Infectées par Heur.trojan.generic Aide S'il vous plaît

**ruffryder2k7** · #1 21 octobre 2008, 10:48

hasnt mon ordinateur au travail a eu un bon anti virus et après que j'ai installé kaspersky il a constaté que mon lsass.exe \ qoMghecb.dll fichiers sont infectés par le virus heur.trojan.generic. Il n'y a pas d'info à ce sujet sur la plupart des sites Web sur le virus ou comment l'enlever. Quelqu'un peut-il s'il vous plaît aidez-moi?

**Hybr! D** · #2 21 octobre 2008, 10:49

http://www.computer-juice.com/forums...-posting-7476/

Suivez le guide, installez le logiciel gratuit et d'après les fichiers de log.

Ensuite, le malware équipe peut voir ce qui cloche dans votre système.

**ruffryder2k7** · #3 27 octobre 2008, 08:58

OK, voici les scans de ce détournement, les logiciels espions super, et les logiciels malveillants, respectivement

Logfile de Trend Micro HijackThis v2.0.2
Scan saved at 11:48:36, le 10/27/2008
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Fichiers communs \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Western Union \ Universal-Release \ Translink.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O8 - Extra du menu contextuel: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Control) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab
O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text / html - (59610584-CC18-436f-B031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ hk.dll kloe dwolhm.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
End of file - 6163 bytes

**ruffryder2k7** · #4 27 octobre 2008, 08:58

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Généré le 10/23/2008 à 11h31

Application Version: 4.21.1004

Core Rules Database Version: 3606
Trace Rules Database Version: 1592

Scan type: Complete Scan
Total Scan Time: 00:36:11

Articles scannés Mémoire: 460
Mémoire menaces détectées: 3
Registre éléments numérisés: 5191
Registre des menaces détectées: 385
Dossier documents numérisés: 37221
Menaces fichier détecté: 260

Trojan.Downloader-NewJuan/VM
C: \ WINDOWS \ system32 \ SZNQNJ.DLL
C: \ WINDOWS \ system32 \ SZNQNJ.DLL

Trojan.Vundo-Variant/Small-GEN
C: \ WINDOWS \ system32 \ RQRIJAST.DLL
C: \ WINDOWS \ system32 \ RQRIJAST.DLL

Adware.Vundo Variante / résident
C: \ WINDOWS \ system32 \ QOMGHECB.DLL
C: \ WINDOWS \ system32 \ QOMGHECB.DLL

Trojan.Vundo-Variant/NextGen
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (14F3A19A-1552-46C1-A1C8-A2179A397038)
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038)
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32
HKCR \ CLSID \ (14F3A19A-1552-46C1-A1C8-A2179A397038) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32
HKCR \ CLSID \ (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4) \ InprocServer32 # ThreadingModel
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ ShellExecuteHooks # (9AD7FC7F-1FE1-4414-9AC5-EC51457528E4)
Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqRiJAst

Trojan.Vundo-Variant/NextGen-Six
HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Exp lorer \ Browser Helper Objects \ (f904655c-8a31-4df9-be6d-8b5cb123d208)
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208)
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32
HKCR \ CLSID \ (F904655C-8A31-4DF9-BE6D-8B5CB123D208) \ InprocServer32 # ThreadingModel
C: \ WINDOWS \ system32 \ PNSWWF.DLL

Trojan.Smitfraud Variante / IE Anti-Spyware
HKLM \ Software \ Microsoft \ Internet Explorer \ Extensions \ (9034A523-D068-4BE8-A284-9DF278BE776E)

Adware.Tracking Cookie
C: \ Documents and Settings \ Lifeline \ Cookies \ drevolver lifeline@dynamic.media.a [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ html [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ advertising [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline chitika [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@server.iad.live personne [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline linksynergy [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ questionmarket [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ u lifeline@trvlnet.adburea [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Slive lifeline@statse.webtrend [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ atdmt [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline specificclick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@iacas.adbureau [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ k lifeline@citi.bridgetrac [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ IA lifeline@banners.andomed [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ serving-sys [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline trafficmp [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.addynamix [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ zedo [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.pointroll [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@glb.adtechus [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline interclick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hyundaiusa.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.ntsserve [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.shopica [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 60960915 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline Bluestreak [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline roiservice [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline superrewards [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ atdmt [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline trackalyzer [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline TACODA [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@sparknetworks.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ media collective [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline atwola [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 35668663 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ r lifeline@web4.realtracke [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline checkingsaccoun tsfree [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@track.bestbuy [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.as4x.tmcs [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adbrite [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-spyderactivesportinc.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline media6degrees [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ doubleclick [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@edge.ru4 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ casalemedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline recettes [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homeaway.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline insightexpressa i [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 2O7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Tor lifeline@adserver.adreac [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ CES lifeline@media.mtvnservi [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline adinterax [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tremor.adbureau [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lécher lifeline@optimize.indiec [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline ValueClick [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 44153975 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ RY lifeline@www.travelcount [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@media.adrevolve r [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hearstugo.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ s'il vous plaît [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-hollywoodmedia.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline waterfrontmedia .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anat.tacoda [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@snapfish.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cnn [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.bridgetrack [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline NexTag [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@data.coremetric s [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline burstnet [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline azjmp [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 247realmedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ tradedoubler [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ cgi-bin [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-dig.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline adrevolver [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@anad.tacoda [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ pro-marché [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1com.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline adrevolver [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ realmedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viavh1comdev.11 2.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wdl4umcjogo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lécher lifeline@adopt.specificc [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ statcounter [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@rm.yieldmanager [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ overture [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline revsci [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 27467505 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@extrovert.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ dmax lifeline@tracking.keywor [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ tribalfusion [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline Mediaplex [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@richmedia.yahoo [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline apmebf [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@at.atwola [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.calorie-count [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1071868927 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ gadget [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.mynetfinder [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline adlegend [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline kontera [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline arrière-pays [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline SPD0478 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ mon-calorie-counter [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.polygonelit e [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@mlarmani.122.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.o2 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@aerlingus.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.widgetbucks [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ au lifeline@prospect.adbure [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@wunderloop.zano x [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ seo lifeline@tracking.fathom [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline valeantpharmace uticals.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1072676049 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@pai.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@shopping.112.2o 7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.cheapflight s [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stampscom.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 27814325 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ordie.adbureau [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ sortie lifeline@www.backcountry [3]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ sortie lifeline@www.backcountry [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 60960915 [3]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ corp lifeline@ads.mediamayhem [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ nters lifeline@counter.surfcou [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@msnportal.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ ntent lifeline@ad.associatedco [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@hit.stat [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@e-2dj6wjnyekc5ogo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline showit [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 41586732 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.foundr Y42 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.scribefire [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1070515056 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline BizRate [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-homesandland.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@homestore.122.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@te.kontera [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@perf.overture [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@redirect.clicks hield [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline HyperTracker [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1069204868 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1070848910 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ joyforouryouth bouée de sauvetage. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ n lifeline@sales.liveperso [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline ADTECH [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1070932382 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.backcountry [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@warnerbros.112. 2O7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@zbox.zanox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1068787440 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-officeworld.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-warnerbrothers.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline directtrack [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline microsoftwindow s.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline qnsr [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline media303 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline LPneimanmarcus [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-foxsports.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline calorie-count [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lieu lifeline@bridge.admarket [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ nous lifeline@adserver.adtech [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viacom.adbureau [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@healthgrades.11 2.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ford.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline partner2profit [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline backcountryoutl et [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viator.122.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstnet [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@blackstone.122. 2O7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ssm.directtrack [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline yadro [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline yieldmanager [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yoyo [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline mediapromoter [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline coiffe [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline e.directtrack angleinteractiv [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@amazonbebe.122. 2O7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline Clickbooth [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ sharewellgroup bouée de sauvetage. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-guess.hitbox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.quixsurf [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1068951109 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline socialmedia [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline adtrafficdriver [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline pcvirusremover2 008 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@login.tracking1 01 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.burstbeacon [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline efashionsolutio ns.122.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline polygonelite [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.penis.com [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@stat.dealtime [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline clicktorrent [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 56294818 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ au lifeline@sixapart.adbure [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@kaboose.112.2o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-groupernetworks.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@afe.specificcli ck [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ renforcer la ligne de vie [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ au lifeline@videoegg.adbure [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@208.122.40 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline Eyewonder [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline hornymatches [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ adserver [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@adserver.easyad [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 33069911 [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline specificmedia [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ mo-médias [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@test.coremetric s [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ k lifeline@counter.hitslin [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.zanox [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.monster [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ s'il vous plaît [3]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findgift [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline pricesexposed [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline shopica [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline wmvmedialease [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1052094474 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline watchmyclicks [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ads.ovguide [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ crackle [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ehg-advertisementbv.hitbox [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline scanner rapide [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 1066497271 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ eatingwives lifeline@clickz.lonelych [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ 76226072 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@tracking.novem [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@viamtvcom.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@www.findit-quick [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ @ Lifeline comptes [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.adocean [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ lifeline@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ quisition lifeline@media.licenseac [2]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ serving-sys [1]. Txt
C: \ Documents and Settings \ Lifeline \ Cookies \ Lifeline @ webstats [1]. Txt
C: \ Documents and Settings \ LocalService \ Cookies \ system @ 2o7 [1]. Txt

CommonName Barre d'outils / Browser Helper Object
HKCR \ CLSID \ (00000000-0000-0000-0000-000000000000)

Trojan.MalwareWipe
HKCR \ AppID \ (70F17C8C-1744-41B6-9d07-575DB448DCC5)

Malware.AntiVirusGolden
HKCR \ Cerberus.EngineListener
HKCR \ Cerberus.EngineListener \ CLSID
HKCR \ Cerberus.EngineListener \ CurVer
HKCR \ Cerberus.EngineListener.1
HKCR \ Cerberus.EngineListener.1 \ CLSID
HKCR \ Cerberus.Scanner
HKCR \ Cerberus.Scanner \ CLSID
HKCR \ Cerberus.Scanner \ CurVer
HKCR \ Cerberus.Scanner.1
HKCR \ Cerberus.Scanner.1 \ CLSID
HKCR \ Cerberus.ThreatCollection
HKCR \ Cerberus.ThreatCollection \ CLSID
HKCR \ Cerberus.ThreatCollection \ CurVer
HKCR \ Cerberus.ThreatCollection.1
HKCR \ Cerberus.ThreatCollection.1 \ CLSID
HKCR \ Engine.Backup
HKCR \ Engine.Backup \ CLSID
HKCR \ Engine.Backup \ CurVer
HKCR \ Engine.Backup.1
HKCR \ Engine.Backup.1 \ CLSID
HKCR \ Engine.IgnoreList
HKCR \ Engine.IgnoreList \ CLSID
HKCR \ Engine.IgnoreList \ CurVer
HKCR \ Engine.IgnoreList.1
HKCR \ Engine.IgnoreList.1 \ CLSID
HKCR \ Engine.Log
HKCR \ Engine.Log \ CLSID
HKCR \ Engine.Log \ CurVer
HKCR \ Engine.Log.1
HKCR \ Engine.Log.1 \ CLSID
HKCR \ Engine.LogRecord
HKCR \ Engine.LogRecord \ CLSID
HKCR \ Engine.LogRecord \ CurVer
HKCR \ Engine.LogRecord.1
HKCR \ Engine.LogRecord.1 \ CLSID
HKCR \ Engine.Paths
HKCR \ Engine.Paths \ CLSID
HKCR \ Engine.Paths \ CurVer
HKCR \ Engine.Paths.1
HKCR \ Engine.Paths.1 \ CLSID
HKCR \ Engine.Quarantine
HKCR \ Engine.Quarantine \ CLSID
HKCR \ Engine.Quarantine \ CurVer
HKCR \ Engine.Quarantine.1
HKCR \ Engine.Quarantine.1 \ CLSID
HKCR \ Engine.RunAs
HKCR \ Engine.RunAs \ CLSID
HKCR \ Engine.RunAs \ CurVer
HKCR \ Engine.RunAs.1
HKCR \ Engine.RunAs.1 \ CLSID
HKCR \ Engine.SearchItem
HKCR \ Engine.SearchItem \ CLSID
HKCR \ Engine.SearchItem \ CurVer
HKCR \ Engine.SearchItem.1
HKCR \ Engine.SearchItem.1 \ CLSID
HKCR \ Engine.Threat
HKCR \ Engine.Threat \ CLSID
HKCR \ Engine.Threat \ CurVer
HKCR \ Engine.Threat.1
HKCR \ Engine.Threat.1 \ CLSID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1)
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) # AppID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ ProgID
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ Programmable
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ TypeLib
HKCR \ CLSID \ (020B1227-417D-4682-9AC3-61F43CB5B6B1) \ VersionIndependentProgID
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A)
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) # AppID
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) \ LocalServer32
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) \ ProgID
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) \ Programmable
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) \ TypeLib
HKCR \ CLSID \ (125494B2-ACAD-414C-98B9-452F3EF7703A) \ VersionIndependentProgID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C)
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) # AppID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ ProgID
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ Programmable
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ TypeLib
HKCR \ CLSID \ (20A3D913-30EF-4e69-B3F7-93B3F1FB9D5C) \ VersionIndependentProgID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C)
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) # AppID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ ProgID
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ TypeLib
HKCR \ CLSID \ (3D00A39C-655B-428b-AEB2-2FBA03DCC49C) \ VersionIndependentProgID
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC)
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC) # AppID
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC) \ LocalServer32
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC) \ ProgID
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC) \ TypeLib
HKCR \ CLSID \ (408F660A-9465-44A3-B557-8709DFD992BC) \ VersionIndependentProgID
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE)
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE) # AppID
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE) \ LocalServer32
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE) \ ProgID
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE) \ TypeLib
HKCR \ CLSID \ (5F6BBD8A-18Cf-4D55-8B4C-C9B4C9328DFE) \ VersionIndependentProgID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A)
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) # AppID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ ProgID
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ TypeLib
HKCR \ CLSID \ (8C56B6CE-C53F-44c4-9BDC-A9BC1711D05A) \ VersionIndependentProgID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E)
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) # AppID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ ProgID
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ TypeLib
HKCR \ CLSID \ (8EE6BF73-B370-4d13-9126-EB0071178F2E) \ VersionIndependentProgID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38)
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) # AppID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) \ LocalServer32
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) \ ProgID
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) \ Programmable
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) \ TypeLib
HKCR \ CLSID \ (97F56E12-C706-4aeb-9ffb-133C05EE5D38) \ VersionIndependentProgID
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988)
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988) # AppID
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988) \ LocalServer32
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988) \ ProgID
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988) \ TypeLib
HKCR \ CLSID \ (9BB7E700-4e48-476d-B75C-6F47606BE988) \ VersionIndependentProgID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535)
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) # AppID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ LocalServer32
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ ProgID
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ Programmable
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ TypeLib
HKCR \ CLSID \ (CBCACA58-1AEE-4600-8CF0-E8B30BFF1535) \ VersionIndependentProgID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D)
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) # AppID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ LocalServer32 # ThreadingModel
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ ProgID
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ TypeLib
HKCR \ CLSID \ (D6D64CDF-0363-4261-B723-29A3AF365E1D) \ VersionIndependentProgID
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139)
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (60F94D7D-563E-4942-B5EC-2DE9C135C139) \ 1.0 \ HELPDIR
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E)
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ ProxyStubClsid32
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib
HKCR \ Interface \ (27ED4AC2-B6D8-4079-9831-017A100B391E) \ TypeLib # Version
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019)
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ ProxyStubClsid32
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib
HKCR \ Interface \ (3F6D6C35-FB73-45E6-9473-BB4CC25CE019) \ TypeLib # Version
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601)
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ ProxyStubClsid32
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib
HKCR \ Interface \ (715D709B-2B10-42FA-A069-297D25D93601) \ TypeLib # Version
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C)
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ ProxyStubClsid32
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib
HKCR \ Interface \ (872C1B1E-3CF0-4D3A-95E5-A0C662D2854C) \ TypeLib # Version
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9)
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ ProxyStubClsid32
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib
HKCR \ Interface \ (886B1D08-B404-40F0-AA18-4E416682A2E9) \ TypeLib # Version
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB)
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ ProxyStubClsid32
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib
HKCR \ Interface \ (8B5F65CF-0B0A-4291-8DA2-86D7F7B0A6DB) \ TypeLib # Version
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D)
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ ProxyStubClsid32
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib
HKCR \ Interface \ (925B0211-A1C1-4712-8FCA-5F5B8101736D) \ TypeLib # Version
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866)
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ ProxyStubClsid32
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib
HKCR \ Interface \ (B01E37C4-5497-4D58-9FFD-D5653B8DC866) \ TypeLib # Version
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1)
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ ProxyStubClsid32
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib
HKCR \ Interface \ (CCAA201C-C48D-48A8-A1E8-846562CBF1C1) \ TypeLib # Version
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E)
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ ProxyStubClsid
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ ProxyStubClsid32
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ TypeLib
HKCR \ Interface \ (D483521B-D5CC-43ff-A45A-9BE4A8E6606E) \ TypeLib # Version
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2)
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ ProxyStubClsid32
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib
HKCR \ Interface \ (ED2AFF47-B7BE-4273-A203-C796E87F72D2) \ TypeLib # Version
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E)
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ ProxyStubClsid32
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib
HKCR \ Interface \ (F0FA7ED9-5A0A-4374-B63E-BEBAFD52192E) \ TypeLib # Version
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF)
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ ProxyStubClsid32
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib
HKCR \ Interface \ (F5DEE77C-87EB-4E00-BBF9-8CBF3BDEA7AF) \ TypeLib # Version
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA)
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ ProxyStubClsid32
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib
HKCR \ Interface \ (FB5DDAB7-6AA5-4E97-9541-5A75ADDF4ABA) \ TypeLib # Version
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B)
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ ProxyStubClsid32
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib
HKCR \ Interface \ (FDDF521B-0EBE-4D15-838C-73E2D851161B) \ TypeLib # Version
HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5)
HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ ProxyStubClsid
HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ ProxyStubClsid32
HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ TypeLib
HKCR \ Interface \ (FF609434-EB47-481b-BA0E-1D2B467629A5) \ TypeLib # Version
HKCR \ AppID \ Cerberus.EXE
HKCR \ AppID \ Cerberus.EXE # AppID

Trojan.Media-Codec
C: \ Documents and Settings \ Lifeline \ Favoris \ Online Security Test.url

Adware.180solutions/Seekmo
HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ seekmo
HKLM \ Software \ seekmo
HKLM \ Software \ seekmo CVF #
HKLM \ Software \ seekmo # install_embedded
HKLM \ Software \ seekmo UMT #
HKLM \ Software \ seekmo # CSED
HKLM \ Software \ seekmo # partner_id
HKLM \ Software \ seekmo # product_id
C: \ Program Files \ Seekmo \ seekmoau.dat
C: \ Program Files \ Seekmo \ seekmo_gdf.dat
C: \ Program Files \ Seekmo \ seekmo_kyf.dat
C: \ Program Files \ Seekmo
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Seekmo client Support.url
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Seekmo.com.url
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant \ Uninstall Seekmo Instructions.lnk
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Seekmo Search Assistant

Trojan.DNSChanger-Codec
HKCR \ CLSID \ E404.e404mgr
HKCR \ CLSID \ E404.e404mgr # UserId

Trojan.Media-Codec/V4
HKCR \ videoPl.chl
HKCR \ videoPl.chl \ CLSID
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # ProductionEnvironment
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # DisplayIcon
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # DisplayVersion
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Multimedia Software # Editeur

Rogue.AntiSpyKit
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B)
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ cnreqoyLmwnuv
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ crrmlfrwzfxhg
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ gizbuobfa
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ InprocServer32
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ KIcbv
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ nfjRol
HKCR \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) \ rDkSqA

Rogue.VirusHeat
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1)
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hwuhrcdfh
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ hxgfzhjfHrx
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ InprocServer32 # ThreadingModel
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ iTzlTI
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ nMnkE
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ OufPqTb
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ sBnix
HKCR \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) \ uAEeiihPke
HKCR \ TypeLib \ (CBD02E9B-37EF-47d2-96B0-3ABBB2EB92BF)
HKCR \ TypeLib \ (CBD02E9B-37EF-47d2-96B0-3ABBB2EB92BF) \ 1.0
HKCR \ TypeLib \ (CBD02E9B-37EF-47d2-96B0-3ABBB2EB92BF) \ 1.0 \ 0
HKCR \ TypeLib \ (CBD02E9B-37EF-47d2-96B0-3ABBB2EB92BF) \ 1.0 \ 0 \ win32
HKCR \ TypeLib \ (CBD02E9B-37EF-47d2-96B0-3ABBB2EB92BF) \ 1.0 \ FLAGS
HKCR \ TypeLib \ (CBD02E9B-37EF-47d2-96B0-3ABBB2EB92BF) \ 1.0 \ HELPDIR
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2)
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ ProxyStubClsid32
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib
HKCR \ Interface \ (0EC085A8-9818-43B7-B975-EC7555EDA4D2) \ TypeLib # Version
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE)
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ ProxyStubClsid32
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib
HKCR \ Interface \ (1A74C41C-0837-4FBE-BA50-621EB70F01CE) \ TypeLib # Version
HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0)
HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid
HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ ProxyStubClsid32
HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib
HKCR \ Interface \ (25297614-1B76-4C2C-82C6-62738AA0E8F0) \ TypeLib # Version
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870)
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ ProxyStubClsid32
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib
HKCR \ Interface \ (37F89457-1208-4670-9245-58C62BD6D870) \ TypeLib # Version
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8)
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ ProxyStubClsid32
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib
HKCR \ Interface \ (45477032-ABD0-454D-9CE4-EA34C10322F8) \ TypeLib # Version
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246)
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ ProxyStubClsid32
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib
HKCR \ Interface \ (69E34747-0B27-4B30-AE20-1023BF29E246) \ TypeLib # Version
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7)
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ ProxyStubClsid32
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib
HKCR \ Interface \ (79BE5B3B-80B2-4B77-A042-EFC90F6E0DE7) \ TypeLib # Version
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D)
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ ProxyStubClsid32
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib
HKCR \ Interface \ (7C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D) \ TypeLib # Version
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4)
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ ProxyStubClsid32
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib
HKCR \ Interface \ (7EBB34CF-1728-4136-A968-48F231DAD1B4) \ TypeLib # Version
HKCR \ Interface \ (88DAA291-4C46-B413-B378-3BE66F65369E)
HKCR \ Interface \ (88DAA291-4C46-B413-B378-3BE66F65369E) \ ProxyStubClsid
HKCR \ Interface \ (88DAA291-4C46-B413-B378-3BE66F65369E) \ ProxyStubClsid32
HKCR \ Interface \ (88DAA291-4C46-B413-B378-3BE66F65369E) \ TypeLib
HKCR \ Interface \ (88DAA291-4C46-B413-B378-3BE66F65369E) \ TypeLib # Version
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C)
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ ProxyStubClsid32
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib
HKCR \ Interface \ (936A2F4A-53F8-4D2F-92AA-2F9DE889841C) \ TypeLib # Version
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6)
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ ProxyStubClsid32
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib
HKCR \ Interface \ (AFCC3FA7-82A9-42D5-A405-78711E97A5D6) \ TypeLib # Version
HKCR \ Interface \ (CC05A4A3-7B28-488f-AB02-6AAEDB86ACCF)
HKCR \ Interface \ (CC05A4A3-7B28-488f-AB02-6AAEDB86ACCF) \ ProxyStubClsid
HKCR \ Interface \ (CC05A4A3-7B28-488f-AB02-6AAEDB86ACCF) \ ProxyStubClsid32
HKCR \ Interface \ (CC05A4A3-7B28-488f-AB02-6AAEDB86ACCF) \ TypeLib
HKCR \ Interface \ (CC05A4A3-7B28-488f-AB02-6AAEDB86ACCF) \ TypeLib # Version
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F)
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ ProxyStubClsid32
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib
HKCR \ Interface \ (E80114AA-6653-4952-9E97-5F1DC63BEE0F) \ TypeLib # Version
HKCR \ Interface \ (F9109A2A-432B-4add-A6FA-06BA22DCD2D9)
HKCR \ Interface \ (F9109A2A-432B-4add-A6FA-06BA22DCD2D9) \ ProxyStubClsid
HKCR \ Interface \ (F9109A2A-432B-4add-A6FA-06BA22DCD2D9) \ ProxyStubClsid32
HKCR \ Interface \ (F9109A2A-432B-4add-A6FA-06BA22DCD2D9) \ TypeLib
HKCR \ Interface \ (F9109A2A-432B-4add-A6FA-06BA22DCD2D9) \ TypeLib # Version
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01)
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ ProxyStubClsid32
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib
HKCR \ Interface \ (FCA3958A-8D38-4D14-8B81-CCD7F68A8A01) \ TypeLib # Version

Trojan.Media-Codec/V5
HKU \ S-1-5-21-4234981574-39719586-4263454222-1007 \ Software \ NetProject
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Internet Service # UninstallString
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # DisplayName
HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uni nstall \ Secure Browsing # UninstallString

Adware.Vundo Variante / Rel
HKLM \ SOFTWARE \ Microsoft \ FCOVM
HKLM \ SOFTWARE \ Microsoft \ aoprndtws

**ruffryder2k7** · #5 27 octobre 2008, 08:59

Malwarebytes' Anti-Malware 1.30
Version de base de données: 1310
Windows 5.1.2600 Service Pack 2

10/23/2008 12:24:55
Mbam-log-2008-10-23 (12-24-55). txt

Scan type: Quick Scan
Les objets numérisés: 52051
Temps écoulé: 6 minute (s), 54 second (s)

Memory Processes Infected: 0
Les modules de mémoire infectés: 7
Registry Keys Infected: 124
Valeurs de registre infectés: 15
Registry Data Items Infected: 2
Folders Infected: 6
Infected Files: 56

Memory Processes Infected:
(Articles n ° malveillants détectés)

Memory Modules Infected:
C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ rqrijast (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ jvkuajdi (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT \ CLSID \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Browser Helper Objects \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (06ef2cab-3340-4eb1-A740-c33ac922fa1f) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (c8a09740-1b82-4f12-8249-39844419ed2d) (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ cerberus.enginelistener (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ cerberus.enginelistener.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ cerberus.scanner (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ cerberus.scanner.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ cerberus.threatcollection (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ cerberus.threatcollection.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.backup (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.backup.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.ignorelist (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.ignorelist.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.log (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.log.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.logrecord (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.logrecord.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.paths (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.paths.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.quarantine (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.quarantine.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.runas (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.runas.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.searchitem (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.searchitem.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.threat (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ engine.threat.1 (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ main.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ main.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (0ec085a8-9818-43b7-b975-ec7555eda4d2) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (1a74c41c-0837-4fbe-BA50-621eb70f01ce) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (25297614-1B76-4c2c-82c6-62738aa0e8f0) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (27ed4ac2-b6d8-4079-9831-017a100b391e) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (37f89457-1208-4670-9245-58c62bd6d870) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (3f6d6c35-fb73-45e6-9473-bb4cc25ce019) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (45477032-abd0-454d-9ce4-ea34c10322f8) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (69e34747-0b27-4b30-AE20-1023bf29e246) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (715d709b-2b10-42fa-a069-297d25d93601) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (79be5b3b-80b2-4b77-A042-efc90f6e0de7) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (7c0ec6bf-81b9-4fe0-9447-4ed29a36bf5d) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (7ebb34cf-1728-4136-A968-48f231dad1b4) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (872c1b1e-3cf0-4d3a-95e5-a0c662d2854c) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (886b1d08-B404-40f0-aa18-4e416682a2e9) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (88daa291-B413-4c46-b378-3be66f65369e) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (8b5f65cf-0b0a-4291-8da2-86d7f7b0a6db) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (925b0211-A1C1-4712-8fca-5f5b8101736d) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (936a2f4a-53f8-4d2f-92aa-2f9de889841c) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (986a8ac1-ab4d-4F41-9068-4b01c0197867) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (afcc3fa7-82a9-42d5-A405-78711e97a5d6) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (b01e37c4-5497-4d58-9ffd-d5653b8dc866) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (cc05a4a3-7b28-488f-ab02-6aaedb86accf) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (ccaa201c-c48d-48a8-a1e8-846562cbf1c1) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (d483521b-d5cc-43ff-a45a-9be4a8e6606e) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (e80114aa-6653-4952-9e97-5f1dc63bee0f) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (ed2aff47-b7be-4273-A203-c796e87f72d2) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (f0fa7ed9-5a0a-4374-b63e-bebafd52192e) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (f5dee77c-87eb-4e00-bbf9-8cbf3bdea7af) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (f9109a2a-432b-4add-a6fa-06ba22dcd2d9) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (fb5ddab7-6aa5-4e97-9541-5a75addf4aba) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (fca3958a-8d38-4d14-8b81-ccd7f68a8a01) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Interface \ (fddf521b-0ebe-4d15-838c-73e2d851161b) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Interface \ (ff609434-eb47-481b-ba0e-1d2b467629a5) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (6743c36c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (3935B537-3E6D-04ED-ABB3-ACB16A699E3B) (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (E94EB13E-D78F-0857-7734-5E67A49FFFF1) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ CLSID \ (020b1227-417d-4682-9ac3-61f43cb5b6b1) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (125494b2-acad-414c-98b9-452f3ef7703a) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (20a3d913-30ef-4e69-b3f7-93b3f1fb9d5c) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (3d00a39c-655b-428b-aeb2-2fba03dcc49c) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (408f660a-9465-44a3-b557-8709dfd992bc) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (5f6bbd8a-18cf-4d55-8b4c-c9b4c9328dfe) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (8c56b6ce-c53f-44c4-9bdc-a9bc1711d05a) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (8ee6bf73-b370-4d13-9126-eb0071178f2e) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (97f56e12-c706-4aeb-9ffb-133c05ee5d38) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (9bb7e700-4e48-476d-b75c-6f47606be988) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (cbcaca58-1aee-4600-8cf0-e8b30bff1535) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (d6d64cdf-0363-4261-b723-29a3af365e1d) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (8e3c68cd-F500-4a2a-8cb9-132bb38c3573) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ Typelib \ (60f94d7d-563e-4942-b5ec-2de9c135c139) (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ CLSID \ (cbd02e9b-37ef-47d2-96b0-3abbb2eb92bf) (Rogue.VirusHeat) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ AppID \ (a0e1054b-01ee-4D57-A059-4d99f339709f) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ AppID \ (70f17c8c-1744-41b6-9d07-575db448dcc5) (Rogue.Multiple) -> en quarantaine et supprimé avec succès.
HKEY_CLASSES_ROOT \ Installer \ UpgradeCodes \ 7c673a5b8 71b8cd419f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (afd4ad01-58C1-4BC7-A404-fbe00a6c5486) (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (9034a523-D068-4be8-A284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (c2a1c5cb-c0ef-4689-9436-f62cca1c5383) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ SearchScopes \ (daed9266-8c28-4c1c-8b58-5c66eff1d302) (Search.Hijack) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ UpgradeCodes \ 7c673a5b871b8cd4 19f47dd0de5a6d18 (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ ControlPanel \ NameSpace \ (6743c3 6c-cbfe-11db-9705-005056c00008) (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ pré \ (0ac49246-419B-4ee0-8917-8818daad6a4e) (Adware.180Solutions) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Ext \ pré \ (99410cde-6f16-42ce-9d49-3807f78f0287) (Adware.180Solutions) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Ext \ PreApproved \ (f31a5d11-bf0b-4A4E-90af-274f2090aaa6) (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ (9034a523-D068-4be8-A284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Services \ j qvxedzb (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ j qvxedzb (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ jqvxedzb (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ Ext \ Stats \ (b8c54c47-9d3c-40f3-baf6-2443d2941e84) (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Internet Service (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Secure Browsing (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Juan (Malware.Trace) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ contim (Trojan.Vundo) -> en quarantaine et supprimé avec succès.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ instkey (Trojan.Vundo) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ MS Track System (Trojan.Vundo) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ rdfa (Trojan.Vundo) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ FCOVM (Trojan.Vundo) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RemoveRP (Trojan.Vundo) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ MultiMedia Software (Trojan.Zlob) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ seekmo (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ videoPl.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT \ AppID \ Cerberus.EXE (Rogue.Antivirus.Gold) -> en quarantaine et supprimé avec succès.

Registry Values Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ b0c087c0 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ ShellExecuteHooks \ (9ad7fc7f-1fe1-4414-9ac5-ec51457528e4) (Trojan.BHO) -> Delete on reboot.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ Extensions \ CmdMapping \ (9034a523-D068-4be8-A284-9df278be776e) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ SharedTaskScheduler \ (ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c) (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bf (Trojan.Agent) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ bk (Trojan.Agent) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ iu (Trojan.Agent) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Settings \ mu (Trojan.Agent) -> en quarantaine et supprimé avec succès.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ Folders \ c: \ program files \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ Folders \ c: \ program files \ \ adwarealert filterdrv \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Installer \ Folders \ C: \ Documents and Settings \ All Users \ Menu Démarrer \ Programmes \ adwarealert \ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre CurrentVersion \ ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Internet Explorer \ New Windows \ Allow \ *. securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA \ Notification Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> taken.
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ LSA \ Authentication Packages (Trojan.Vundo) -> Data: c: \ windows \ system32 \ qomghecb -> Delete on reboot.

Folders Infected:
C: \ Program Files \ Seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Paramètres (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Fichiers infectés:
C: \ WINDOWS \ system32 \ qoMghecb.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ bcehgMoq.ini (Trojan.BHO) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ bcehgMoq.ini2 (Trojan.BHO) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ rqRiJAst.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ cryptuik.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ dwolhm.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ evhuoman.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ namouhve.ini (Trojan.BHO) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ lptjntqu.dll (Trojan.BHO) -> Delete on reboot.
C: \ WINDOWS \ system32 \ uqtnjtpl.ini (Trojan.BHO) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ pnswwf.dll (Trojan.Vundo) -> Delete on reboot.
C: \ WINDOWS \ system32 \ emufbyex.dll (Trojan.Vundo) -> Delete on reboot.
C: \ Program Files \ Common Files \ _helper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C: \ WINDOWS \ Installer \ (AD4149B3-56B1-4e2a-A8A4-54FF9DE92C87) \ Icon.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ ywpnxpys.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ cwokkj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ cypdyp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ dhebaasf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ fdbgbvkj.exe (Trojan.LowZones) -> taken.
C: \ WINDOWS \ system32 \ mpasahjl.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ sznqnj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ nuuwnrfb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ opcapbye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ plljru.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ tgycffmw.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ blukkoij.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ bxdiyfrs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ ftvwbfjg.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ vgrksjuc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ ulmxavjt.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Local Settings \ Temporary Internet Files \ Content.IE5 \ LMQL183J \ upd105320 [1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C: \ Program Files \ Seekmo \ seekmoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ Program Files \ Seekmo \ seekmo_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ Program Files \ Seekmo \ seekmo_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ AppCert \ filter.drv (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ WINDOWS \ system32 \ AppCert \ options.dat (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert \ AdwareAlert sur le Web.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ AdwareAlert \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_00 AM_625.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 19 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_00 AM_609.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 20 - 03_00_01 AM_046.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_00 AM_484.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 21 - 03_00_01 AM_203.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_250.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 22 - 03_00_00 AM_562.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_281.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 03_00_00 AM_640.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_06_53 AM_968.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Log \ 2008 Apr 23 - 11_12_02 AM_000.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Application Data \ AdwareAlert \ Settings \ ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C: \ Program Files \ Common Files \ helper.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C: \ WINDOWS \ Tasks \ AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ Lifeline \ Favoris \ Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C: \ Documents and Settings \ All Users \ Desktop \ AdwareAlert.lnk (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

**evilfantasy** · #6 27 octobre 2008, 09:04

Vous utilisez deux anti-virus et deux pare-feu (suites de sécurité). S'il vous plaît une désinstallation d'eux maintenant de poste puis un nouveau log HijackThis.

**ruffryder2k7** · #7 27 octobre 2008, 09:11

j'ai bien installé Kaspersky Anti-Virus et donc son mur et im guessing feu Pare-feu Windows est sur
et dont je sais ce que d'autres ont installé des antivirus i im fonctionne pas autre chose
u peut-être plus précis?

**evilfantasy** · #8 27 octobre 2008, 09:17

Microsoft Windows OneCare Live est aussi un anti-virus / combinaison pare-feu.

**ruffryder2k7** · #9 29e octobre 2008, 08:01

ok i regardé qu'un souci n'est pas installé je l'avais désinstallé quand j'étais installer Kaspersky
voici un hijackthis de toute façon.

Logfile de Trend Micro HijackThis v2.0.2
Scan saved at 11:02:53, le 10/29/2008
Plate-forme: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe
C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
C: \ Program Files \ Fichiers communs \ Microsoft Shared \ VS7DEBUG \ Mdm.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ Program Files \ Western Union \ Universal-Release \ Translink.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 7.0 \ ActiveX \ AcroIEHelper.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: CBrowserHelperObject Object - (CA6319C0-31B7-401E-A518-A07C3DB8F777) - C: \ Program Files \ BAE \ BAE.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AVP] "C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe"
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O8 - Extra du menu contextuel: Add to Banner Ad Blocker - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ ie_banner_deny.htm
O8 - Extra du menu contextuel: E & xporter vers Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.5.0_09 \ bin \ ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - (1F460357-8A94-4D71-9CA3-AA4ACF32ED8E) - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ SCIEPlgn.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI1933 ~ 1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: Real.com - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - C: \ WINDOWS \ system32 \ Shdocvw.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (05D44720-58E3-49E6-BDF6-D00330E511D3) (StagingUI Object) -- http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: (3BB54395-5982-4788-8AF4-B5388FFDD0D8) (MSN Games - Buddy Invite) -- http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: (3C1F44A9-D1FD-4AA5-BC66-69816B58680C) (Printer Control) -- https: / / webcenter.ipponline.com / ippo...iptPrinter.cab
O16 - DPF: (5736C456-EA94-4AAC-BB08-917ABDD035B3) (ZonePAChat Object) -- http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: (6B0228D7-D6D5-4B97-82E7-79557E4314D0) (ScannerDll.CheckScanner) -- https: / / webcenter.ipponline.com / ippo...ScannerDll.CAB
O16 - DPF: (B8BE5E93-A60C-4D26-A2DC-220313175592) (MSN Games - Installer) -- http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: (DA2AA6CF-5C7A-4B71-BC3B-C771BB369937) (MSN Games - Game Communicator) -- http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: (F773E7B2-62A9-4524-9109-87D2F0BEFAA4) (ChessControl Class) -- http://zone.msn.com/bingame/zpagames...p.cab56961.cab
O18 - Filter hijack: text / html - (59610584-CC18-436f-B031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll
O20 - AppInit_DLLs: C: \ PROGRA ~ 1 \ Google \ GOOGLE ~ 1 \ GOEC62 ~ 1.DLL, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ mzvkbd3.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPE R ~ 1 \ adialhk.dll, C: \ PROGRA ~ 1 \ KASPER ~ 1 \ KASPER ~ 1 \ hk.dll kloe dwolhm.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc - C: \ PROGRA ~ 1 \ Common ~ 1 \ AOL \ ACS \ AOLacsd.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C: \ Program Files \ Kaspersky Lab \ Kaspersky Internet Security 2009 \ avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: OneCare Firewall (msfwsvc) - ALWIL Software - C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
O23 - Service: OneCare AntiSpyware et AntiVirus (OneCareMP) - ALWIL Software - C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing)

--
End of file - 6332 bytes

**evilfantasy** · #10 29 octobre 2008, 09:55

HijackThis et sélectionnez Ouvrir Est-ce que seulement un système de balayage.

Placez une coche à côté de l'entrée suivante: (s'il ya)

- O18 - Filter hijack: text / html - (59610584-CC18-436f-B031-a6893781f08d) - C: \ WINDOWS \ system32 \ msziptools.dll
- O23 - Service: OneCare Firewall (msfwsvc) - ALWIL Software - C: \ Program Files \ Microsoft Windows OneCare Live \ Firewall \ msfwsvc.exe (file missing)
- O23 - Service: OneCare AntiSpyware et AntiVirus (OneCareMP) - ALWIL Software - C: \ Program Files \ Microsoft Windows OneCare Live \ Antivirus \ MsMpEng.exe (file missing)

Important: Fermez toutes les fenêtres sauf pour HijackThis et cliquez sur Fix vérifié.

Quitter HijackThis.

----------

Aller à Démarrer> Exécuter et le type Notepad.exe puis cliquez sur OK.

Copiez et collez le texte suivant dans le code dans la nouvelle boîte de Bloc-notes fichier.

Code:

@ ECHO OFF sc stop "msfwsvc" sc delete "msfwsvc" sc stop "OneCareMP" sc delete "OneCareMP sortie

Dans le Bloc-notes sélectionner Fichier et Enregistrer en tant que
Choisissez l'option Enregistrer à l'emplacement d'être le bureau et pour la Nom du fichier: type de fixme.bat faire en sorte que le Type de fichier domaine dit Tous les fichiers.

Double-cliquez sur Suivant fixservice.bat pour l'exécuter.
Une boîte noire devrait ouvrir et de fermer après un court laps de temps, c'est normal.
Ne pas continuer jusqu'à ce que la boîte noire a fermé
Supprimer de la fixservice.bat Desktop.

----------

Télécharger OTMoveIt2 par Oldtimer et de l'enregistrer sur votre Desktop.

Note: Si vous êtes en cours d'exécution sur Vista, cliquez avec le bouton droit et choisissez le OTMoveIt2.exe Exécuter en tant qu'administrateur.

1. Double-cliquez sur OTMoveIt2.exe pour l'exécuter.
2. Copiez les lignes de la codebox ci-dessous.

Code:

[explorer tuer] C: \ Program Files \ Microsoft Windows OneCare Live EmptyTemp [explorer start]

3. Retour à la OTMoveIt2, cliquez avec le bouton droit de la Collage Liste des fichiers / dossiers à déplacer fenêtre (sous la barre jaune) et de choisir Coller
4. Cliquez sur le rouge Moveit! bouton.
5. Copier tout dans la fenêtre des résultats (sous la barre verte) et collez-le dans votre prochaine réponse.
6. Fermer OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement mai-vous être demandé de redémarrer votre ordinateur afin de terminer le processus de déménagement. Si on vous demande de redémarrer l'ordinateur, choisissez Oui. Si non, le redémarrage de toute façon.

----------

Télécharger ComboFix par SUBS de l'un des liens ci-dessous. Assurez-vous haut mettre à la Desktop.

Lien # 1
Link # 2

** Note: Il est important de le sauvegarder directement sur votre bureau

Fermez tous les navigateurs Web. (Firefox, Internet Explorer, etc) avant de lancer ComboFix.

Momentanément désactiver ton antivirus, Et tout antispyware protection en temps réel avant effectuer une analyse. Cliquez sur ce lien pour voir la liste des programmes de sécurité qui doit être désactivé et comment les désactiver.

Double-cliquez sur combofix.exe et suivre les instructions.

Pour Windows XP Systèmes d'installer la console de récupération:

- Si vous utilisez Windows XP et n'avez pas déjà installé la console de récupération, s'il vous plaît vous assurer que votre connexion Internet est active (si possible) et cliquez sur Oui.
- Si pour une raison quelconque, votre connexion à Internet ne fonctionne pas sur Non.
-- Si vous n'utilisez pas Windows XP, vous ne serez pas invité.
- Lorsque vous êtes invité à accepter le CLUF click OK.
- Accepter le CLUF de Microsoft (Cliquez Oui).
- Quand on vous dit que le RC est correctement installé sur OUI de poursuivre l'analyse des programmes malveillants.

Lorsque vous avez terminé ComboFix va produire un journal pour vous.
Publier le ComboFix log dans votre prochaine réponse.

Important: Ne pas ComboFix clic de souris, la fenêtre en cours d'exécution. Cela mai à cause de décrochage.

N'oubliez pas de réactiver votre antivirus et antispyware protection ComboFix est terminée.

Similar Threads
Fil	Thread Starter	Forum	Réponses	Last Post
Problème avec Trojan Horse Downloader Generic 9	OGB	Virus, Spyware et sécurité	7	21 novembre 2009 13:06
Infectés par le MultiPacked.Multi.Generic Malware!	ruffryder2k7	Virus, Spyware et sécurité	12	26 juin 2009 19:26
Ordinateur est infecté par Trojan.Downloader et ne supprime pas Via MBAM	bvauilt	Virus, Spyware et sécurité	15	17 avr 2009 15:43
Trojan.vundo.h, trojan.agent, adware.mirar + MORE! : (	sillyarfer	Virus, Spyware et sécurité	1	14 déc 2008 09:59
Heur Trojan Generic	kathymer	Virus, Spyware et sécurité	10	29 Nov 2008 12:58