEM32\TDSSSERVERS.DAT

Trace.Known Threat Sources
	C:\Documents and Settings\jean-luc\Local Settings\Temporary Internet Files\Content.IE5\SPBAGDDS\checkVersion[1].htm
	C:\Documents and Settings\jean-luc\Local Settings\Temporary Internet Files\Content.IE5\WLDQGC0B\checkVersion[1].htm

loloetseb · Answer

Ah ben tu as la totale la ,du trojan vundo,du rogue,du rootkit tds,la totale.Tu n'as pas laissé terminer le scan superantispyware,a la fin du scan tu dois faire suivant pour mettre toutes les infections en quarantaine,car la les malwares sont encore actifs.Donc je te conseille de refaire un scan complet et de tout mettre en quarantaine.

C'est sur qu'avec tout ca ton ordianteur doit pas tres bien marché.

Ensuite,je te reedite ma suggestion de remplacer avast par antivir et de faire un scan complet en cochant dans la configuration ,detection de rookit au demarrage.Postes moi le rapport

satune · Answer

dessole rapport trot long

loloetseb · Answer

C'est quel rapport qui est trop long?

As tu refais superantispyware complet en terminant le processus et en mettant totu en quarantaine?

satune · Answer

Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 8 février 2009  11:20

La recherche porte sur 1323954 souches de virus.

Détenteur de la licence :Avira AntiVir PersonalEdition Classic
Numéro de série : 0000149996-ADJIE-0001
Plateforme :      Windows 2000
Version de Windows :(Service Pack 4)  [5.0.2195]
Mode Boot :       Démarré normalement
Identifiant :     SYSTEM
Nom de l'ordinateur :0DE6QUZNY46XM38

Informations de version :
BUILD.DAT     : 8.2.0.52       16931 Bytes  02/12/2008 14:55:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  18/11/2008 14:21:00
AVSCAN.DLL    : 8.1.4.1        49921 Bytes  21/07/2008 19:44:27
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 18:44:16
LUKERES.DLL   : 8.1.4.0        13057 Bytes  04/07/2008 13:30:27
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27/10/2008 17:30:36
ANTIVIR1.VDF  : 7.1.1.113    2817536 Bytes  14/01/2009 22:01:27
ANTIVIR2.VDF  : 7.1.1.240    1659904 Bytes  07/02/2009 22:01:40
ANTIVIR3.VDF  : 7.1.1.241       2048 Bytes  07/02/2009 22:01:41
Version du moteur: 8.2.0.76  
AEVDF.DLL     : 8.1.1.0       106868 Bytes  07/02/2009 22:01:59
AESCRIPT.DLL  : 8.1.1.43      344442 Bytes  07/02/2009 22:01:58
AESCN.DLL     : 8.1.1.6       127348 Bytes  07/02/2009 22:01:56
AERDL.DLL     : 8.1.1.3       438645 Bytes  04/11/2008 19:58:38
AEPACK.DLL    : 8.1.3.8       397684 Bytes  07/02/2009 22:01:55
AEOFFICE.DLL  : 8.1.0.33      196987 Bytes  07/02/2009 22:01:53
AEHEUR.DLL    : 8.1.0.90     1573237 Bytes  07/02/2009 22:01:52
AEHELP.DLL    : 8.1.2.0       119159 Bytes  07/02/2009 22:01:46
AEGEN.DLL     : 8.1.1.14      332148 Bytes  07/02/2009 22:01:45
AEEMU.DLL     : 8.1.0.9       393588 Bytes  14/10/2008 16:05:56
AECORE.DLL    : 8.1.6.4       176501 Bytes  07/02/2009 22:01:43
AEBB.DLL      : 8.1.0.3        53618 Bytes  14/10/2008 16:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 14:40:02
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 15:27:58
AVREP.DLL     : 8.0.0.2        98344 Bytes  31/07/2008 18:02:15
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 17:26:37
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 14:29:19
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 18:27:46
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 23:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 18:49:36
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 18:05:07
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  04/07/2008 13:23:16
RCTEXT.DLL    : 8.0.52.1       86273 Bytes  17/07/2008 16:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: C:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: élevé
Action principale................: quarantaine
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, 
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Tous les fichiers
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Types d'archives divergents......: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Heuristique de macrovirus........: marche
Heuristique fichier..............: élevé
Catégories de dangers divergentes: +APPL,+GAME,+JOKE,+PCK,+SPR,
Paramètres étendus de recherche..: 0x00001000

Début de la recherche : dimanche 8 février 2009  11:20

La recherche d'objets cachés commence.
Erreur dans la bibliothèque ARK

Fin de la recherche : dimanche 8 février 2009  12:17
Temps nécessaire: 57:25 Minute(s)

La recherche a été effectuée intégralement

   6456 Les répertoires ont été contrôlés
 354832 Des fichiers ont été contrôlés
      0 Des virus ou programmes indésirables ont été trouvés
      0 Des fichiers ont été classés comme suspects
      0 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
      0 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
     15 Impossible de contrôler des fichiers
 354817 Fichiers non infectés
   2240 Les archives ont été contrôlées
     33 Avertissements
      7 Consignes
  45330 Des objets ont été contrôlés lors du Rootkitscan
      0 Des objets cachés ont été trouvés

loloetseb · Answer

As tu refais superantispyware complet en terminant le processus et en mettant tout en quarantaine?

satune · Answer

oui

loloetseb · Answer

1/ Supprimes tout ce que tu as en quarantaine dans l'antivirus et dans superantispyware

2/Nettoies tes fichiers temporaires et repares ton registre



===================== CCLEANER ======================== 
Pour le petit coup de polish. 
• Appliquer la procédure ci-dessous. 
• l'outil pourra être conservé pour faire le ménage de temps en temps en appliquant la même procédure. 

• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo. 
• Fermer toutes les applications 
• Lancer CCLeaner 
S'il n'est pas en Français cliquer sur Options, Setting, Language et sélectionner Français 
• cocher dans le menu Nettoyeur - onglet Windows : 
Internet Explorer: Fichiers Internet Temporaires, Cookies 
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers 
• Avancé: Vieilles données du Prefetch 
• Décocher dans le menu Options - sous-menu Avancé : 
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures 
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java 
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications : 
Firefox/Mozilla: Cache Internet, Cookies 
• Click sur Analyse 
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur. 
• Click sur Registre 
• Sélectionner tout 
• Click sur Chercher des erreurs (En bas) 

Une fois le scan terminé sélectionner tout 
• Click sur Réparer les erreurs sélectionnées

loloetseb · Answer

Supprimes ausssi tout ce qui est en quarantaine dans malwarebytes

satune · Answer

savaitu que javais CCleaner. avent davoir avast

loloetseb · Answer

1/Supprimes ce que tu as en quarantaine dans ton antivirus et dans tes antispywares.

2/ Relances un scan rapide avec superantispyware et postes moi le rapport

3/ Relances un scan complet avec antivir et postes moi le rapport

loloetseb · Answer

Fais plutot un scan complet avec superantispyware,cliques sur suivant pour mettre les fichiers en quarantaine. et postes moi le rapport

satune · Answer

aloooooooooooo  ece que tes la ????????????????????????????????????????????????????????????????????????????????????

loloetseb · Answer

Oui je suis la.Tu as reformaté finalement.Bon c'est dommage

satune · Answer

je sais mais j avais un virus niveau 10  que les antivirus navais pas détecte 
et maitenen avec laide que tu me de né et les antivirus je se rais mieux 
protégé de pleu jais maitenen Windows xp

loloetseb · Answer

Bon ben bon sur alors et fais gaffe aux verrolles!!!

Virus inconus aidemois

47 réponses

Discussions similaires