Votre question

Plusieur cheval de troie(3-4)[24 mars 2007]

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Mars 2007 09:46:18



bonjour

je sais pas comment c'est arrivé, mais il s'amuse sur mon pc sa me gache mon existence!!! j'ai essayer de les deletes mais les trojans c'est pas mon truc....

voila le rapport hijackthis:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:44:09, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\services.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\courteoux\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [Loud Date 16 Soap] C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate\Thunkdash.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7427 bytes


Merci d'avance, je pense qu'il sont mi un keylogger avec donc il save surement que je poste ici, merci de faire au plus vite il vont finir par me pété mon pC

Autres pages sur : plusieur cheval troie mars 2007

24 Mars 2007 09:50:35

Bonjour


$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.z...


$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


$$ Fais un clic droit sur SDFix.zip et choisis "Extraire tout"
Double-clique sur RunThis.bat
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.


Poste aussi ce rapport. Télécharge LopxpMH sur ton Bureau.

http://perso.numericable.fr/~altshift/Info/Fichiers/lop...

Dézippe-le (clic droit >> Extraire ici) et double clique sur le fichier lopxpMH.bat.

Poste le contenu du rapport qui va s'ouvrir.
24 Mars 2007 09:54:16

Ok, j'enrengistre la page et je suis les insctruction, je post le rapport après
Contenus similaires
Pas de réponse à votre question ? Demandez !
24 Mars 2007 10:09:44

Heu..Y a pas SDFix dans le mode sans échec, j'ia bien était en mode sans échec mais y avait pas le racourci; il en manquait plein d'autre aussi :s :o 
24 Mars 2007 10:33:51



To run the SDFix tool please reboot to Safe Mode
(Reboot, tap the F8 Key and choose Safe Mode from the Advanced M



1. Download/Run a-squared (EMSI Software - 10.5 MB
2. Download/Run NGenFix (Norman - 2.3 MB)
3. Download/Run SAV32CLI (Sophos - 10.1 MB)

S. Save Add/Remove programs List
U. Download latest version of SDFix

E. EXIT



(Active Internet Connection Required To Download Files)




Type S,U,1,2,3 or E to Exit.... sa mais sa quand j'ouvre Runthis
24 Mars 2007 10:37:38

er quand je tape Y sa se ferme
24 Mars 2007 10:45:52

SDFix v1.74

Updated 22nd March 9pm SDFix will only run on Windows 2000 and Windows XP in Safe Mode !
Search Page (Online) View Changelog (Online)

Catchme W2K/XP/Vista - Userland Rootkit Detector By Gmer - www.gmer.net/catchme

SDFix uses files by the following developers:
Alexander Frink Charles Dye Craig Peacock Flexhex Gmer
Frank Heyne Software Noël Danjou Robin Keir SteelWerX

Thankyou to them. everyone at SpywareInfo and the MR team



The fixtool removes these Trojan Variants (Listed using Trend Micro's - HijackThis)


Backdoor (IRCBot) Trojans:

O4 - Startup: MY_C4D.jpg
O4 - Startup: rBot.exe
O4 - Startup: svchost.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Wincbr.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: wupdmgr.exe

O4 - HKLM\..\Run: [] ifconfig.exe
O4 - HKLM\..\RunServices: [] ifconfig.exe
O4 - HKCU\..\Run: [] ifconfig.exe

O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe

O4 - HKLM\..\Run: [] winxp.exe
O4 - HKLM\..\RunServices: [] winxp.exe
O4 - HKCU\..\Run: [] winxp.exe

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [.nvsvcb] C:\WINDOWS\System32\smssb.exe

F2 - REG:system.ini: Shell=Explorer.exe update.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,update.exe
O4 - HKLM\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKCU\..\Run: [aa bbcc dde effgghh jj] update.exe

O4 - HKLM\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe

O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe

O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe

O4 - HKLM\..\Run: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserve.exe

O4 - HKLM\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winslog.exe
O4 - HKCU\..\Run: [AdobeReaderPro] winslog.exe

O4 - HKLM\..\Run: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\RunServices: [AdobeReaderProfessional] msx64.exe

O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe

O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe

O4 - HKLM\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKCU\..\Run: [ApplicationProtocolRun] smsbvl32.exe

O4 - HKLM\..\Run: [asnconsole] msasn.exe
O4 - HKLM\..\RunServices: [asnconsole] msasn.exe

F2 - REG:system.ini: Shell=Explorer.exe asus.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,asus.exe
O4 - HKLM\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe

O4 - HKLM\..\Run: [ATI Active Graphics Card Monitor] C:\WINDOWS\System32\atievx.exe

O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe
O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe
O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe

O4 - HKLM\..\Run: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\RunServices: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe

O4 - HKLM\..\Run: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\RunServices: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe

O4 - HKLM\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] atigfx.exe

O4 - HKLM\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] pixman.exe

O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32x.exe

O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe

O4 - HKLM\..\Run: [blah services] xagwxzy.exe
O4 - HKLM\..\RunServices: [blah services] xagwxzy.exe

O4 - HKLM\..\Run: [BLF] C:\WINDOWS\system32\blf.exe

O4 - HKLM\..\Run: [Casino Royale] jamesbond.exe
O4 - HKLM\..\RunServices: [Casino Royale] jamesbond.exe

O4 - HKLM\..\Run: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\RunServices: [Catalyst Control Centre] atixvdm.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\csrs.exe

O4 - HKLM\..\Run: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\RunServices: [Client Server Run Time Proccess] csrsrv.exe

O4 - HKLM\..\Run: [Command Interpreter] ucmd.exe
O4 - HKLM\..\RunServices: [Command Interpreter] ucmd.exe

O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe

O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe

O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] msnsvc.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe

O4 - HKLM\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers 32] compq32.exe

O4 - HKLM\..\Run: [Configuration Loader] configldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] configldr.exe

O4 - HKLM\..\Run: [Configuration Loader] iexplore.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexplore.exe

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe

O4 - HKLM\..\Run: [Configuration Loader] svchost2.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svchost2.exe

O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] syscfg32.exe

O4 - HKLM\..\RunServices: [Configuration Loader] loadcfg32.exe

O4 - HKLM\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\RunServices: [Configuration Servecie] sewins.exe
O4 - HKCU\..\Run: [Configuration Servecie] sewins.exe

O4 - HKLM\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\RunServices: [control panel software service] cprs.exe
O4 - HKCU\..\Run: [control panel software service] cprs.exe

O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKLM\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\RunServices: [CPMP32 Settings] cpmp32.exe
O4 - HKCU\..\Run: [CPMP32 Settings] cpmp32.exe

O4 - HKLM\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\RunServices: [CPVHOST Settings] cpvhost.exe
O4 - HKCU\..\Run: [CPVHOST Settings] cpvhost.exe

O4 - HKLM\..\Run: [CRCSS] crcss.exe

F2 - REG:system.ini: Shell=Explorer.exe creative.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,creative.exe
O4 - HKLM\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe

O4 - HKLM\..\Run: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKCU\..\Run: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunOnce: [Creative Devldr32] devldr32exe

O4 - HKLM\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\RunServices: [CRP386 Networking] crp386.exe
O4 - HKCU\..\Run: [CRP386 Networking] crp386.exe

O4 - HKLM\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\RunServices: [CRSSXP SysInfo] crssxp.exe
O4 - HKCU\..\Run: [CRSSXP SysInfo] crssxp.exe

O4 - HKLM\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\RunServices: [DELXP Protocol] delxp.exe
O4 - HKCU\..\Run: [DELXP Protocol] delxp.exe

O4 - HKLM\..\Run: [Device Manager] wfxmgr.exe
O4 - HKLM\..\RunServices: [Device Manager] wfxmgr.exe

O4 - HKLM\..\Run: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\RunServices: [DIVX Video Player] DIVXPloyer.exe

F2 - REG:system.ini: Shell=Explorer.exe windfe.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,windfe.exe
O4 - HKLM\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe

O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe

O4 - HKLM\..\Run: [DRam prosessor] dll.exe
O4 - HKLM\..\RunServices: [DRam prosessor] dll.exe

O4 - HKLM\..\Run: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\RunServices: [DRam prosessor] HWAPI.exe

O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe

O4 - HKLM\..\Run: [DRam prosessor] winsys.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winsys.exe

O4 - HKLM\..\Run: [Drammm] lolla.exe
O4 - HKLM\..\RunServices: [Drammm] lolla.exe

O4 - HKLM\..\Run: [DRan posessor] DAP.exe
O4 - HKLM\..\RunServices: [DRan posessor] DAP.exe

O4 - HKLM\..\Run: [dsd] zz.exe
O4 - HKLM\..\RunServices: [dsd] zz.exe
O4 - HKCU\..\Run: [dsd] zz.exe
O4 - HKCU\..\RunServices: [dsd] zz.exe

O4 - HKLM\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] cmd16.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] cmd16.exe

O4 - HKLM\..\Run: [Eclipse Environment] C:\WINDOWS\system32\eclipse.exe

F2 - REG:system.ini: Shell=Explorer.exe esijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esijavaupdt32.exe
O4 - HKLM\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKCU\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe

O4 - HKLM\..\Run: [EUP Service] C:\WINDOWS\system32\eupsvc.exe

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\scif\explorer.exe

O4 - HKLM\..\Run: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\RunServices: [Expl0rer soft] expl0rer.pif

O4 - HKLM\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\RunServices: [File System] taskmqr.exe
O4 - HKCU\..\Run: [File System] taskmqr.exe

O4 - HKLM\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\RunServices: [File System] taskmqrs.exe
O4 - HKCU\..\Run: [File System] taskmqrs.exe

O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe

O4 - HKLM\..\Run: [FW Manager] C:\WINDOWS\system32\fwcheck.exe

O4 - HKLM\..\Run: [gcasServ32] gcasServ32.exe
O4 - HKCU\..\RunOnce: [gcasServ32] gcasServ32.exe

O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\RunServices: [google] google.exe

O4 - HKLM\..\Run: [Google service] Googlesetup.exe
O4 - HKLM\..\RunServices: [Google service] Googlesetup.exe

O4 - HKLM\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\RunServices: [Hardware Shell Detection] WinHSD.exe
O4 - HKCU\..\Run: [Hardware Shell Detection] WinHSD.exe

O4 - HKLM\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\RunServices: [HTTP Tunneling Server] mstunnel.exe

O4 - HKLM\..\Run: [IEUpdate] ieupdate.exe
O4 - HKLM\..\RunServices: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [IEUpdate] ieupdate.exe

O4 - HKLM\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorer6 Java Scripting] IExplore326.exe

O4 - HKLM\..\Run: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\RunServices: [InternetExplorer2] C:\WINDOWS\System32\windows.exe

O4 - HKLM\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKLM\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\RunServices: [Internet Explorer Security] iexplore.pif

O4 - HKLM\..\Run: [Index Service] dllhost32.exe
O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe

O4 - HKLM\..\Run: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\RunServices: [Intec Services Driverrs] winrvc.exe

O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\alota.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\nteusodp.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe

O4 - HKLM\..\Run: [internet] winsas32.exe
O4 - HKLM\..\RunServices: [internet] winsas32.exe
O4 - HKCU\..\Run: [internet] winsas32.exe

O4 - HKLM\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexplor.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexplor.exe

O4 - HKLM\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq32.exe
O4 - HKCU\..\Run: [Internet Security Service] msq32.exe

O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe

O4 - HKLM\..\Run: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\RunServices: [IRQ Assigning Agent] IRQconf.exe

O4 - HKLM\..\Run: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\RunServices: [iTunes Music] iTunesHelper32.exe

O4 - HKLM\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\RunServices: [JA Config 32] Awesome32.exe
O4 - HKCU\..\Run: [JA Config 32] Awesome32.exe

O4 - HKLM\..\Run: [Java Runtime Environment] C:\WINDOWS\system32\jbuild.exe

O4 - HKLM\..\Run: [Java Runtime Value] runjava.exe
O4 - HKLM\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKCU\..\Run: [Java Runtime Value] runjava.exe
O4 - HKCU\..\RunServices: [Java Runtime Value] runjava.exe

O4 - HKLM\..\Run: [Java Update] nod.exe
O4 - HKLM\..\RunServices: [Java Update] nod.exe
O4 - HKCU\..\Run: [Java Update] nod.exe

O4 - HKLM\..\Run: [JW Manager] jwmngr.exe

O4 - HKLM\..\Run: [JXL Radio] jxl.exe
O4 - HKLM\..\RunServices: [JXL Radio] jxl.exe
O4 - HKCU\..\Run: [JXL Radio] jxl.exe
O4 - HKCU\..\RunServices: [JXL Radio] jxl.exe

O4 - HKLM\..\Run: [LEMSRV] C:\WINDOWS\system32\lemsrv.exe

O4 - HKLM\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\RunServices: [Linksys Modem Drivers] linksys.exe
O4 - HKCU\..\Run: [Linksys Modem Drivers] linksys.exe

O4 - HKLM\..\Run: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [Limewire] LimeWire.exe

O4 - HKLM\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\RunServices: [Live-Help] lmns.exe
O4 - HKCU\..\Run: [Live-Help] lmns.exe

O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\RunServices: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe

O4 - HKLM\..\Run: [Local area connection] winlive.exe
O4 - HKLM\..\RunServices: [Local area connection] winlive.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe

O4 - HKLM\..\Run: [Lsass16] C:\WINDOWS\lsass16.exe

O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe

O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe

O4 - HKLM\..\Run: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\RunServices: [Master Card Updaate 32] Mastercard32.exe

O4 - HKLM\..\Run: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\RunServices: [McAfee Online virus Scanner] avp.exe

O4 - HKLM\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\RunServices: [Media Software UPdater] sscs.exe
O4 - HKCU\..\Run: [Media Software UPdater] sscs.exe

O4 - HKLM\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack] mxpsp.exe

O4 - HKLM\..\Run: [Messenger91] messengersystem.exe
O4 - HKLM\..\RunServices: [Messenger91] messengersystem.exe

O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe

O4 - HKLM\..\Run: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] antivir32.exe

O4 - HKLM\..\Run: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] iexplore.exe

O4 - HKLM\..\Run: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] shell32.exe

O4 - HKLM\..\Run: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] xptxt.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] cmh.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe

O4 - HKLM\..\Run: [Microsoft] .exe
O4 - HKLM\..\RunServices: [Microsoft] .exe

O4 - HKLM\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\RunServices: [Microsoft] guard.exe
O4 - HKCU\..\Run: [Microsoft] guard.exe

O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe

O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\Isass.exe

O4 - HKLM\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\RunServices: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [Microsoft] iusr.exe

O4 - HKLM\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\RunServices: [Microsoft] lsass.ppf
O4 - HKCU\..\Run: [Microsoft] lsass.ppf

O4 - HKLM\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\RunServices: [Microsoft] mixers.exe
O4 - HKCU\..\Run: [Microsoft] mixers.exe

O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [Microsoft] msmsger.exe

O4 - HKLM\..\Run: [Microsoft] msns.exe
O4 - HKLM\..\RunServices: [Microsoft] msns.exe

O4 - HKLM\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft] MSUPDATE.exe

O4 - HKLM\..\Run: [Microsoft] msvchost.exe
O4 - HKLM\..\RunServices: [Microsoft] msvchost.exe

O4 - HKLM\..\Run: [Microsoft] msvcs.exe
O4 - HKLM\..\RunServices: [Microsoft] msvcs.exe

O4 - HKLM\..\Run: [Microsoft] Nvpss.exe
O4 - HKLM\..\RunServices: [Microsoft] Nvpss.exe

O4 - HKLM\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\RunServices: [Microsoft] qtask.exe
O4 - HKCU\..\Run: [Microsoft] qtask.exe

O4 - HKLM\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\RunServices: [Microsoft] radnom.exe
O4 - HKCU\..\Run: [Microsoft] radnom.exe

O4 - HKLM\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\RunServices: [Microsoft] rtvcscan.exe
O4 - HKCU\..\Run: [Microsoft] rtvcscan.exe

O4 - HKLM\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft] rundll.exe
O4 - HKCU\..\Run: [Microsoft] rundll.exe

O4 - HKLM\..\Run: [Microsoft] svchost32.exe
O4 - HKLM\..\RunServices: [Microsoft] svchost32.exe

O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\taskbar.exe

O4 - HKLM\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\RunServices: [Microsoft] wcsntfy.exe
O4 - HKCU\..\Run: [Microsoft] wcsntfy.exe

O4 - HKLM\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\RunServices: [Microsoft] winlog.exe
O4 - HKCU\..\Run: [Microsoft] winlog.exe

O4 - HKLM\..\Run: [Microsoft] winlogom.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogom.exe

O4 - HKLM\..\Run: [Microsoft] winsock.exe
O4 - HKLM\..\RunServices: [Microsoft] winsock.exe

O4 - HKLM\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\RunServices: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKCU\..\Run: [Microsoft ALG32 Protocol] alg32.exe

O4 - HKLM\..\Run: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\RunServices: [Microsoft AntiSpyware] KT06.pif

O4 - HKLM\..\Run: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\RunServices: [Microsoft AntiVirus] winav32.exe

O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe

O4 - HKLM\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe

O4 - HKLM\..\Run: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\RunServices: [Microsoft Chat] mIRC.exe

O4 - HKLM\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\RunServices: [Microsoft CONFIG] winmx.exe
O4 - HKCU\..\Run: [Microsoft CONFIG] winmx.exe

O4 - HKLM\..\Run: [Microsoft Compiler Pack] DSDEV.EXE

O4 - HKLM\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\RunServices: [Microsoft Configoration Service] msconfigs.exe

O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe

O4 - HKLM\..\Run: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSbz32.exe

O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe

O4 - HKLM\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe

O4 - HKLM\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe

O4 - HKLM\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe

O4 - HKLM\..\Run: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] synet-ud.exe

O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Microsoft Corp Updates] wupdates.exe

O4 - HKLM\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKCU\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe

O4 - HKLM\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe

O4 - HKLM\..\Run: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation SYM monitor] mssym.exe

O4 - HKLM\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\RunServices: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKCU\..\Run: [Microsoft CPXP Protocol] cpxp.exe

O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe

O4 - HKLM\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\RunServices: [Microsoft Development Services] msdevelop.exe

O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKCU\..\Run: [Microsoft Directx] directxat.exe
O4 - HKCU\..\RunServices: [Microsoft Directx] directxat.exe

O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe

O4 - HKLM\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe

O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\RunServices: [Microsoft Directx click] directxclick.exe

O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe

O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\RunServices: [Microsoft Directx push] directxpushup.exe

O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] Desktop.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] winavguard.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wns.exe

O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe

O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKCU\..\Run: [Micrsoft Driver] msdriver.exe

O4 - HKLM\..\Run: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\RunServices: [Microsoft Event Engine] EvtEngn.exe

O4 - HKLM\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunServices: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\RunOnce: [Microsoft explorer Update] internal.exe

O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE

O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] netvhost.exe

O4 - HKLM\..\Run: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] smbvhost.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] Isass.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] Isass.exe

O4 - HKLM\..\Run: [Microsoft Machine] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] system32.exe

O4 - HKLM\..\Run: [Microsoft Machine] temp.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] temp.exe

O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\RunServices: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKCU\..\Run: [Microsoft Messenger XP] MSMSN32.exe

O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe

O4 - HKLM\..\Run: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Monitors] explorers.exe

O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsg.exe

O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsger.exe

O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE

O4 - HKLM\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\RunServices: [Microsoft NT Drivers] ntdrv.exe

O4 - HKLM\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\RunServices: [Microsoft Nvidia Video] nvidia.exe

O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\RunServices: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe

O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKCU\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe

O4 - HKLM\..\Run: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Patch Update] bootini.exe

O4 - HKLM\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\RunServices: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKCU\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe

O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

O4 - HKLM\..\Run: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\RunServices: [Microsoft Runtime Initialization] msvcbm.exe

O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe

O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mnsmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

O4 - HKLM\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Process] wininit.exe
O4 - HKCU\..\Run: [Microsoft Security Process] wininit.exe

O4 - HKLM\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\RunServices: [Microsoft Server] rserv.exe
O4 - HKCU\..\Run: [Microsoft Server] rserv.exe

O4 - HKLM\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe

O4 - HKLM\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] Q8See.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] Q8See.exe

O4 - HKLM\..\Run: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\RunServices: [Microsoft Service] sysreg11.exe

O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe

O4 - HKLM\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\RunServices: [Microsoft Services] srvchost.exe
O4 - HKCU\..\Run: [Microsoft Services] srvchost.exe

O4 - HKLM\..\Run: [Microsoft Servicesv] .exe
O4 - HKLM\..\RunServices: [Microsoft Servicesv] .exe

O4 - HKLM\..\Run: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\RunServices: [Microsoft Sounds] soundman.exe

O4 - HKLM\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\RunServices: [Microsoft SpA Service] msapps.exe
O4 - HKCU\..\Run: [Microsoft SpA Service] msapps.exe

O4 - HKLM\..\Run: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Spool Svc] spoolsvc32.exe

O4 - HKLM\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe

O4 - HKLM\..\Run: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe

O4 - HKLM\..\Run: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] botcrx.exe

O4 - HKLM\..\Run: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnmesseng.exe

04 - HKLM\..\Run: [Microsoft Svchost local services] winoem.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winoem.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] bot.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] bot.exe

O4 - HKLM\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\RunServices: [Microsoft System Administration] system.exe
O4 - HKCU\..\Run: [Microsoft System Administration] system.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msnmsgr.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] reg32.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestore.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestore.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe

O4 - HKLM\..\Run: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\RunServices: [Micrcoft Updat] spoolsae.exe

O4 - HKLM\..\Run: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\RunServices: [Microsft Updtes] sarvice.exe

O4 - HKLM\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\RunServices: [Microsoft Update] bling.exe
O4 - HKCU\..\Run: [Microsoft Update] bling.exe

O4 - HKLM\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\RunServices: [Microsoft Update] drive.exe
O4 - HKCU\..\Run: [Microsoft Update] drive.exe

O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKLM\..\Run: [Microsoft Update] msn.exe
O4 - HKCU\..\Run: [Microsoft Update] msn.exe

O4 - HKLM\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msnmessenger.exe
O4 - HKCU\..\Run: [Microsoft Update] msnmessenger.exe

O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe

O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKLM\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] svschost.exe

O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe

O4 - HKLM\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] system32.exe
O4 - HKCU\..\Run: [Microsoft Update] system32.exe

O4 - HKLM\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taskmgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] taskmgr32.exe

O4 - HKLM\..\Run: [Microsoft update] tskmgr.exe
O4 - HKLM\..\RunServices: [Microsoft update] tskmgr.exe

O4 - HKLM\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\RunServices: [Microsoft Update] update.exe
O4 - HKCU\..\Run: [Microsoft Update] update.exe

O4 - HKLM\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wangard.exe
O4 - HKCU\..\Run: [Microsoft Update] wangard.exe

O4 - HKLM\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] win32.exe
O4 - HKCU\..\Run: [Microsoft Update] win32.exe

O4 - HKLM\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] WinDrv32.exe
O4 - HKCU\..\Run: [Microsoft Update] WinDrv32.exe

O4 - HKLM\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wingrd32.exe
O4 - HKCU\..\Run: [Microsoft Update] wingrd32.exe

O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update] winsys.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe

O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe

O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\Run: [Microsoft Updates] winit.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] winit.exe

O4 - HKLM\..\Run: [Microft Update 32] winssx.exe
O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe

O4 - HKLM\..\Run: [Microsoft Update 32] neta.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] neta.exe

O4 - HKLM\..\Run: [Microsoft Update 32] network.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] network.exe

O4 - HKLM\..\Run: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] windowsp.exe

O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe

O4 - HKLM\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe

O4 - HKLM\..\Run: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Drivers] explorers.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bee.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bot.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] bot.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] syspic9.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] syspic9.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winhost.exe

O4 - HKLM\..\Run: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] scvideo.exe

O4 - HKLM\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\RunServices: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKCU\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe

O4 - HKLM\..\Run: [Microsoft web update] webmsn.exe
O4 - HKLM\..\RunServices: [Microsoft web update] webmsn.exe

O4 - HKLM\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe

O4 - HKLM\..\Run: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 DOS] MSdos32.exe

O4 - HKLM\..\Run: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 Security] MSsec32.exe

F2 - REG:system.ini: Shell=Explorer.exe msclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msclt.exe
O4 - HKLM\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe

F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bootini.exe
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\RunServices: [Microsoft Windows] bootini.exe

F2 - REG:system.ini: Shell=Explorer.exe wincomm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wincomm.exe
O4 - HKLM\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKCU\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Drivers] windrv.exe

O4 - HKLM\..\Run: [Microsoft Windows Explorer] C:\WINDOWS\system32\explorewin.exe

O4 - HKLM\..\Run: [Microsoft Windows Secure] windocs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Secure] windocs.exe
O4 - HKCU\..\Run: [Microsoft Windows Secure] windocs.exe

O4 - HKLM\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services] msw32.exe

O4 - HKLM\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe

O4 - HKLM\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe

O4 - HKLM\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe

O4 - HKLM\..\Run: [Microsoft Windows Startup] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Startup] explorer.exe

O4 - HKLM\..\Run: [Microsoft Windows System] srwhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] srwhost.exe

O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Task Management] mstasks.exe

O4 - HKLM\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe

O4 - HKLM\..\Run: [Microsoft Windows Updata] windows.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] windows.exe

O4 - HKLM\..\Run: [MICROSOFT Windows update] pdate.exe
O4 - HKLM\..\RunServices: [MICROSOFT Windows update] pdate.exe
O4 - HKCU\..\Run: [MICROSOFT Windows update] pdate.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] syssinfos.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] syssinfos.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] syssinfos.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Updater] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] winupdate.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] winupdate.exe

O4 - HKLM\..\Run: [Microsoft Windows Updates] wsap32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updates] wsap32.exe

O4 - HKLM\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKLM\..\RunServices: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKCU\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe

O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] syswin32.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] syswin32.exe

O4 - HKLM\..\Run: [Microsoft Xp] pdate.exe
O4 - HKLM\..\RunServices: [Microsoft Xp] pdate.exe

O4 - HKLM\..\Run: [Microsoft XPSP Protocol] xp386.exe
O4 - HKLM\..\RunServices: [Microsoft XPSP Protocol] xp386.exe
O4 - HKCU\..\Run: [Microsoft XPSP Protocol] xp386.exe

O4 - HKLM\..\Run: [Micrsft Updese] xagwxz.exe
O4 - HKLM\..\RunServices: [Micrsft Updese] xagwxz.exe

O4 - HKLM\..\Run: [Micsoft-Published-Software] explrer.exe
O4 - HKLM\..\RunServices: [Micsoft-Published-Software] explrer.exe
O4 - HKCU\..\Run: [Micsoft-Published-Software] explrer.exe

O4 - HKLM\..\Run: [Mirsoft sdcE] taskmegr.exe
O4 - HKLM\..\RunServices: [Mirsoft sdcE] taskmegr.exe

O4 - HKLM\..\Run: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif
O4 - HKLM\..\RunServices: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif

O4 - HKLM\..\Run: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe
O4 - HKLM\..\RunServices: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe

O4 - HKLM\..\Run: [mlibsysmc] comzcinc.exe
O4 - HKLM\..\RunServices: [mlibsysmc] comzcinc.exe

O4 - HKLM\..\Run: [mrsvctr] C:\WINDOWS\system32\mrsvctr.exe

O4 - HKLM\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKCU\..\Run: [MS Auto-IPSec Protection] MSASP32.exe

O4 - HKLM\..\Run: [MS Config] msdconfig.exe
O4 - HKLM\..\RunServices: [MS Config] msdconfig.exe
O4 - HKCU\..\Run: [MS Config] msdconfig.exe

O4 - HKLM\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe

O4 - HKLM\..\Run: [MS Config Service] Msloader32.exe
O4 - HKLM\..\RunServices: [MS Config Service] Msloader32.exe

O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe

O4 - HKLM\..\Run: [MS Domain Name Server Deamon] p.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] p.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] p.exe

O4 - HKLM\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKLM\..\RunServices: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKCU\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe

F2 - REG:system.ini: Shell=Explorer.exe javaapplets.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplets.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe

F2 - REG:system.ini: Shell=Explorer.exe javaapplet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplet.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe

F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjava.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe
(or filename - mguard.exe / msi32java.exe / (Random Number)_netapi.exe / MS32.exe)

F2 - REG:system.ini: Shell=Explorer.exe xpjavams.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjavams.exe
O4 - HKLM\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKLM\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javanet.exe
O4 - HKLM\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe

F2 - REG:system.ini: Shell=Explorer.exe msjavames.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavames.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe

F2 - REG:system.ini: Shell=Explorer.exe msjavaxps.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavaxps.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe

F2 - REG:system.ini: Shell=Explorer.exe wrapper.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wrapper.exe
O4 - HKLM\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe

F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msijavaupdt32.exe
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKLM\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
(or filename - msejavaupdt32.exe)

F2 - REG:system.ini: Shell=Explorer.exe winskd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winskd.exe
O4 - HKLM\..\Run: [Ms load for Windows NT] winskd.exe
O4 - HKCU\..\Run: [Ms load for Windows NT] winskd.exe

O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe

F2 - REG:system.ini: Shell=Explorer.exe msident.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msident.exe
O4 - HKLM\..\Run: [MS Security Update 993] msident.exe
O4 - HKLM\..\RunServices: [MS Security Update 993] msident.exe
O4 - HKCU\..\Run: [MS Security Update 993] msident.exe
O4 - HKCU\..\RunServices: [MS Security Update 993] msident.exe

F2 - REG:system.ini: Shell=Explorer.exe winser.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winser.exe
O4 - HKLM\..\Run: [Ms sock for Windows NT] winser.exe
O4 - HKCU\..\Run: [Ms sock for Windows NT] winser.exe

O4 - HKLM\..\Run: [Ms Spool32] iexplore.exe
O4 - HKLM\..\RunServices: [Ms Spool32] iexplore.exe

O4 - HKLM\..\Run: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe
O4 - HKLM\..\RunServices: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe
O4 - HKCU\..\Run: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe

O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [Ms System Config] Mscfg.exe
O4 - HKCU\..\RunServices: [Ms System Config] Mscfg.exe

O4 - HKLM\..\Run: [Ms System Config] pcedit.exe
O4 - HKLM\..\RunServices: [Ms System Config] pcedit.exe
O4 - HKCU\..\Run: [Ms System Config] pcedit.exe

O4 - HKLM\..\Run: [MS Service Drivers] winscv.exe
O4 - HKLM\..\RunServices: [MS Service Drivers] winscv.exe
O4 - HKCU\..\Run: [MS Service Drivers] winscv.exe
O4 - HKCU\..\RunServices: [MS Service Drivers] winscv.exe

O4 - HKLM\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\RunServices: [Ms Task Manager] tskmgr.exe

O4 - HKLM\..\Run: [MS Unix Binary] cssrs.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] cssrs.exe
O4 - HKCU\..\Run: [MS Unix Binary] cssrs.exe

O4 - HKLM\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKCU\..\Run: [MS Unix Binary] hypertrm.exe

O4 - HKLM\..\Run: [MS Unix Binary] msnupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe
O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe

O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe

O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Norton2005Update.exe

O4 - HKLM\..\Run: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] outlookexpressupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] win32ttb.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] win32ttb.exe
O4 - HKCU\..\Run: [MS Unix Binary] win32ttb.exe

O4 - HKLM\..\Run: [MS Unix Binary] Win32Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Win32Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Win32Update.exe

O4 - HKLM\..\Run: [MS Unix Binary] WinGuard.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] WinGuard.exe
O4 - HKCU\..\Run: [MS Unix Binary] WinGuard.exe

O4 - HKLM\..\Run: [MS Unix Binary] wrdpad05.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] wrdpad05.exe
O4 - HKCU\..\Run: [MS Unix Binary] wrdpad05.exe

F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winservnt32.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe

O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe

O4 - HKLM\..\Run: [MS-Windows Login Service] winlogin32.exe
O4 - HKLM\..\RunServices: [MS-Windows Login Service] winlogin32.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [msdatabase] msdatabase.exe
O4 - HKLM\..\RunServices: [msdatabase] msdatabase.exe

O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe

F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdnxp.exe
O4 - HKLM\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe
O4 - HKCU\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe

F2 - REG:system.ini: Shell=Explorer.exe msdn-nt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdn-nt.exe
O4 - HKLM\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe
O4 - HKCU\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe

O4 - HKLM\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\RunServices: [MSDOS Windows Service] MSDOS.PIF
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF

O4 - HKCU\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
O4 - HKLM\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe

O4 - HKLM\..\Run: [MSN] msn16.exe
O4 - HKLM\..\RunServices: [MSN] msn16.exe
O4 - HKCU\..\Run: [MSN] msn16.exe

O4 - HKLM\..\Run: [msnsmgr] MsnMsr.exe

O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe

O4 - HKLM\..\Run: [MSN Live Messanger] msnlive.exe
O4 - HKLM\..\RunServices: [MSN Live Messanger] msnlive.exe

O4 - HKCU\..\Run: [MSN Live Messanger] msnlivegs.exe
O4 - HKLM\..\Run: [MSN Live Messanger] msnlivegs.exe

O4 - HKLM\..\Run: [Msn Messanger] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\RunServices: [Msn Messanger] C:\WINDOWS\system32\crsss.exe

O4 - HKLM\..\Run: [MSN messanger] msnmsgsm.exe
O4 - HKLM\..\RunServices: [MSN messanger] msnmsgsm.exe

O4 - HKLM\..\Run: [MSN Messanger] msnmsgsmn.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsgsmn.exe
O4 - HKCU\..\Run: [MSN Messanger] msnmsgsmn.exe

O4 - HKLM\..\Run: [MSN Messanger Live] winntmsn.exe
O4 - HKLM\..\RunServices: [MSN Messanger Live] winntmsn.exe
O4 - HKCU\..\Run: [MSN Messanger Live] winntmsn.exe

O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe

O4 - HKLM\..\Run: [MSN MESSENGER] svhostes.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER] svhostes.exe
O4 - HKCU\..\Run: [MSN MESSENGER] svhostes.exe

O4 - HKLM\..\Run:
24 Mars 2007 10:48:05

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:50:36, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\services.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\courteoux\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [Loud Date 16 Soap] C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate\Thunkdash.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7433 bytes
24 Mars 2007 10:50:55

Rapport fait à 10:52:40,70 le 24/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

24/03/2007 10:06 <REP> .
24/03/2007 10:06 <REP> ..
24/03/2007 10:06 <REP> Microsoft
24/03/2007 10:06 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ635ÿ264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

24/03/2007 10:06 <REP> .
24/03/2007 10:06 <REP> ..
24/03/2007 10:06 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ631ÿ168 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\All Users\Application Data

19/11/2006 15:08 <REP> .
19/11/2006 15:08 <REP> ..
21/03/2007 18:47 <REP> {F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8}
04/02/2007 10:58 <REP> Apple Computer
30/11/2006 07:47 <REP> Avg7
21/03/2007 18:48 <REP> Blueberry
03/01/2007 19:53 <REP> Dumbbaselouddate
14/01/2007 10:30 <REP> Google
31/12/2006 20:10 <REP> Messenger Plus!
19/11/2006 15:08 <REP> Microsoft
17/01/2007 16:35 <REP> Microsoft Help
05/12/2006 13:31 <REP> Windows Live Toolbar
19/11/2006 17:27 <REP> Yahoo! Companion
19/11/2006 15:09 62 desktop.ini
1 fichier(s) 62 octets
13 R‚p(s) 33ÿ194ÿ631ÿ168 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\courteoux\Application Data

19/11/2006 14:35 <REP> .
19/11/2006 14:35 <REP> ..
03/01/2007 19:52 <REP> 32 dale logo
31/12/2006 11:32 <REP> Adobe
04/02/2007 12:37 <REP> Apple Computer
21/03/2007 18:48 <REP> Blueberry
17/01/2007 15:29 <REP> codeblocks
13/02/2007 21:05 <REP> Dev-Cpp
05/12/2006 17:36 <REP> Google
22/02/2007 16:55 <REP> Help
19/11/2006 14:35 <REP> Identities
22/12/2006 21:45 <REP> Jasc
27/11/2006 19:05 <REP> Lavasoft
27/11/2006 18:29 <REP> Macromedia
04/02/2007 15:35 <REP> MegauploadToolbar
19/11/2006 14:35 <REP> Microsoft
19/11/2006 15:27 <REP> Microsoft Web Folders
03/12/2006 09:30 <REP> Mozilla
16/12/2006 15:34 <REP> Notepad++
02/03/2007 21:56 <REP> Nvu
12/01/2007 17:58 <REP> Sun
16/12/2006 09:12 <REP> teamspeak2
19/11/2006 14:35 62 desktop.ini
1 fichier(s) 62 octets
22 R‚p(s) 33ÿ194ÿ631ÿ168 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\courteoux\Local Settings\Application Data

19/11/2006 14:35 <REP> .
19/11/2006 14:35 <REP> ..
04/02/2007 12:06 <REP> Apple Computer
05/12/2006 17:36 <REP> Google
22/02/2007 16:55 <REP> Help
21/11/2006 17:10 <REP> Identities
19/11/2006 14:35 <REP> Microsoft
17/01/2007 16:49 <REP> Microsoft Help
03/12/2006 09:31 <REP> Mozilla
21/03/2007 18:46 <REP> Seven Zip
04/03/2007 12:55 <REP> Stardock
07/02/2007 15:22 <REP> WMTools Downloaded Files
15/12/2006 16:21 5ÿ632 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19/11/2006 15:04 81ÿ584 GDIPFONTCACHEV1.DAT
05/03/2007 20:38 3ÿ781ÿ922 IconCache.db
3 fichier(s) 3ÿ869ÿ138 octets
12 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Default User\Application Data

19/11/2006 15:08 <REP> .
19/11/2006 15:08 <REP> ..
19/11/2006 15:08 <REP> Microsoft
19/11/2006 15:09 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

19/11/2006 15:09 <REP> .
19/11/2006 15:09 <REP> ..
19/11/2006 14:24 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

19/11/2006 14:32 <REP> .
19/11/2006 14:32 <REP> ..
19/11/2006 14:32 <REP> Microsoft
19/11/2006 14:32 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

19/11/2006 14:32 <REP> .
19/11/2006 14:32 <REP> ..
19/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ627ÿ072 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\Tasks

02/03/2007 12:45 276 A847E5B991849C2D.job
04/02/2007 10:59 284 AppleSoftwareUpdate.job
05/12/2006 13:31 364 Check Updates for Windows Live Toolbar.job
19/11/2006 14:34 6 SA.DAT
19/11/2006 14:20 65 desktop.ini
19/11/2006 14:20 <REP> ..
19/11/2006 14:20 <REP> .
5 fichier(s) 995 octets
2 R‚p(s) 33ÿ194ÿ622ÿ976 octets libres

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Program Files

24/03/2007 09:29 <REP> .
24/03/2007 09:29 <REP> ..
04/03/2007 13:37 6ÿ514ÿ945 343 MFT&HNT.rar
31/12/2006 11:29 <REP> Adobe
30/11/2006 07:42 <REP> Alwil Software
04/02/2007 10:59 <REP> Apple Software Update
21/03/2007 18:47 <REP> Blueberry Software
04/03/2007 12:29 27ÿ790ÿ749 brico pakc vista.zip
19/11/2006 16:55 <REP> CCleaner
27/02/2007 12:49 <REP> Dofus
24/03/2007 09:29 <REP> e-anim701
13/03/2007 20:17 <REP> EasyPHP1-8
16/03/2007 07:33 <REP> Eurobarre
21/03/2007 18:47 <REP> Fichiers communs
14/03/2007 18:52 <REP> FileZilla
11/02/2007 09:17 <REP> Google
04/03/2007 12:55 <REP> Internet Explorer
22/12/2006 21:44 <REP> Jasc Software Inc
04/01/2007 19:23 <REP> Java
20/03/2007 18:28 <REP> Jmgr.info
03/03/2007 21:11 <REP> JPA
22/11/2006 11:46 <REP> LEGO Media
11/01/2007 20:22 <REP> LimeWire
03/03/2007 21:10 2ÿ118ÿ576 madotate3d.exe
05/01/2007 19:58 <REP> Messenger Plus! Live
19/11/2006 14:26 <REP> microsoft frontpage
17/01/2007 16:35 <REP> Microsoft Office
17/01/2007 16:36 <REP> Microsoft.NET
13/03/2007 20:50 <REP> mIRC
07/02/2007 15:11 <REP> movie maker
24/03/2007 10:10 <REP> Mozilla Firefox
19/11/2006 14:26 <REP> msn gaming zone
24/03/2007 01:11 <REP> MSN Messenger
19/11/2006 14:20 <REP> NetMeeting
02/03/2007 21:17 <REP> Notepad++
04/03/2007 12:55 <REP> Outlook Express
05/02/2007 08:48 <REP> PhotoFiltre
31/12/2006 11:26 <REP> photoshop 7.0 FR
04/02/2007 11:05 <REP> QuickTime
24/12/2006 21:09 <REP> RealVNC
31/12/2006 11:27 <REP> red eye remover 1.6 et 1.7 (suppression yeux rouges)
19/11/2006 14:21 <REP> Services en ligne
04/03/2007 15:24 927ÿ779 SetupXnBeep.exe
18/02/2007 16:29 <REP> Slayers Online
16/12/2006 11:11 <REP> Sonic Foundry
22/11/2006 11:25 <REP> The Learning Company
05/12/2006 13:31 <REP> Windows Live Toolbar
04/03/2007 12:55 <REP> Windows Media Player
19/11/2006 14:26 <REP> Windows NT
22/02/2007 16:55 <REP> WinRAR
19/11/2006 14:26 <REP> xerox
12/03/2007 20:14 <REP> X-NetStat
19/11/2006 16:55 <REP> Yahoo!
4 fichier(s) 37ÿ352ÿ049 octets
49 R‚p(s) 33ÿ194ÿ622ÿ976 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
naruto-chunin.jeun.fr REG_BINARY
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
mysearchnow.com REG_SZ
www.mysearchnow.com REG_SZ
rap-battle.jeun.fr REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\COURTEOUX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6BS1Z9WZ.DEFAULT\HOSTPERM.1
host popup 1 telechargement.journaldunet.com
host popup 1 survivants.jeun.fr
host popup 1 naruto-killer.get-forum.net
host popup 1 www.ogame.fr
host popup 1 forum.zone-graph.com
host popup 1 forum.telecharger.01net.com
host popup 1 www.logitheque.com

******************************************
## Registre

Rapport fait à 10:52:56,81 le 24/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

24/03/2007 10:06 <REP> .
24/03/2007 10:06 <REP> ..
24/03/2007 10:06 <REP> Microsoft
24/03/2007 10:06 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ586ÿ112 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

24/03/2007 10:06 <REP> .
24/03/2007 10:06 <REP> ..
24/03/2007 10:06 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ586ÿ112 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\All Users\Application Data

19/11/2006 15:08 <REP> .
19/11/2006 15:08 <REP> ..
21/03/2007 18:47 <REP> {F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8}
04/02/2007 10:58 <REP> Apple Computer
30/11/2006 07:47 <REP> Avg7
21/03/2007 18:48 <REP> Blueberry
03/01/2007 19:53 <REP> Dumbbaselouddate
14/01/2007 10:30 <REP> Google
31/12/2006 20:10 <REP> Messenger Plus!
19/11/2006 15:08 <REP> Microsoft
17/01/2007 16:35 <REP> Microsoft Help
05/12/2006 13:31 <REP> Windows Live Toolbar
19/11/2006 17:27 <REP> Yahoo! Companion
19/11/2006 15:09 62 desktop.ini
1 fichier(s) 62 octets
13 R‚p(s) 33ÿ194ÿ586ÿ112 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\courteoux\Application Data

19/11/2006 14:35 <REP> .
19/11/2006 14:35 <REP> ..
03/01/2007 19:52 <REP> 32 dale logo
31/12/2006 11:32 <REP> Adobe
04/02/2007 12:37 <REP> Apple Computer
21/03/2007 18:48 <REP> Blueberry
17/01/2007 15:29 <REP> codeblocks
13/02/2007 21:05 <REP> Dev-Cpp
05/12/2006 17:36 <REP> Google
22/02/2007 16:55 <REP> Help
19/11/2006 14:35 <REP> Identities
22/12/2006 21:45 <REP> Jasc
27/11/2006 19:05 <REP> Lavasoft
27/11/2006 18:29 <REP> Macromedia
04/02/2007 15:35 <REP> MegauploadToolbar
19/11/2006 14:35 <REP> Microsoft
19/11/2006 15:27 <REP> Microsoft Web Folders
03/12/2006 09:30 <REP> Mozilla
16/12/2006 15:34 <REP> Notepad++
02/03/2007 21:56 <REP> Nvu
12/01/2007 17:58 <REP> Sun
16/12/2006 09:12 <REP> teamspeak2
19/11/2006 14:35 62 desktop.ini
1 fichier(s) 62 octets
22 R‚p(s) 33ÿ194ÿ586ÿ112 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\courteoux\Local Settings\Application Data

19/11/2006 14:35 <REP> .
19/11/2006 14:35 <REP> ..
04/02/2007 12:06 <REP> Apple Computer
05/12/2006 17:36 <REP> Google
22/02/2007 16:55 <REP> Help
21/11/2006 17:10 <REP> Identities
19/11/2006 14:35 <REP> Microsoft
17/01/2007 16:49 <REP> Microsoft Help
03/12/2006 09:31 <REP> Mozilla
21/03/2007 18:46 <REP> Seven Zip
04/03/2007 12:55 <REP> Stardock
07/02/2007 15:22 <REP> WMTools Downloaded Files
15/12/2006 16:21 5ÿ632 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19/11/2006 15:04 81ÿ584 GDIPFONTCACHEV1.DAT
05/03/2007 20:38 3ÿ781ÿ922 IconCache.db
3 fichier(s) 3ÿ869ÿ138 octets
12 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Default User\Application Data

19/11/2006 15:08 <REP> .
19/11/2006 15:08 <REP> ..
19/11/2006 15:08 <REP> Microsoft
19/11/2006 15:09 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

19/11/2006 15:09 <REP> .
19/11/2006 15:09 <REP> ..
19/11/2006 14:24 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

19/11/2006 14:32 <REP> .
19/11/2006 14:32 <REP> ..
19/11/2006 14:32 <REP> Microsoft
19/11/2006 14:32 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

19/11/2006 14:32 <REP> .
19/11/2006 14:32 <REP> ..
19/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ582ÿ016 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\Tasks

02/03/2007 12:45 276 A847E5B991849C2D.job
04/02/2007 10:59 284 AppleSoftwareUpdate.job
05/12/2006 13:31 364 Check Updates for Windows Live Toolbar.job
19/11/2006 14:34 6 SA.DAT
19/11/2006 14:20 65 desktop.ini
19/11/2006 14:20 <REP> ..
19/11/2006 14:20 <REP> .
5 fichier(s) 995 octets
2 R‚p(s) 33ÿ194ÿ577ÿ920 octets libres

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Program Files

24/03/2007 09:29 <REP> .
24/03/2007 09:29 <REP> ..
04/03/2007 13:37 6ÿ514ÿ945 343 MFT&HNT.rar
31/12/2006 11:29 <REP> Adobe
30/11/2006 07:42 <REP> Alwil Software
04/02/2007 10:59 <REP> Apple Software Update
21/03/2007 18:47 <REP> Blueberry Software
04/03/2007 12:29 27ÿ790ÿ749 brico pakc vista.zip
19/11/2006 16:55 <REP> CCleaner
27/02/2007 12:49 <REP> Dofus
24/03/2007 09:29 <REP> e-anim701
13/03/2007 20:17 <REP> EasyPHP1-8
16/03/2007 07:33 <REP> Eurobarre
21/03/2007 18:47 <REP> Fichiers communs
14/03/2007 18:52 <REP> FileZilla
11/02/2007 09:17 <REP> Google
04/03/2007 12:55 <REP> Internet Explorer
22/12/2006 21:44 <REP> Jasc Software Inc
04/01/2007 19:23 <REP> Java
20/03/2007 18:28 <REP> Jmgr.info
03/03/2007 21:11 <REP> JPA
22/11/2006 11:46 <REP> LEGO Media
11/01/2007 20:22 <REP> LimeWire
03/03/2007 21:10 2ÿ118ÿ576 madotate3d.exe
05/01/2007 19:58 <REP> Messenger Plus! Live
19/11/2006 14:26 <REP> microsoft frontpage
17/01/2007 16:35 <REP> Microsoft Office
17/01/2007 16:36 <REP> Microsoft.NET
13/03/2007 20:50 <REP> mIRC
07/02/2007 15:11 <REP> movie maker
24/03/2007 10:10 <REP> Mozilla Firefox
19/11/2006 14:26 <REP> msn gaming zone
24/03/2007 01:11 <REP> MSN Messenger
19/11/2006 14:20 <REP> NetMeeting
02/03/2007 21:17 <REP> Notepad++
04/03/2007 12:55 <REP> Outlook Express
05/02/2007 08:48 <REP> PhotoFiltre
31/12/2006 11:26 <REP> photoshop 7.0 FR
04/02/2007 11:05 <REP> QuickTime
24/12/2006 21:09 <REP> RealVNC
31/12/2006 11:27 <REP> red eye remover 1.6 et 1.7 (suppression yeux rouges)
19/11/2006 14:21 <REP> Services en ligne
04/03/2007 15:24 927ÿ779 SetupXnBeep.exe
18/02/2007 16:29 <REP> Slayers Online
16/12/2006 11:11 <REP> Sonic Foundry
22/11/2006 11:25 <REP> The Learning Company
05/12/2006 13:31 <REP> Windows Live Toolbar
04/03/2007 12:55 <REP> Windows Media Player
19/11/2006 14:26 <REP> Windows NT
22/02/2007 16:55 <REP> WinRAR
19/11/2006 14:26 <REP> xerox
12/03/2007 20:14 <REP> X-NetStat
19/11/2006 16:55 <REP> Yahoo!
4 fichier(s) 37ÿ352ÿ049 octets
49 R‚p(s) 33ÿ194ÿ577ÿ920 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
naruto-chunin.jeun.fr REG_BINARY
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
mysearchnow.com REG_SZ
www.mysearchnow.com REG_SZ
rap-battle.jeun.fr REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ

* Mozilla Firefox (1 autorisé 2 interdit)
Rapport fait à 10:53:08,07 le 24/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

24/03/2007 10:06 <REP> .
24/03/2007 10:06 <REP> ..
24/03/2007 10:06 <REP> Microsoft
24/03/2007 10:06 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ565ÿ632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

24/03/2007 10:06 <REP> .
24/03/2007 10:06 <REP> ..
24/03/2007 10:06 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ565ÿ632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\All Users\Application Data

19/11/2006 15:08 <REP> .
19/11/2006 15:08 <REP> ..
21/03/2007 18:47 <REP> {F9228DAD-21AA-4BC3-8B63-E19AA9EEA5F8}
04/02/2007 10:58 <REP> Apple Computer
30/11/2006 07:47 <REP> Avg7
21/03/2007 18:48 <REP> Blueberry
03/01/2007 19:53 <REP> Dumbbaselouddate
14/01/2007 10:30 <REP> Google
31/12/2006 20:10 <REP> Messenger Plus!
19/11/2006 15:08 <REP> Microsoft
17/01/2007 16:35 <REP> Microsoft Help
05/12/2006 13:31 <REP> Windows Live Toolbar
19/11/2006 17:27 <REP> Yahoo! Companion
19/11/2006 15:09 62 desktop.ini
1 fichier(s) 62 octets
13 R‚p(s) 33ÿ194ÿ565ÿ632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\courteoux\Application Data

19/11/2006 14:35 <REP> .
19/11/2006 14:35 <REP> ..
03/01/2007 19:52 <REP> 32 dale logo
31/12/2006 11:32 <REP> Adobe
04/02/2007 12:37 <REP> Apple Computer
21/03/2007 18:48 <REP> Blueberry
17/01/2007 15:29 <REP> codeblocks
13/02/2007 21:05 <REP> Dev-Cpp
05/12/2006 17:36 <REP> Google
22/02/2007 16:55 <REP> Help
19/11/2006 14:35 <REP> Identities
22/12/2006 21:45 <REP> Jasc
27/11/2006 19:05 <REP> Lavasoft
27/11/2006 18:29 <REP> Macromedia
04/02/2007 15:35 <REP> MegauploadToolbar
19/11/2006 14:35 <REP> Microsoft
19/11/2006 15:27 <REP> Microsoft Web Folders
03/12/2006 09:30 <REP> Mozilla
16/12/2006 15:34 <REP> Notepad++
02/03/2007 21:56 <REP> Nvu
12/01/2007 17:58 <REP> Sun
16/12/2006 09:12 <REP> teamspeak2
19/11/2006 14:35 62 desktop.ini
1 fichier(s) 62 octets
22 R‚p(s) 33ÿ194ÿ565ÿ632 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\courteoux\Local Settings\Application Data

19/11/2006 14:35 <REP> .
19/11/2006 14:35 <REP> ..
04/02/2007 12:06 <REP> Apple Computer
05/12/2006 17:36 <REP> Google
22/02/2007 16:55 <REP> Help
21/11/2006 17:10 <REP> Identities
19/11/2006 14:35 <REP> Microsoft
17/01/2007 16:49 <REP> Microsoft Help
03/12/2006 09:31 <REP> Mozilla
21/03/2007 18:46 <REP> Seven Zip
04/03/2007 12:55 <REP> Stardock
07/02/2007 15:22 <REP> WMTools Downloaded Files
15/12/2006 16:21 5ÿ632 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
19/11/2006 15:04 81ÿ584 GDIPFONTCACHEV1.DAT
05/03/2007 20:38 3ÿ781ÿ922 IconCache.db
3 fichier(s) 3ÿ869ÿ138 octets
12 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Default User\Application Data

19/11/2006 15:08 <REP> .
19/11/2006 15:08 <REP> ..
19/11/2006 15:08 <REP> Microsoft
19/11/2006 15:09 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

19/11/2006 15:09 <REP> .
19/11/2006 15:09 <REP> ..
19/11/2006 14:24 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\LocalService\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\NetworkService\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

19/11/2006 14:34 <REP> .
19/11/2006 14:34 <REP> ..
19/11/2006 14:34 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

19/11/2006 14:32 <REP> .
19/11/2006 14:32 <REP> ..
19/11/2006 14:32 <REP> Microsoft
19/11/2006 14:32 62 desktop.ini
1 fichier(s) 62 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

19/11/2006 14:32 <REP> .
19/11/2006 14:32 <REP> ..
19/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 R‚p(s) 33ÿ194ÿ561ÿ536 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\WINDOWS\Tasks

02/03/2007 12:45 276 A847E5B991849C2D.job
04/02/2007 10:59 284 AppleSoftwareUpdate.job
05/12/2006 13:31 364 Check Updates for Windows Live Toolbar.job
19/11/2006 14:34 6 SA.DAT
19/11/2006 14:20 65 desktop.ini
19/11/2006 14:20 <REP> ..
19/11/2006 14:20 <REP> .
5 fichier(s) 995 octets
2 R‚p(s) 33ÿ194ÿ557ÿ440 octets libres

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est C046-F35D

R‚pertoire de C:\Program Files

24/03/2007 09:29 <REP> .
24/03/2007 09:29 <REP> ..
04/03/2007 13:37 6ÿ514ÿ945 343 MFT&HNT.rar
31/12/2006 11:29 <REP> Adobe
30/11/2006 07:42 <REP> Alwil Software
04/02/2007 10:59 <REP> Apple Software Update
21/03/2007 18:47 <REP> Blueberry Software
04/03/2007 12:29 27ÿ790ÿ749 brico pakc vista.zip
19/11/2006 16:55 <REP> CCleaner
27/02/2007 12:49 <REP> Dofus
24/03/2007 09:29 <REP> e-anim701
13/03/2007 20:17 <REP> EasyPHP1-8
16/03/2007 07:33 <REP> Eurobarre
21/03/2007 18:47 <REP> Fichiers communs
14/03/2007 18:52 <REP> FileZilla
11/02/2007 09:17 <REP> Google
04/03/2007 12:55 <REP> Internet Explorer
22/12/2006 21:44 <REP> Jasc Software Inc
04/01/2007 19:23 <REP> Java
20/03/2007 18:28 <REP> Jmgr.info
03/03/2007 21:11 <REP> JPA
22/11/2006 11:46 <REP> LEGO Media
11/01/2007 20:22 <REP> LimeWire
03/03/2007 21:10 2ÿ118ÿ576 madotate3d.exe
05/01/2007 19:58 <REP> Messenger Plus! Live
19/11/2006 14:26 <REP> microsoft frontpage
17/01/2007 16:35 <REP> Microsoft Office
17/01/2007 16:36 <REP> Microsoft.NET
13/03/2007 20:50 <REP> mIRC
07/02/2007 15:11 <REP> movie maker
24/03/2007 10:10 <REP> Mozilla Firefox
19/11/2006 14:26 <REP> msn gaming zone
24/03/2007 01:11 <REP> MSN Messenger
19/11/2006 14:20 <REP> NetMeeting
02/03/2007 21:17 <REP> Notepad++
04/03/2007 12:55 <REP> Outlook Express
05/02/2007 08:48 <REP> PhotoFiltre
31/12/2006 11:26 <REP> photoshop 7.0 FR
04/02/2007 11:05 <REP> QuickTime
24/12/2006 21:09 <REP> RealVNC
31/12/2006 11:27 <REP> red eye remover 1.6 et 1.7 (suppression yeux rouges)
19/11/2006 14:21 <REP> Services en ligne
04/03/2007 15:24 927ÿ779 SetupXnBeep.exe
18/02/2007 16:29 <REP> Slayers Online
16/12/2006 11:11 <REP> Sonic Foundry
22/11/2006 11:25 <REP> The Learning Company
05/12/2006 13:31 <REP> Windows Live Toolbar
04/03/2007 12:55 <REP> Windows Media Player
19/11/2006 14:26 <REP> Windows NT
22/02/2007 16:55 <REP> WinRAR
19/11/2006 14:26 <REP> xerox
12/03/2007 20:14 <REP> X-NetStat
19/11/2006 16:55 <REP> Yahoo!
4 fichier(s) 37ÿ352ÿ049 octets
49 R‚p(s) 33ÿ194ÿ557ÿ440 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
naruto-chunin.jeun.fr REG_BINARY
dns-look-up.com REG_SZ
www.dns-look-up.com REG_SZ
mysearchnow.com REG_SZ
www.mysearchnow.com REG_SZ
rap-battle.jeun.fr REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
searchweb2.com REG_SZ
www.searchweb2.com REG_SZ

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\COURTEOUX\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6BS1Z9WZ.DEFAULT\HOSTPERM.1
host popup 1 telechargement.journaldunet.com
host popup 1 survivants.jeun.fr
host popup 1 naruto-killer.get-forum.net
host popup 1 www.ogame.fr
host popup 1 forum.zone-graph.com
host popup 1 forum.telecharger.01net.com
host popup 1 www.logitheque.com

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://www.google.com/ie

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Loud Date 16 Soap REG_SZ C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate\Thunkdash.exe

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Gpl roam REG_SZ C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************
24 Mars 2007 14:02:01

Re


Supprime SDFix, on change de façon de faire


Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
.


1 Télécharge
CCleaner.

http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...


2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


3 Relance un scan HijackThis et coche les lignes ci-dessous :

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Loud Date 16 Soap] C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate\Thunkdash.exe
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer


5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate
C:\Documents and Settings\courteoux\Application Data\32 dale logo
C:\WINDOWS\Tasks\A847E5B991849C2D.job

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.


6 Lance le nettoyage avec CCleaner.


7 Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.
24 Mars 2007 15:06:50

SDFix v1.74

Updated 22nd March 9pm SDFix will only run on Windows 2000 and Windows XP in Safe Mode !
Search Page (Online) View Changelog (Online)

Catchme W2K/XP/Vista - Userland Rootkit Detector By Gmer - www.gmer.net/catchme

SDFix uses files by the following developers:
Alexander Frink Charles Dye Craig Peacock Flexhex Gmer
Frank Heyne Software Noël Danjou Robin Keir SteelWerX

Thankyou to them. everyone at SpywareInfo and the MR team



The fixtool removes these Trojan Variants (Listed using Trend Micro's - HijackThis)


Backdoor (IRCBot) Trojans:

O4 - Startup: MY_C4D.jpg
O4 - Startup: rBot.exe
O4 - Startup: svchost.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Wincbr.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: wupdmgr.exe

O4 - HKLM\..\Run: [] ifconfig.exe
O4 - HKLM\..\RunServices: [] ifconfig.exe
O4 - HKCU\..\Run: [] ifconfig.exe

O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe

O4 - HKLM\..\Run: [] winxp.exe
O4 - HKLM\..\RunServices: [] winxp.exe
O4 - HKCU\..\Run: [] winxp.exe

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [.nvsvcb] C:\WINDOWS\System32\smssb.exe

F2 - REG:system.ini: Shell=Explorer.exe update.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,update.exe
O4 - HKLM\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKCU\..\Run: [aa bbcc dde effgghh jj] update.exe

O4 - HKLM\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe

O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe

O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe

O4 - HKLM\..\Run: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserve.exe

O4 - HKLM\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winslog.exe
O4 - HKCU\..\Run: [AdobeReaderPro] winslog.exe

O4 - HKLM\..\Run: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\RunServices: [AdobeReaderProfessional] msx64.exe

O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe

O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe

O4 - HKLM\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKCU\..\Run: [ApplicationProtocolRun] smsbvl32.exe

O4 - HKLM\..\Run: [asnconsole] msasn.exe
O4 - HKLM\..\RunServices: [asnconsole] msasn.exe

F2 - REG:system.ini: Shell=Explorer.exe asus.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,asus.exe
O4 - HKLM\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe

O4 - HKLM\..\Run: [ATI Active Graphics Card Monitor] C:\WINDOWS\System32\atievx.exe

O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe
O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe
O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe

O4 - HKLM\..\Run: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\RunServices: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe

O4 - HKLM\..\Run: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\RunServices: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe

O4 - HKLM\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] atigfx.exe

O4 - HKLM\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] pixman.exe

O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32x.exe

O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe

O4 - HKLM\..\Run: [blah services] xagwxzy.exe
O4 - HKLM\..\RunServices: [blah services] xagwxzy.exe

O4 - HKLM\..\Run: [BLF] C:\WINDOWS\system32\blf.exe

O4 - HKLM\..\Run: [Casino Royale] jamesbond.exe
O4 - HKLM\..\RunServices: [Casino Royale] jamesbond.exe

O4 - HKLM\..\Run: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\RunServices: [Catalyst Control Centre] atixvdm.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\csrs.exe

O4 - HKLM\..\Run: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\RunServices: [Client Server Run Time Proccess] csrsrv.exe

O4 - HKLM\..\Run: [Command Interpreter] ucmd.exe
O4 - HKLM\..\RunServices: [Command Interpreter] ucmd.exe

O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe

O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe

O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] msnsvc.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe

O4 - HKLM\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers 32] compq32.exe

O4 - HKLM\..\Run: [Configuration Loader] configldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] configldr.exe

O4 - HKLM\..\Run: [Configuration Loader] iexplore.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexplore.exe

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe

O4 - HKLM\..\Run: [Configuration Loader] svchost2.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svchost2.exe

O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] syscfg32.exe

O4 - HKLM\..\RunServices: [Configuration Loader] loadcfg32.exe

O4 - HKLM\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\RunServices: [Configuration Servecie] sewins.exe
O4 - HKCU\..\Run: [Configuration Servecie] sewins.exe

O4 - HKLM\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\RunServices: [control panel software service] cprs.exe
O4 - HKCU\..\Run: [control panel software service] cprs.exe

O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKLM\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\RunServices: [CPMP32 Settings] cpmp32.exe
O4 - HKCU\..\Run: [CPMP32 Settings] cpmp32.exe

O4 - HKLM\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\RunServices: [CPVHOST Settings] cpvhost.exe
O4 - HKCU\..\Run: [CPVHOST Settings] cpvhost.exe

O4 - HKLM\..\Run: [CRCSS] crcss.exe

F2 - REG:system.ini: Shell=Explorer.exe creative.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,creative.exe
O4 - HKLM\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe

O4 - HKLM\..\Run: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKCU\..\Run: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunOnce: [Creative Devldr32] devldr32exe

O4 - HKLM\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\RunServices: [CRP386 Networking] crp386.exe
O4 - HKCU\..\Run: [CRP386 Networking] crp386.exe

O4 - HKLM\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\RunServices: [CRSSXP SysInfo] crssxp.exe
O4 - HKCU\..\Run: [CRSSXP SysInfo] crssxp.exe

O4 - HKLM\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\RunServices: [DELXP Protocol] delxp.exe
O4 - HKCU\..\Run: [DELXP Protocol] delxp.exe

O4 - HKLM\..\Run: [Device Manager] wfxmgr.exe
O4 - HKLM\..\RunServices: [Device Manager] wfxmgr.exe

O4 - HKLM\..\Run: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\RunServices: [DIVX Video Player] DIVXPloyer.exe

F2 - REG:system.ini: Shell=Explorer.exe windfe.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,windfe.exe
O4 - HKLM\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe

O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe

O4 - HKLM\..\Run: [DRam prosessor] dll.exe
O4 - HKLM\..\RunServices: [DRam prosessor] dll.exe

O4 - HKLM\..\Run: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\RunServices: [DRam prosessor] HWAPI.exe

O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe

O4 - HKLM\..\Run: [DRam prosessor] winsys.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winsys.exe

O4 - HKLM\..\Run: [Drammm] lolla.exe
O4 - HKLM\..\RunServices: [Drammm] lolla.exe

O4 - HKLM\..\Run: [DRan posessor] DAP.exe
O4 - HKLM\..\RunServices: [DRan posessor] DAP.exe

O4 - HKLM\..\Run: [dsd] zz.exe
O4 - HKLM\..\RunServices: [dsd] zz.exe
O4 - HKCU\..\Run: [dsd] zz.exe
O4 - HKCU\..\RunServices: [dsd] zz.exe

O4 - HKLM\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] cmd16.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] cmd16.exe

O4 - HKLM\..\Run: [Eclipse Environment] C:\WINDOWS\system32\eclipse.exe

F2 - REG:system.ini: Shell=Explorer.exe esijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esijavaupdt32.exe
O4 - HKLM\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKCU\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe

O4 - HKLM\..\Run: [EUP Service] C:\WINDOWS\system32\eupsvc.exe

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\scif\explorer.exe

O4 - HKLM\..\Run: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\RunServices: [Expl0rer soft] expl0rer.pif

O4 - HKLM\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\RunServices: [File System] taskmqr.exe
O4 - HKCU\..\Run: [File System] taskmqr.exe

O4 - HKLM\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\RunServices: [File System] taskmqrs.exe
O4 - HKCU\..\Run: [File System] taskmqrs.exe

O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe

O4 - HKLM\..\Run: [FW Manager] C:\WINDOWS\system32\fwcheck.exe

O4 - HKLM\..\Run: [gcasServ32] gcasServ32.exe
O4 - HKCU\..\RunOnce: [gcasServ32] gcasServ32.exe

O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\RunServices: [google] google.exe

O4 - HKLM\..\Run: [Google service] Googlesetup.exe
O4 - HKLM\..\RunServices: [Google service] Googlesetup.exe

O4 - HKLM\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\RunServices: [Hardware Shell Detection] WinHSD.exe
O4 - HKCU\..\Run: [Hardware Shell Detection] WinHSD.exe

O4 - HKLM\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\RunServices: [HTTP Tunneling Server] mstunnel.exe

O4 - HKLM\..\Run: [IEUpdate] ieupdate.exe
O4 - HKLM\..\RunServices: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [IEUpdate] ieupdate.exe

O4 - HKLM\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorer6 Java Scripting] IExplore326.exe

O4 - HKLM\..\Run: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\RunServices: [InternetExplorer2] C:\WINDOWS\System32\windows.exe

O4 - HKLM\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKLM\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\RunServices: [Internet Explorer Security] iexplore.pif

O4 - HKLM\..\Run: [Index Service] dllhost32.exe
O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe

O4 - HKLM\..\Run: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\RunServices: [Intec Services Driverrs] winrvc.exe

O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\alota.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\nteusodp.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe

O4 - HKLM\..\Run: [internet] winsas32.exe
O4 - HKLM\..\RunServices: [internet] winsas32.exe
O4 - HKCU\..\Run: [internet] winsas32.exe

O4 - HKLM\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexplor.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexplor.exe

O4 - HKLM\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq32.exe
O4 - HKCU\..\Run: [Internet Security Service] msq32.exe

O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe

O4 - HKLM\..\Run: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\RunServices: [IRQ Assigning Agent] IRQconf.exe

O4 - HKLM\..\Run: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\RunServices: [iTunes Music] iTunesHelper32.exe

O4 - HKLM\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\RunServices: [JA Config 32] Awesome32.exe
O4 - HKCU\..\Run: [JA Config 32] Awesome32.exe

O4 - HKLM\..\Run: [Java Runtime Environment] C:\WINDOWS\system32\jbuild.exe

O4 - HKLM\..\Run: [Java Runtime Value] runjava.exe
O4 - HKLM\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKCU\..\Run: [Java Runtime Value] runjava.exe
O4 - HKCU\..\RunServices: [Java Runtime Value] runjava.exe

O4 - HKLM\..\Run: [Java Update] nod.exe
O4 - HKLM\..\RunServices: [Java Update] nod.exe
O4 - HKCU\..\Run: [Java Update] nod.exe

O4 - HKLM\..\Run: [JW Manager] jwmngr.exe

O4 - HKLM\..\Run: [JXL Radio] jxl.exe
O4 - HKLM\..\RunServices: [JXL Radio] jxl.exe
O4 - HKCU\..\Run: [JXL Radio] jxl.exe
O4 - HKCU\..\RunServices: [JXL Radio] jxl.exe

O4 - HKLM\..\Run: [LEMSRV] C:\WINDOWS\system32\lemsrv.exe

O4 - HKLM\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\RunServices: [Linksys Modem Drivers] linksys.exe
O4 - HKCU\..\Run: [Linksys Modem Drivers] linksys.exe

O4 - HKLM\..\Run: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [Limewire] LimeWire.exe

O4 - HKLM\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\RunServices: [Live-Help] lmns.exe
O4 - HKCU\..\Run: [Live-Help] lmns.exe

O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\RunServices: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe

O4 - HKLM\..\Run: [Local area connection] winlive.exe
O4 - HKLM\..\RunServices: [Local area connection] winlive.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe

O4 - HKLM\..\Run: [Lsass16] C:\WINDOWS\lsass16.exe

O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe

O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe

O4 - HKLM\..\Run: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\RunServices: [Master Card Updaate 32] Mastercard32.exe

O4 - HKLM\..\Run: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\RunServices: [McAfee Online virus Scanner] avp.exe

O4 - HKLM\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\RunServices: [Media Software UPdater] sscs.exe
O4 - HKCU\..\Run: [Media Software UPdater] sscs.exe

O4 - HKLM\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack] mxpsp.exe

O4 - HKLM\..\Run: [Messenger91] messengersystem.exe
O4 - HKLM\..\RunServices: [Messenger91] messengersystem.exe

O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe

O4 - HKLM\..\Run: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] antivir32.exe

O4 - HKLM\..\Run: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] iexplore.exe

O4 - HKLM\..\Run: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] shell32.exe

O4 - HKLM\..\Run: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] xptxt.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] cmh.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe

O4 - HKLM\..\Run: [Microsoft] .exe
O4 - HKLM\..\RunServices: [Microsoft] .exe

O4 - HKLM\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\RunServices: [Microsoft] guard.exe
O4 - HKCU\..\Run: [Microsoft] guard.exe

O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe

O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\Isass.exe

O4 - HKLM\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\RunServices: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [Microsoft] iusr.exe

O4 - HKLM\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\RunServices: [Microsoft] lsass.ppf
O4 - HKCU\..\Run: [Microsoft] lsass.ppf

O4 - HKLM\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\RunServices: [Microsoft] mixers.exe
O4 - HKCU\..\Run: [Microsoft] mixers.exe

O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [Microsoft] msmsger.exe

O4 - HKLM\..\Run: [Microsoft] msns.exe
O4 - HKLM\..\RunServices: [Microsoft] msns.exe

O4 - HKLM\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft] MSUPDATE.exe

O4 - HKLM\..\Run: [Microsoft] msvchost.exe
O4 - HKLM\..\RunServices: [Microsoft] msvchost.exe

O4 - HKLM\..\Run: [Microsoft] msvcs.exe
O4 - HKLM\..\RunServices: [Microsoft] msvcs.exe

O4 - HKLM\..\Run: [Microsoft] Nvpss.exe
O4 - HKLM\..\RunServices: [Microsoft] Nvpss.exe

O4 - HKLM\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\RunServices: [Microsoft] qtask.exe
O4 - HKCU\..\Run: [Microsoft] qtask.exe

O4 - HKLM\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\RunServices: [Microsoft] radnom.exe
O4 - HKCU\..\Run: [Microsoft] radnom.exe

O4 - HKLM\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\RunServices: [Microsoft] rtvcscan.exe
O4 - HKCU\..\Run: [Microsoft] rtvcscan.exe

O4 - HKLM\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft] rundll.exe
O4 - HKCU\..\Run: [Microsoft] rundll.exe

O4 - HKLM\..\Run: [Microsoft] svchost32.exe
O4 - HKLM\..\RunServices: [Microsoft] svchost32.exe

O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\taskbar.exe

O4 - HKLM\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\RunServices: [Microsoft] wcsntfy.exe
O4 - HKCU\..\Run: [Microsoft] wcsntfy.exe

O4 - HKLM\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\RunServices: [Microsoft] winlog.exe
O4 - HKCU\..\Run: [Microsoft] winlog.exe

O4 - HKLM\..\Run: [Microsoft] winlogom.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogom.exe

O4 - HKLM\..\Run: [Microsoft] winsock.exe
O4 - HKLM\..\RunServices: [Microsoft] winsock.exe

O4 - HKLM\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\RunServices: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKCU\..\Run: [Microsoft ALG32 Protocol] alg32.exe

O4 - HKLM\..\Run: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\RunServices: [Microsoft AntiSpyware] KT06.pif

O4 - HKLM\..\Run: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\RunServices: [Microsoft AntiVirus] winav32.exe

O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe

O4 - HKLM\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe

O4 - HKLM\..\Run: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\RunServices: [Microsoft Chat] mIRC.exe

O4 - HKLM\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\RunServices: [Microsoft CONFIG] winmx.exe
O4 - HKCU\..\Run: [Microsoft CONFIG] winmx.exe

O4 - HKLM\..\Run: [Microsoft Compiler Pack] DSDEV.EXE

O4 - HKLM\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\RunServices: [Microsoft Configoration Service] msconfigs.exe

O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe

O4 - HKLM\..\Run: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSbz32.exe

O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe

O4 - HKLM\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe

O4 - HKLM\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe

O4 - HKLM\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe

O4 - HKLM\..\Run: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] synet-ud.exe

O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Microsoft Corp Updates] wupdates.exe

O4 - HKLM\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKCU\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe

O4 - HKLM\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe

O4 - HKLM\..\Run: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation SYM monitor] mssym.exe

O4 - HKLM\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\RunServices: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKCU\..\Run: [Microsoft CPXP Protocol] cpxp.exe

O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe

O4 - HKLM\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\RunServices: [Microsoft Development Services] msdevelop.exe

O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKCU\..\Run: [Microsoft Directx] directxat.exe
O4 - HKCU\..\RunServices: [Microsoft Directx] directxat.exe

O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe

O4 - HKLM\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe

O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\RunServices: [Microsoft Directx click] directxclick.exe

O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe

O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\RunServices: [Microsoft Directx push] directxpushup.exe

O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] Desktop.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] winavguard.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wns.exe

O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe

O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKCU\..\Run: [Micrsoft Driver] msdriver.exe

O4 - HKLM\..\Run: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\RunServices: [Microsoft Event Engine] EvtEngn.exe

O4 - HKLM\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunServices: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\RunOnce: [Microsoft explorer Update] internal.exe

O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE

O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] netvhost.exe

O4 - HKLM\..\Run: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] smbvhost.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] Isass.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] Isass.exe

O4 - HKLM\..\Run: [Microsoft Machine] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] system32.exe

O4 - HKLM\..\Run: [Microsoft Machine] temp.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] temp.exe

O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\RunServices: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKCU\..\Run: [Microsoft Messenger XP] MSMSN32.exe

O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe

O4 - HKLM\..\Run: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Monitors] explorers.exe

O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsg.exe

O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsger.exe

O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE

O4 - HKLM\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\RunServices: [Microsoft NT Drivers] ntdrv.exe

O4 - HKLM\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\RunServices: [Microsoft Nvidia Video] nvidia.exe

O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\RunServices: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe

O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKCU\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe

O4 - HKLM\..\Run: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Patch Update] bootini.exe

O4 - HKLM\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\RunServices: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKCU\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe

O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

O4 - HKLM\..\Run: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\RunServices: [Microsoft Runtime Initialization] msvcbm.exe

O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe

O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mnsmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

O4 - HKLM\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Process] wininit.exe
O4 - HKCU\..\Run: [Microsoft Security Process] wininit.exe

O4 - HKLM\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\RunServices: [Microsoft Server] rserv.exe
O4 - HKCU\..\Run: [Microsoft Server] rserv.exe

O4 - HKLM\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe

O4 - HKLM\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] Q8See.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] Q8See.exe

O4 - HKLM\..\Run: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\RunServices: [Microsoft Service] sysreg11.exe

O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe

O4 - HKLM\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\RunServices: [Microsoft Services] srvchost.exe
O4 - HKCU\..\Run: [Microsoft Services] srvchost.exe

O4 - HKLM\..\Run: [Microsoft Servicesv] .exe
O4 - HKLM\..\RunServices: [Microsoft Servicesv] .exe

O4 - HKLM\..\Run: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\RunServices: [Microsoft Sounds] soundman.exe

O4 - HKLM\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\RunServices: [Microsoft SpA Service] msapps.exe
O4 - HKCU\..\Run: [Microsoft SpA Service] msapps.exe

O4 - HKLM\..\Run: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Spool Svc] spoolsvc32.exe

O4 - HKLM\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe

O4 - HKLM\..\Run: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe

O4 - HKLM\..\Run: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] botcrx.exe

O4 - HKLM\..\Run: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnmesseng.exe

04 - HKLM\..\Run: [Microsoft Svchost local services] winoem.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winoem.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] bot.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] bot.exe

O4 - HKLM\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\RunServices: [Microsoft System Administration] system.exe
O4 - HKCU\..\Run: [Microsoft System Administration] system.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msnmsgr.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] reg32.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestore.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestore.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe

O4 - HKLM\..\Run: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\RunServices: [Micrcoft Updat] spoolsae.exe

O4 - HKLM\..\Run: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\RunServices: [Microsft Updtes] sarvice.exe

O4 - HKLM\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\RunServices: [Microsoft Update] bling.exe
O4 - HKCU\..\Run: [Microsoft Update] bling.exe

O4 - HKLM\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\RunServices: [Microsoft Update] drive.exe
O4 - HKCU\..\Run: [Microsoft Update] drive.exe

O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKLM\..\Run: [Microsoft Update] msn.exe
O4 - HKCU\..\Run: [Microsoft Update] msn.exe

O4 - HKLM\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msnmessenger.exe
O4 - HKCU\..\Run: [Microsoft Update] msnmessenger.exe

O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe

O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKLM\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] svschost.exe

O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe

O4 - HKLM\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] system32.exe
O4 - HKCU\..\Run: [Microsoft Update] system32.exe

O4 - HKLM\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taskmgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] taskmgr32.exe

O4 - HKLM\..\Run: [Microsoft update] tskmgr.exe
O4 - HKLM\..\RunServices: [Microsoft update] tskmgr.exe

O4 - HKLM\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\RunServices: [Microsoft Update] update.exe
O4 - HKCU\..\Run: [Microsoft Update] update.exe

O4 - HKLM\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wangard.exe
O4 - HKCU\..\Run: [Microsoft Update] wangard.exe

O4 - HKLM\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] win32.exe
O4 - HKCU\..\Run: [Microsoft Update] win32.exe

O4 - HKLM\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] WinDrv32.exe
O4 - HKCU\..\Run: [Microsoft Update] WinDrv32.exe

O4 - HKLM\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wingrd32.exe
O4 - HKCU\..\Run: [Microsoft Update] wingrd32.exe

O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update] winsys.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe

O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe

O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\Run: [Microsoft Updates] winit.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] winit.exe

O4 - HKLM\..\Run: [Microft Update 32] winssx.exe
O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe

O4 - HKLM\..\Run: [Microsoft Update 32] neta.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] neta.exe

O4 - HKLM\..\Run: [Microsoft Update 32] network.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] network.exe

O4 - HKLM\..\Run: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] windowsp.exe

O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe

O4 - HKLM\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe

O4 - HKLM\..\Run: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Drivers] explorers.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bee.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bot.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] bot.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] syspic9.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] syspic9.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winhost.exe

O4 - HKLM\..\Run: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] scvideo.exe

O4 - HKLM\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\RunServices: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKCU\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe

O4 - HKLM\..\Run: [Microsoft web update] webmsn.exe
O4 - HKLM\..\RunServices: [Microsoft web update] webmsn.exe

O4 - HKLM\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe

O4 - HKLM\..\Run: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 DOS] MSdos32.exe

O4 - HKLM\..\Run: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 Security] MSsec32.exe

F2 - REG:system.ini: Shell=Explorer.exe msclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msclt.exe
O4 - HKLM\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe

F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bootini.exe
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\RunServices: [Microsoft Windows] bootini.exe

F2 - REG:system.ini: Shell=Explorer.exe wincomm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wincomm.exe
O4 - HKLM\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKCU\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Drivers] windrv.exe

O4 - HKLM\..\Run: [Microsoft Windows Explorer] C:\WINDOWS\system32\explorewin.exe

O4 - HKLM\..\Run: [Microsoft Windows Secure] windocs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Secure] windocs.exe
O4 - HKCU\..\Run: [Microsoft Windows Secure] windocs.exe

O4 - HKLM\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services] msw32.exe

O4 - HKLM\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe

O4 - HKLM\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe

O4 - HKLM\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe

O4 - HKLM\..\Run: [Microsoft Windows Startup] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Startup] explorer.exe

O4 - HKLM\..\Run: [Microsoft Windows System] srwhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] srwhost.exe

O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Task Management] mstasks.exe

O4 - HKLM\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe

O4 - HKLM\..\Run: [Microsoft Windows Updata] windows.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] windows.exe

O4 - HKLM\..\Run: [MICROSOFT Windows update] pdate.exe
O4 - HKLM\..\RunServices: [MICROSOFT Windows update] pdate.exe
O4 - HKCU\..\Run: [MICROSOFT Windows update] pdate.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] syssinfos.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] syssinfos.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] syssinfos.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Updater] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] winupdate.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] winupdate.exe

O4 - HKLM\..\Run: [Microsoft Windows Updates] wsap32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updates] wsap32.exe

O4 - HKLM\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKLM\..\RunServices: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKCU\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe

O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] syswin32.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] syswin32.exe

O4 - HKLM\..\Run: [Microsoft Xp] pdate.exe
O4 - HKLM\..\RunServices: [Microsoft Xp] pdate.exe

O4 - HKLM\..\Run: [Microsoft XPSP Protocol] xp386.exe
O4 - HKLM\..\RunServices: [Microsoft XPSP Protocol] xp386.exe
O4 - HKCU\..\Run: [Microsoft XPSP Protocol] xp386.exe

O4 - HKLM\..\Run: [Micrsft Updese] xagwxz.exe
O4 - HKLM\..\RunServices: [Micrsft Updese] xagwxz.exe

O4 - HKLM\..\Run: [Micsoft-Published-Software] explrer.exe
O4 - HKLM\..\RunServices: [Micsoft-Published-Software] explrer.exe
O4 - HKCU\..\Run: [Micsoft-Published-Software] explrer.exe

O4 - HKLM\..\Run: [Mirsoft sdcE] taskmegr.exe
O4 - HKLM\..\RunServices: [Mirsoft sdcE] taskmegr.exe

O4 - HKLM\..\Run: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif
O4 - HKLM\..\RunServices: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif

O4 - HKLM\..\Run: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe
O4 - HKLM\..\RunServices: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe

O4 - HKLM\..\Run: [mlibsysmc] comzcinc.exe
O4 - HKLM\..\RunServices: [mlibsysmc] comzcinc.exe

O4 - HKLM\..\Run: [mrsvctr] C:\WINDOWS\system32\mrsvctr.exe

O4 - HKLM\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKCU\..\Run: [MS Auto-IPSec Protection] MSASP32.exe

O4 - HKLM\..\Run: [MS Config] msdconfig.exe
O4 - HKLM\..\RunServices: [MS Config] msdconfig.exe
O4 - HKCU\..\Run: [MS Config] msdconfig.exe

O4 - HKLM\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe

O4 - HKLM\..\Run: [MS Config Service] Msloader32.exe
O4 - HKLM\..\RunServices: [MS Config Service] Msloader32.exe

O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe

O4 - HKLM\..\Run: [MS Domain Name Server Deamon] p.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] p.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] p.exe

O4 - HKLM\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKLM\..\RunServices: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKCU\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe

F2 - REG:system.ini: Shell=Explorer.exe javaapplets.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplets.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe

F2 - REG:system.ini: Shell=Explorer.exe javaapplet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplet.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe

F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjava.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe
(or filename - mguard.exe / msi32java.exe / (Random Number)_netapi.exe / MS32.exe)

F2 - REG:system.ini: Shell=Explorer.exe xpjavams.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjavams.exe
O4 - HKLM\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKLM\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javanet.exe
O4 - HKLM\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe

F2 - REG:system.ini: Shell=Explorer.exe msjavames.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavames.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe

F2 - REG:system.ini: Shell=Explorer.exe msjavaxps.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavaxps.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe

F2 - REG:system.ini: Shell=Explorer.exe wrapper.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wrapper.exe
O4 - HKLM\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe

F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msijavaupdt32.exe
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKLM\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
(or filename - msejavaupdt32.exe)

F2 - REG:system.ini: Shell=Explorer.exe winskd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winskd.exe
O4 - HKLM\..\Run: [Ms load for Windows NT] winskd.exe
O4 - HKCU\..\Run: [Ms load for Windows NT] winskd.exe

O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe

F2 - REG:system.ini: Shell=Explorer.exe msident.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msident.exe
O4 - HKLM\..\Run: [MS Security Update 993] msident.exe
O4 - HKLM\..\RunServices: [MS Security Update 993] msident.exe
O4 - HKCU\..\Run: [MS Security Update 993] msident.exe
O4 - HKCU\..\RunServices: [MS Security Update 993] msident.exe

F2 - REG:system.ini: Shell=Explorer.exe winser.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winser.exe
O4 - HKLM\..\Run: [Ms sock for Windows NT] winser.exe
O4 - HKCU\..\Run: [Ms sock for Windows NT] winser.exe

O4 - HKLM\..\Run: [Ms Spool32] iexplore.exe
O4 - HKLM\..\RunServices: [Ms Spool32] iexplore.exe

O4 - HKLM\..\Run: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe
O4 - HKLM\..\RunServices: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe
O4 - HKCU\..\Run: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe

O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [Ms System Config] Mscfg.exe
O4 - HKCU\..\RunServices: [Ms System Config] Mscfg.exe

O4 - HKLM\..\Run: [Ms System Config] pcedit.exe
O4 - HKLM\..\RunServices: [Ms System Config] pcedit.exe
O4 - HKCU\..\Run: [Ms System Config] pcedit.exe

O4 - HKLM\..\Run: [MS Service Drivers] winscv.exe
O4 - HKLM\..\RunServices: [MS Service Drivers] winscv.exe
O4 - HKCU\..\Run: [MS Service Drivers] winscv.exe
O4 - HKCU\..\RunServices: [MS Service Drivers] winscv.exe

O4 - HKLM\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\RunServices: [Ms Task Manager] tskmgr.exe

O4 - HKLM\..\Run: [MS Unix Binary] cssrs.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] cssrs.exe
O4 - HKCU\..\Run: [MS Unix Binary] cssrs.exe

O4 - HKLM\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKCU\..\Run: [MS Unix Binary] hypertrm.exe

O4 - HKLM\..\Run: [MS Unix Binary] msnupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe
O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe

O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe

O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Norton2005Update.exe

O4 - HKLM\..\Run: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] outlookexpressupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] win32ttb.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] win32ttb.exe
O4 - HKCU\..\Run: [MS Unix Binary] win32ttb.exe

O4 - HKLM\..\Run: [MS Unix Binary] Win32Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Win32Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Win32Update.exe

O4 - HKLM\..\Run: [MS Unix Binary] WinGuard.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] WinGuard.exe
O4 - HKCU\..\Run: [MS Unix Binary] WinGuard.exe

O4 - HKLM\..\Run: [MS Unix Binary] wrdpad05.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] wrdpad05.exe
O4 - HKCU\..\Run: [MS Unix Binary] wrdpad05.exe

F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winservnt32.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe

O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe

O4 - HKLM\..\Run: [MS-Windows Login Service] winlogin32.exe
O4 - HKLM\..\RunServices: [MS-Windows Login Service] winlogin32.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [msdatabase] msdatabase.exe
O4 - HKLM\..\RunServices: [msdatabase] msdatabase.exe

O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe

F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdnxp.exe
O4 - HKLM\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe
O4 - HKCU\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe

F2 - REG:system.ini: Shell=Explorer.exe msdn-nt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdn-nt.exe
O4 - HKLM\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe
O4 - HKCU\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe

O4 - HKLM\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\RunServices: [MSDOS Windows Service] MSDOS.PIF
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF

O4 - HKCU\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
O4 - HKLM\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe

O4 - HKLM\..\Run: [MSN] msn16.exe
O4 - HKLM\..\RunServices: [MSN] msn16.exe
O4 - HKCU\..\Run: [MSN] msn16.exe

O4 - HKLM\..\Run: [msnsmgr] MsnMsr.exe

O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe

O4 - HKLM\..\Run: [MSN Live Messanger] msnlive.exe
O4 - HKLM\..\RunServices: [MSN Live Messanger] msnlive.exe

O4 - HKCU\..\Run: [MSN Live Messanger] msnlivegs.exe
O4 - HKLM\..\Run: [MSN Live Messanger] msnlivegs.exe

O4 - HKLM\..\Run: [Msn Messanger] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\RunServices: [Msn Messanger] C:\WINDOWS\system32\crsss.exe

O4 - HKLM\..\Run: [MSN messanger] msnmsgsm.exe
O4 - HKLM\..\RunServices: [MSN messanger] msnmsgsm.exe

O4 - HKLM\..\Run: [MSN Messanger] msnmsgsmn.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsgsmn.exe
O4 - HKCU\..\Run: [MSN Messanger] msnmsgsmn.exe

O4 - HKLM\..\Run: [MSN Messanger Live] winntmsn.exe
O4 - HKLM\..\RunServices: [MSN Messanger Live] winntmsn.exe
O4 - HKCU\..\Run: [MSN Messanger Live] winntmsn.exe

O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe

O4 - HKLM\..\Run: [MSN MESSENGER] svhostes.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER] svhostes.exe
O4 - HKCU\..\Run: [MSN MESSENGER] svhostes.exe

O4 - HKLM\..\Run:
24 Mars 2007 15:09:22

SDFix v1.74

Updated 22nd March 9pm SDFix will only run on Windows 2000 and Windows XP in Safe Mode !
Search Page (Online) View Changelog (Online)

Catchme W2K/XP/Vista - Userland Rootkit Detector By Gmer - www.gmer.net/catchme

SDFix uses files by the following developers:
Alexander Frink Charles Dye Craig Peacock Flexhex Gmer
Frank Heyne Software Noël Danjou Robin Keir SteelWerX

Thankyou to them. everyone at SpywareInfo and the MR team



The fixtool removes these Trojan Variants (Listed using Trend Micro's - HijackThis)


Backdoor (IRCBot) Trojans:

O4 - Startup: MY_C4D.jpg
O4 - Startup: rBot.exe
O4 - Startup: svchost.exe
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: msconfig.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: Wincbr.exe
O4 - Global Startup: winlogin.exe
O4 - Global Startup: wupdmgr.exe

O4 - HKLM\..\Run: [] ifconfig.exe
O4 - HKLM\..\RunServices: [] ifconfig.exe
O4 - HKCU\..\Run: [] ifconfig.exe

O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe

O4 - HKLM\..\Run: [] winxp.exe
O4 - HKLM\..\RunServices: [] winxp.exe
O4 - HKCU\..\Run: [] winxp.exe

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [.nvsvcb] C:\WINDOWS\System32\smssb.exe

F2 - REG:system.ini: Shell=Explorer.exe update.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,update.exe
O4 - HKLM\..\Run: [aa bbcc dde effgghh jj] update.exe
O4 - HKCU\..\Run: [aa bbcc dde effgghh jj] update.exe

O4 - HKLM\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe
O4 - HKCU\..\Run: [Acrobat Read] C:\WINDOWS\System32\acroup32.exe

O4 - HKLM\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKLM\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\Run: [ActiveScan Antivirus] ActiveScan.exe
O4 - HKCU\..\RunServices: [ActiveScan Antivirus] ActiveScan.exe

O4 - HKLM\..\Run: [AdobeReader] msni.exe
O4 - HKLM\..\RunServices: [AdobeReader] msni.exe

O4 - HKLM\..\Run: [AdobeReaderPro] msnserve.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] msnserve.exe

O4 - HKLM\..\Run: [AdobeReaderPro] winslog.exe
O4 - HKLM\..\RunServices: [AdobeReaderPro] winslog.exe
O4 - HKCU\..\Run: [AdobeReaderPro] winslog.exe

O4 - HKLM\..\Run: [AdobeReaderProfessional] msx64.exe
O4 - HKLM\..\RunServices: [AdobeReaderProfessional] msx64.exe

O4 - HKLM\..\Run: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe

O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\system32\algs.exe

O4 - HKLM\..\Run: [ApplicationProtocolRun] smsbvl32.exe
O4 - HKCU\..\Run: [ApplicationProtocolRun] smsbvl32.exe

O4 - HKLM\..\Run: [asnconsole] msasn.exe
O4 - HKLM\..\RunServices: [asnconsole] msasn.exe

F2 - REG:system.ini: Shell=Explorer.exe asus.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,asus.exe
O4 - HKLM\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKLM\..\RunServices: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\Run: [Asus MotherBoard Utility] asus.exe
O4 - HKCU\..\RunServices: [Asus MotherBoard Utility] asus.exe

O4 - HKLM\..\Run: [ATI Active Graphics Card Monitor] C:\WINDOWS\System32\atievx.exe

O4 - HKLM\..\Run: [ATI AS Filter] msnse.exe
O4 - HKLM\..\RunServices: [ATI AS Filter] msnse.exe
O4 - HKCU\..\Run: [ATI AS Filter] msnse.exe
O4 - HKCU\..\RunServices: [ATI AS Filter] msnse.exe

O4 - HKLM\..\Run: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe
O4 - HKLM\..\RunServices: [ATI Display Driver] C:\WINDOWS\system32\drivers\atixd.exe

O4 - HKLM\..\Run: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe
O4 - HKLM\..\RunServices: [Ati Display Settings] C:\WINDOWS\System32\atividx.exe

O4 - HKLM\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] atigfx.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] atigfx.exe

O4 - HKLM\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKLM\..\RunServices: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\Run: [ATI Video Driver Control] pixman.exe
O4 - HKCU\..\RunServices: [ATI Video Driver Control] pixman.exe

O4 - HKLM\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKLM\..\RunServices: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\Run: [Automatic Updates] wupdmgr32x.exe
O4 - HKCU\..\RunServices: [Automatic Updates] wupdmgr32x.exe

O4 - HKLM\..\Run: [Auto updat] crsrs.exe
O4 - HKLM\..\RunOnce: [Auto updat] crsrs.exe
O4 - HKLM\..\RunServices: [Auto updat] crsrs.exe
O4 - HKCU\..\Run: [Auto updat] crsrs.exe
O4 - HKCU\..\RunOnce: [Auto updat] crsrs.exe

O4 - HKLM\..\Run: [blah services] xagwxzy.exe
O4 - HKLM\..\RunServices: [blah services] xagwxzy.exe

O4 - HKLM\..\Run: [BLF] C:\WINDOWS\system32\blf.exe

O4 - HKLM\..\Run: [Casino Royale] jamesbond.exe
O4 - HKLM\..\RunServices: [Casino Royale] jamesbond.exe

O4 - HKLM\..\Run: [Catalyst Control Centre] atixvdm.exe
O4 - HKLM\..\RunServices: [Catalyst Control Centre] atixvdm.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\csrs.exe

O4 - HKLM\..\Run: [Client Server Run Time Proccess] csrsrv.exe
O4 - HKLM\..\RunServices: [Client Server Run Time Proccess] csrsrv.exe

O4 - HKLM\..\Run: [Command Interpreter] ucmd.exe
O4 - HKLM\..\RunServices: [Command Interpreter] ucmd.exe

O4 - HKLM\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] ms32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] ms32.exe

O4 - HKLM\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKLM\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\Run: [Compaq32 Service Drivers] msconfig32.exe
O4 - HKCU\..\RunServices: [Compaq32 Service Drivers] msconfig32.exe

O4 - HKLM\..\Run: [Compaq Service Drivrs] copq.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivrs] copq.exe
O4 - HKCU\..\Run: [Compaq Service Drivrs] copq.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] msnsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnsvc.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] msnsvc.exe

O4 - HKLM\..\Run: [Compaq Service Drivers] winsvc.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] winsvc.exe

O4 - HKLM\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\Run: [Compaq Service Drivers 32] compq32.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers 32] compq32.exe

O4 - HKLM\..\Run: [Configuration Loader] configldr.exe
O4 - HKLM\..\RunServices: [Configuration Loader] configldr.exe

O4 - HKLM\..\Run: [Configuration Loader] iexplore.exe
O4 - HKLM\..\RunServices: [Configuration Loader] iexplore.exe

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe
O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe

O4 - HKLM\..\Run: [Configuration Loader] svchost2.exe
O4 - HKLM\..\RunServices: [Configuration Loader] svchost2.exe

O4 - HKLM\..\Run: [Configuration Loader] syscfg32.exe
O4 - HKLM\..\RunServices: [Configuration Loader] syscfg32.exe

O4 - HKLM\..\RunServices: [Configuration Loader] loadcfg32.exe

O4 - HKLM\..\Run: [Configuration Servecie] sewins.exe
O4 - HKLM\..\RunServices: [Configuration Servecie] sewins.exe
O4 - HKCU\..\Run: [Configuration Servecie] sewins.exe

O4 - HKLM\..\Run: [control panel software service] cprs.exe
O4 - HKLM\..\RunServices: [control panel software service] cprs.exe
O4 - HKCU\..\Run: [control panel software service] cprs.exe

O4 - HKLM\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [cpanel] C:\WINDOWS\system32\winlogin32.exe

O4 - HKLM\..\Run: [CPMP32 Settings] cpmp32.exe
O4 - HKLM\..\RunServices: [CPMP32 Settings] cpmp32.exe
O4 - HKCU\..\Run: [CPMP32 Settings] cpmp32.exe

O4 - HKLM\..\Run: [CPVHOST Settings] cpvhost.exe
O4 - HKLM\..\RunServices: [CPVHOST Settings] cpvhost.exe
O4 - HKCU\..\Run: [CPVHOST Settings] cpvhost.exe

O4 - HKLM\..\Run: [CRCSS] crcss.exe

F2 - REG:system.ini: Shell=Explorer.exe creative.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,creative.exe
O4 - HKLM\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKLM\..\RunServices: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\Run: [Creative Audio Drivers] creative.exe
O4 - HKCU\..\RunServices: [Creative Audio Drivers] creative.exe

O4 - HKLM\..\Run: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKLM\..\RunOnce: [Creative Devldr32] devldr32exe
O4 - HKCU\..\Run: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunServices: [Creative Devldr32] devldr32exe
O4 - HKCU\..\RunOnce: [Creative Devldr32] devldr32exe

O4 - HKLM\..\Run: [CRP386 Networking] crp386.exe
O4 - HKLM\..\RunServices: [CRP386 Networking] crp386.exe
O4 - HKCU\..\Run: [CRP386 Networking] crp386.exe

O4 - HKLM\..\Run: [CRSSXP SysInfo] crssxp.exe
O4 - HKLM\..\RunServices: [CRSSXP SysInfo] crssxp.exe
O4 - HKCU\..\Run: [CRSSXP SysInfo] crssxp.exe

O4 - HKLM\..\Run: [DELXP Protocol] delxp.exe
O4 - HKLM\..\RunServices: [DELXP Protocol] delxp.exe
O4 - HKCU\..\Run: [DELXP Protocol] delxp.exe

O4 - HKLM\..\Run: [Device Manager] wfxmgr.exe
O4 - HKLM\..\RunServices: [Device Manager] wfxmgr.exe

O4 - HKLM\..\Run: [DIVX Video Player] DIVXPloyer.exe
O4 - HKLM\..\RunServices: [DIVX Video Player] DIVXPloyer.exe

F2 - REG:system.ini: Shell=Explorer.exe windfe.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,windfe.exe
O4 - HKLM\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKLM\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\Run: [DLINK dfe drivers for Windows NT] windfe.exe
O4 - HKCU\..\RunServices: [DLINK dfe drivers for Windows NT] windfe.exe

O4 - HKLM\..\Run: [DRam prmaessor] mp2Ld.exe
O4 - HKLM\..\RunServices: [DRam prmaessor] mp2Ld.exe

O4 - HKLM\..\Run: [DRam prosessor] dll.exe
O4 - HKLM\..\RunServices: [DRam prosessor] dll.exe

O4 - HKLM\..\Run: [DRam prosessor] HWAPI.exe
O4 - HKLM\..\RunServices: [DRam prosessor] HWAPI.exe

O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe

O4 - HKLM\..\Run: [DRam prosessor] winsys.exe
O4 - HKLM\..\RunServices: [DRam prosessor] winsys.exe

O4 - HKLM\..\Run: [Drammm] lolla.exe
O4 - HKLM\..\RunServices: [Drammm] lolla.exe

O4 - HKLM\..\Run: [DRan posessor] DAP.exe
O4 - HKLM\..\RunServices: [DRan posessor] DAP.exe

O4 - HKLM\..\Run: [dsd] zz.exe
O4 - HKLM\..\RunServices: [dsd] zz.exe
O4 - HKCU\..\Run: [dsd] zz.exe
O4 - HKCU\..\RunServices: [dsd] zz.exe

O4 - HKLM\..\Run: [Dynamic Dns Binary] cmd16.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] cmd16.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] cmd16.exe

O4 - HKLM\..\Run: [Eclipse Environment] C:\WINDOWS\system32\eclipse.exe

F2 - REG:system.ini: Shell=Explorer.exe esijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,esijavaupdt32.exe
O4 - HKLM\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe
O4 - HKCU\..\Run: [es Java Update For Windows NT/XP] esijavaupdt32.exe

O4 - HKLM\..\Run: [EUP Service] C:\WINDOWS\system32\eupsvc.exe

O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\scif\explorer.exe

O4 - HKLM\..\Run: [Expl0rer soft] expl0rer.pif
O4 - HKLM\..\RunServices: [Expl0rer soft] expl0rer.pif

O4 - HKLM\..\Run: [File System] taskmqr.exe
O4 - HKLM\..\RunServices: [File System] taskmqr.exe
O4 - HKCU\..\Run: [File System] taskmqr.exe

O4 - HKLM\..\Run: [File System] taskmqrs.exe
O4 - HKLM\..\RunServices: [File System] taskmqrs.exe
O4 - HKCU\..\Run: [File System] taskmqrs.exe

O4 - HKLM\..\Run: [FrameWork 2.5] FrameWork.exe
O4 - HKLM\..\RunServices: [FrameWork 2.5] FrameWork.exe

O4 - HKLM\..\Run: [FW Manager] C:\WINDOWS\system32\fwcheck.exe

O4 - HKLM\..\Run: [gcasServ32] gcasServ32.exe
O4 - HKCU\..\RunOnce: [gcasServ32] gcasServ32.exe

O4 - HKLM\..\Run: [Generic Host Process for Win32 Services] C:\WINDOWS\svchost.exe

O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\RunServices: [google] google.exe

O4 - HKLM\..\Run: [Google service] Googlesetup.exe
O4 - HKLM\..\RunServices: [Google service] Googlesetup.exe

O4 - HKLM\..\Run: [Hardware Shell Detection] WinHSD.exe
O4 - HKLM\..\RunServices: [Hardware Shell Detection] WinHSD.exe
O4 - HKCU\..\Run: [Hardware Shell Detection] WinHSD.exe

O4 - HKLM\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKLM\..\RunServices: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\Run: [HTTP Tunneling Server] mstunnel.exe
O4 - HKCU\..\RunServices: [HTTP Tunneling Server] mstunnel.exe

O4 - HKLM\..\Run: [IEUpdate] ieupdate.exe
O4 - HKLM\..\RunServices: [IEUpdate] ieupdate.exe
O4 - HKCU\..\Run: [IEUpdate] ieupdate.exe

O4 - HKLM\..\Run: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKLM\..\RunServices: [IExplorer6 Java Scripting] IExplore326.exe
O4 - HKCU\..\Run: [IExplorer6 Java Scripting] IExplore326.exe

O4 - HKLM\..\Run: [InternetExplorer2] C:\WINDOWS\System32\windows.exe
O4 - HKLM\..\RunServices: [InternetExplorer2] C:\WINDOWS\System32\windows.exe

O4 - HKLM\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKLM\..\RunServices: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\Run: [Internet Explorer Security] iexplore.pif
O4 - HKCU\..\RunServices: [Internet Explorer Security] iexplore.pif

O4 - HKLM\..\Run: [Index Service] dllhost32.exe
O4 - HKLM\..\RunServices: [Index Service] dllhost32.exe

O4 - HKLM\..\Run: [Intec Services Driverrs] winrvc.exe
O4 - HKLM\..\RunServices: [Intec Services Driverrs] winrvc.exe

O4 - HKLM\..\Run: [Intel Driver] csrs.exe
O4 - HKLM\..\RunServices: [Intel Driver] csrs.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\alota.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\alota.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\System32\nteusodp.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\System32\nteusodp.exe

O4 - HKLM\..\Run: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe
O4 - HKLM\..\RunServices: [Internet] C:\WINDOWS\SYSTEM32\winlogom.exe

O4 - HKLM\..\Run: [internet] winsas32.exe
O4 - HKLM\..\RunServices: [internet] winsas32.exe
O4 - HKCU\..\Run: [internet] winsas32.exe

O4 - HKLM\..\Run: [INTERNET EXPLORER] iexplor.exe
O4 - HKLM\..\RunServices: [INTERNET EXPLORER] iexplor.exe
O4 - HKCU\..\Run: [INTERNET EXPLORER] iexplor.exe

O4 - HKLM\..\Run: [Internet Security Service] msq32.exe
O4 - HKLM\..\RunServices: [Internet Security Service] msq32.exe
O4 - HKCU\..\Run: [Internet Security Service] msq32.exe

O4 - HKLM\..\Run: [internet service] svho0st98.exe
O4 - HKLM\..\RunServices: [internet service] svho0st98.exe

O4 - HKLM\..\Run: [IRQ Assigning Agent] IRQconf.exe
O4 - HKLM\..\RunServices: [IRQ Assigning Agent] IRQconf.exe

O4 - HKLM\..\Run: [iTunes Music] iTunesHelper32.exe
O4 - HKLM\..\RunServices: [iTunes Music] iTunesHelper32.exe

O4 - HKLM\..\Run: [JA Config 32] Awesome32.exe
O4 - HKLM\..\RunServices: [JA Config 32] Awesome32.exe
O4 - HKCU\..\Run: [JA Config 32] Awesome32.exe

O4 - HKLM\..\Run: [Java Runtime Environment] C:\WINDOWS\system32\jbuild.exe

O4 - HKLM\..\Run: [Java Runtime Value] runjava.exe
O4 - HKLM\..\RunServices: [Java Runtime Value] runjava.exe
O4 - HKCU\..\Run: [Java Runtime Value] runjava.exe
O4 - HKCU\..\RunServices: [Java Runtime Value] runjava.exe

O4 - HKLM\..\Run: [Java Update] nod.exe
O4 - HKLM\..\RunServices: [Java Update] nod.exe
O4 - HKCU\..\Run: [Java Update] nod.exe

O4 - HKLM\..\Run: [JW Manager] jwmngr.exe

O4 - HKLM\..\Run: [JXL Radio] jxl.exe
O4 - HKLM\..\RunServices: [JXL Radio] jxl.exe
O4 - HKCU\..\Run: [JXL Radio] jxl.exe
O4 - HKCU\..\RunServices: [JXL Radio] jxl.exe

O4 - HKLM\..\Run: [LEMSRV] C:\WINDOWS\system32\lemsrv.exe

O4 - HKLM\..\Run: [Linksys Modem Drivers] linksys.exe
O4 - HKLM\..\RunServices: [Linksys Modem Drivers] linksys.exe
O4 - HKCU\..\Run: [Linksys Modem Drivers] linksys.exe

O4 - HKLM\..\Run: [Limewire] LimeWire.exe
O4 - HKLM\..\RunServices: [Limewire] LimeWire.exe

O4 - HKLM\..\Run: [Live-Help] lmns.exe
O4 - HKLM\..\RunServices: [Live-Help] lmns.exe
O4 - HKCU\..\Run: [Live-Help] lmns.exe

O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe
O4 - HKLM\..\RunServices: [Loader msgzl] msgzl.exe
O4 - HKLM\..\Run: [Loader msgzl] msgzl.exe

O4 - HKLM\..\Run: [Local area connection] winlive.exe
O4 - HKLM\..\RunServices: [Local area connection] winlive.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\lssas.exe

O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe

O4 - HKLM\..\Run: [Lsass16] C:\WINDOWS\lsass16.exe

O4 - HKLM\..\Run: [lsass2k Update] lsass2k.exe
O4 - HKLM\..\RunServices: [lsass2k Update] lsass2k.exe
O4 - HKCU\..\Run: [lsass2k Update] lsass2k.exe

O4 - HKLM\..\Run: [lsass32] lsass32.exe
O4 - HKLM\..\RunServices: [lsass32] lsass32.exe

O4 - HKLM\..\Run: [Master Card Updaate 32] Mastercard32.exe
O4 - HKLM\..\RunServices: [Master Card Updaate 32] Mastercard32.exe

O4 - HKLM\..\Run: [McAfee Online virus Scanner] avp.exe
O4 - HKLM\..\RunServices: [McAfee Online virus Scanner] avp.exe

O4 - HKLM\..\Run: [Media Software UPdater] sscs.exe
O4 - HKLM\..\RunServices: [Media Software UPdater] sscs.exe
O4 - HKCU\..\Run: [Media Software UPdater] sscs.exe

O4 - HKLM\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKLM\..\RunServices: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\Run: [MediaXPServicePack] mxpsp.exe
O4 - HKCU\..\RunServices: [MediaXPServicePack] mxpsp.exe

O4 - HKLM\..\Run: [Messenger91] messengersystem.exe
O4 - HKLM\..\RunServices: [Messenger91] messengersystem.exe

O4 - HKLM\..\Run: [Mi7sft sdce] scorti.exe
O4 - HKLM\..\RunServices: [Mi7sft sdce] scorti.exe

O4 - HKLM\..\Run: [Micosoft Data Core] antivir32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] antivir32.exe

O4 - HKLM\..\Run: [Micosoft Data Core] iexplore.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] iexplore.exe

O4 - HKLM\..\Run: [Micosoft Data Core] shell32.exe
O4 - HKLM\..\RunServices: [Micosoft Data Core] shell32.exe

O4 - HKLM\..\Run: [Micromedia Flash Update] xptxt.exe
O4 - HKLM\..\RunServices: [Micromedia Flash Update] xptxt.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] cmh.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] cmh.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmppp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmppp.exe

O4 - HKLM\..\Run: [Microsoft] .exe
O4 - HKLM\..\RunServices: [Microsoft] .exe

O4 - HKLM\..\Run: [Microsoft] guard.exe
O4 - HKLM\..\RunServices: [Microsoft] guard.exe
O4 - HKCU\..\Run: [Microsoft] guard.exe

O4 - HKLM\..\Run: [Microsoft] iexplorer.exe
O4 - HKLM\..\RunServices: [Microsoft] iexplorer.exe

O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\Isass.exe

O4 - HKLM\..\Run: [Microsoft] iusr.exe
O4 - HKLM\..\RunServices: [Microsoft] iusr.exe
O4 - HKCU\..\Run: [Microsoft] iusr.exe

O4 - HKLM\..\Run: [Microsoft] lsass.ppf
O4 - HKLM\..\RunServices: [Microsoft] lsass.ppf
O4 - HKCU\..\Run: [Microsoft] lsass.ppf

O4 - HKLM\..\Run: [Microsoft] mixers.exe
O4 - HKLM\..\RunServices: [Microsoft] mixers.exe
O4 - HKCU\..\Run: [Microsoft] mixers.exe

O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [Microsoft] msmsger.exe

O4 - HKLM\..\Run: [Microsoft] msns.exe
O4 - HKLM\..\RunServices: [Microsoft] msns.exe

O4 - HKLM\..\Run: [Microsoft] MSUPDATE.exe
O4 - HKCU\..\Run: [Microsoft] MSUPDATE.exe

O4 - HKLM\..\Run: [Microsoft] msvchost.exe
O4 - HKLM\..\RunServices: [Microsoft] msvchost.exe

O4 - HKLM\..\Run: [Microsoft] msvcs.exe
O4 - HKLM\..\RunServices: [Microsoft] msvcs.exe

O4 - HKLM\..\Run: [Microsoft] Nvpss.exe
O4 - HKLM\..\RunServices: [Microsoft] Nvpss.exe

O4 - HKLM\..\Run: [Microsoft] qtask.exe
O4 - HKLM\..\RunServices: [Microsoft] qtask.exe
O4 - HKCU\..\Run: [Microsoft] qtask.exe

O4 - HKLM\..\Run: [Microsoft] radnom.exe
O4 - HKLM\..\RunServices: [Microsoft] radnom.exe
O4 - HKCU\..\Run: [Microsoft] radnom.exe

O4 - HKLM\..\Run: [Microsoft] rtvcscan.exe
O4 - HKLM\..\RunServices: [Microsoft] rtvcscan.exe
O4 - HKCU\..\Run: [Microsoft] rtvcscan.exe

O4 - HKLM\..\Run: [Microsoft] rundll.exe
O4 - HKLM\..\RunServices: [Microsoft] rundll.exe
O4 - HKCU\..\Run: [Microsoft] rundll.exe

O4 - HKLM\..\Run: [Microsoft] svchost32.exe
O4 - HKLM\..\RunServices: [Microsoft] svchost32.exe

O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\System32\taskbar.exe
O4 - HKLM\..\RunServices: [Microsoft] C:\WINDOWS\System32\taskbar.exe

O4 - HKLM\..\Run: [Microsoft] wcsntfy.exe
O4 - HKLM\..\RunServices: [Microsoft] wcsntfy.exe
O4 - HKCU\..\Run: [Microsoft] wcsntfy.exe

O4 - HKLM\..\Run: [Microsoft] winlog.exe
O4 - HKLM\..\RunServices: [Microsoft] winlog.exe
O4 - HKCU\..\Run: [Microsoft] winlog.exe

O4 - HKLM\..\Run: [Microsoft] winlogom.exe
O4 - HKLM\..\RunServices: [Microsoft] winlogom.exe

O4 - HKLM\..\Run: [Microsoft] winsock.exe
O4 - HKLM\..\RunServices: [Microsoft] winsock.exe

O4 - HKLM\..\Run: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKLM\..\RunServices: [Microsoft ALG32 Protocol] alg32.exe
O4 - HKCU\..\Run: [Microsoft ALG32 Protocol] alg32.exe

O4 - HKLM\..\Run: [Microsoft AntiSpyware] KT06.pif
O4 - HKLM\..\RunServices: [Microsoft AntiSpyware] KT06.pif

O4 - HKLM\..\Run: [Microsoft AntiVirus] winav32.exe
O4 - HKLM\..\RunServices: [Microsoft AntiVirus] winav32.exe

O4 - HKLM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCM\..\Run: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe

O4 - HKLM\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKLM\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\Run: [Micrcsoft Certificate Services] cflmon.exe
O4 - HKCU\..\RunServices: [Micrcsoft Certificate Services] cflmon.exe

O4 - HKLM\..\Run: [Microsoft Chat] mIRC.exe
O4 - HKLM\..\RunServices: [Microsoft Chat] mIRC.exe

O4 - HKLM\..\Run: [Microsoft CONFIG] winmx.exe
O4 - HKLM\..\RunServices: [Microsoft CONFIG] winmx.exe
O4 - HKCU\..\Run: [Microsoft CONFIG] winmx.exe

O4 - HKLM\..\Run: [Microsoft Compiler Pack] DSDEV.EXE

O4 - HKLM\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKLM\..\RunServices: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\Run: [Microsoft Configoration Service] msconfigs.exe
O4 - HKCU\..\RunServices: [Microsoft Configoration Service] msconfigs.exe

O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe

O4 - HKLM\..\Run: [Microsoft Core Support] MSbz32.exe
O4 - HKLM\..\RunServices: [Microsoft Core Support] MSbz32.exe

O4 - HKLM\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKLM\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\Run: [Microsoft Corp. Host Services] svchosl.exe
O4 - HKCU\..\RunServices: [Microsoft Corp. Host Services] svchosl.exe

O4 - HKLM\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\Run: [Microsoft Corp SQL Certificates] sqlcer.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SQL Certificates] sqlcer.exe

O4 - HKLM\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKLM\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\Run: [Microsoft Corp SSL Certificates] windowz.exe
O4 - HKCU\..\RunServices: [Microsoft Corp SSL Certificates] windowz.exe

O4 - HKLM\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKLM\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\Run: [Microsoft Corp TLS Certificates] msauth.exe
O4 - HKCU\..\RunServices: [Microsoft Corp TLS Certificates] msauth.exe

O4 - HKLM\..\Run: [Microsoft Corp Updates] synet-ud.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] synet-ud.exe

O4 - HKLM\..\Run: [Microsoft Corp Updates] wupdates.exe
O4 - HKLM\..\RunServices: [Microsoft Corp Updates] wupdates.exe
O4 - HKCU\..\Run: [Microsoft Corp Updates] wupdates.exe

O4 - HKLM\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe
O4 - HKCU\..\Run: [Microsoft Corporation] C:\WINDOWS\system32\lsass32.exe

O4 - HKLM\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKLM\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\Run: [Microsoft Corporaticn SQL Handler] sqlhandler.exe
O4 - HKCU\..\RunServices: [Microsoft Corporaticn SQL Handler] sqlhandler.exe

O4 - HKLM\..\Run: [Microsoft Corporation SYM monitor] mssym.exe
O4 - HKLM\..\RunServices: [Microsoft Corporation SYM monitor] mssym.exe

O4 - HKLM\..\Run: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKLM\..\RunServices: [Microsoft CPXP Protocol] cpxp.exe
O4 - HKCU\..\Run: [Microsoft CPXP Protocol] cpxp.exe

O4 - HKLM\..\Run: [Microsoft Data Machine] csdata32.exe
O4 - HKLM\..\RunServices: [Microsoft Data Machine] csdata32.exe
O4 - HKCU\..\Run: [Microsoft Data Machine] csdata32.exe

O4 - HKLM\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKLM\..\RunServices: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\Run: [Microsoft Development Services] msdevelop.exe
O4 - HKCU\..\RunServices: [Microsoft Development Services] msdevelop.exe

O4 - HKLM\..\Run: [Microsoft Directx] directxat.exe
O4 - HKLM\..\RunServices: [Microsoft Directx] directxat.exe
O4 - HKCU\..\Run: [Microsoft Directx] directxat.exe
O4 - HKCU\..\RunServices: [Microsoft Directx] directxat.exe

O4 - HKLM\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKLM\..\RunServices: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\Run: [Microsoft Directxsp] directxbt.exe
O4 - HKCU\..\RunServices: [Microsoft Directxsp] directxbt.exe

O4 - HKLM\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKLM\..\RunServices: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\Run: [Microsoft Directxspnew] directxnew.exe
O4 - HKCU\..\RunServices: [Microsoft Directxspnew] directxnew.exe

O4 - HKLM\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKLM\..\RunServices: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\Run: [Microsoft Directx click] directxclick.exe
O4 - HKCU\..\RunServices: [Microsoft Directx click] directxclick.exe

O4 - HKLM\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKLM\..\RunServices: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\Run: [Microsoft Directx clicks] directxclickers.exe
O4 - HKCU\..\RunServices: [Microsoft Directx clicks] directxclickers.exe

O4 - HKLM\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKLM\..\RunServices: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\Run: [Microsoft Directx push] directxpushup.exe
O4 - HKCU\..\RunServices: [Microsoft Directx push] directxpushup.exe

O4 - HKLM\..\Run: [Microsoft dll Host Service ] wkssr.exe
O4 - HKLM\..\RunServices: [Microsoft dll Host Service ] wkssr.exe
O4 - HKCU\..\Run: [Microsoft dll Host Service ] wkssr.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] csrssv.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] csrssv.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] Desktop.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] Desktop.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] winavguard.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] winavguard.exe

O4 - HKLM\..\Run: [Microsoft DLL Verifier] wns.exe
O4 - HKLM\..\RunServices: [Microsoft DLL Verifier] wns.exe

O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\system32\mstc.exe

O4 - HKLM\..\Run: [Micrsoft Driver] msdriver.exe
O4 - HKLM\..\RunServices: [Micrsoft Driver] msdriver.exe
O4 - HKCU\..\Run: [Micrsoft Driver] msdriver.exe

O4 - HKLM\..\Run: [Microsoft Event Engine] EvtEngn.exe
O4 - HKLM\..\RunServices: [Microsoft Event Engine] EvtEngn.exe

O4 - HKLM\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunServices: [Microsoft explorer Update] internal.exe
O4 - HKLM\..\RunOnce: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\Run: [Microsoft explorer Update] internal.exe
O4 - HKCU\..\RunOnce: [Microsoft explorer Update] internal.exe

O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE
O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE

O4 - HKLM\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft IE] IEXPLORE.EXE
O4 - HKLM\..\RunOnce: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\Run: [Microsoft IE] IEXPLORE.EXE
O4 - HKCU\..\RunOnce: [Microsoft IE] IEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft Internel Corporat ] netvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] netvhost.exe

O4 - HKLM\..\Run: [Microsoft Internel Corporat ] smbvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Internel Corporat ] smbvhost.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe

O4 - HKLM\..\Run: [Microsoft Internet Explorer] lEXPLORE.EXE
O4 - HKLM\..\RunServices: [Microsoft Internet Explorer] lEXPLORE.EXE

O4 - HKLM\..\Run: [Microsoft Lsass Center] Isass.exe
O4 - HKLM\..\RunServices: [Microsoft Lsass Center] Isass.exe
O4 - HKCU\..\Run: [Microsoft Lsass Center] Isass.exe

O4 - HKLM\..\Run: [Microsoft Machine] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] system32.exe

O4 - HKLM\..\Run: [Microsoft Machine] temp.exe
O4 - HKLM\..\RunServices: [Microsoft Machine] temp.exe

O4 - HKLM\..\Run: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKLM\..\RunServices: [Microsoft Messenger XP] MSMSN32.exe
O4 - HKCU\..\Run: [Microsoft Messenger XP] MSMSN32.exe

O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe

O4 - HKLM\..\Run: [Microsoft Monitors] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Monitors] explorers.exe

O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsg.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsg.exe

O4 - HKLM\..\Run: [Microsoft MSN 7 Services] msnmsger.exe
O4 - HKLM\..\RunServices: [Microsoft MSN 7 Services] msnmsger.exe

O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE
O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE

O4 - HKLM\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKLM\..\RunServices: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\Run: [Microsoft NT Drivers] ntdrv.exe
O4 - HKCU\..\RunServices: [Microsoft NT Drivers] ntdrv.exe

O4 - HKLM\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKLM\..\RunServices: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\Run: [Microsoft Nvidia Video] nvidia.exe
O4 - HKCU\..\RunServices: [Microsoft Nvidia Video] nvidia.exe

O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe
O4 - HKLM\..\RunServices: [Microsoft Office Monitor] C:\WINDOWS\System32\alg2k.exe

O4 - HKLM\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe
O4 - HKCU\..\Run: [Microsoft Office Monitor] C:\WINDOWS\system32\aql32.exe

O4 - HKLM\..\Run: [Microsoft Patch Update] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Patch Update] bootini.exe

O4 - HKLM\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKLM\..\RunServices: [Microsoft PSTCP32 Data] pstcp32.exe
O4 - HKCU\..\Run: [Microsoft PSTCP32 Data] pstcp32.exe

O4 - HKLM\..\Run: [Microsoft QMGR] msnqmgr.exe
O4 - HKLM\..\RunServices: [Microsoft QMGR] msnqmgr.exe

O4 - HKLM\..\Run: [Microsoft Runtime Initialization] msvcbm.exe
O4 - HKLM\..\RunServices: [Microsoft Runtime Initialization] msvcbm.exe

O4 - HKLM\..\Run: [Microsoft sddcE Contol] taskmnegr.exe
O4 - HKLM\..\RunServices: [Microsoft sddcE Contol] taskmnegr.exe

O4 - HKLM\..\Run: [Microsoft sdk temp] sdktemp.exe
O4 - HKLM\..\RunServices: [Microsoft sdk temp] sdktemp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mnsmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mnsmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\msmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] C:\WINDOWS\mssmp.exe

O4 - HKLM\..\Run: [Microsoft Security Monitor Process] mssmp.exe
O4 - HKLM\..\RunServices: [Microsoft Security Monitor Process] mssmp.exe

O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe

O4 - HKLM\..\Run: [Microsoft Security Process] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Security Process] wininit.exe
O4 - HKCU\..\Run: [Microsoft Security Process] wininit.exe

O4 - HKLM\..\Run: [Microsoft Server] rserv.exe
O4 - HKLM\..\RunServices: [Microsoft Server] rserv.exe
O4 - HKCU\..\Run: [Microsoft Server] rserv.exe

O4 - HKLM\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] C:\WINDOWS\System32\cli.exe

O4 - HKLM\..\Run: [Microsoft Server Applacations] Q8See.exe
O4 - HKLM\..\RunServices: [Microsoft Server Applacations] Q8See.exe
O4 - HKCU\..\Run: [Microsoft Server Applacations] Q8See.exe

O4 - HKLM\..\Run: [Microsoft Service] sysreg11.exe
O4 - HKLM\..\RunServices: [Microsoft Service] sysreg11.exe

O4 - HKLM\..\Run: [Microsoft Service] msupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Service] msupdate.exe
O4 - HKCU\..\Run: [Microsoft Service] msupdate.exe

O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKCU\..\Run: [Microsoft Services] lsrv.exe

O4 - HKLM\..\Run: [Microsoft Services] srvchost.exe
O4 - HKLM\..\RunServices: [Microsoft Services] srvchost.exe
O4 - HKCU\..\Run: [Microsoft Services] srvchost.exe

O4 - HKLM\..\Run: [Microsoft Servicesv] .exe
O4 - HKLM\..\RunServices: [Microsoft Servicesv] .exe

O4 - HKLM\..\Run: [Microsoft Sounds] soundman.exe
O4 - HKLM\..\RunServices: [Microsoft Sounds] soundman.exe

O4 - HKLM\..\Run: [Microsoft SpA Service] msapps.exe
O4 - HKLM\..\RunServices: [Microsoft SpA Service] msapps.exe
O4 - HKCU\..\Run: [Microsoft SpA Service] msapps.exe

O4 - HKLM\..\Run: [Microsoft Spool Svc] spoolsvc32.exe
O4 - HKLM\..\RunServices: [Microsoft Spool Svc] spoolsvc32.exe

O4 - HKLM\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKLM\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\Run: [Microsoft SSL Server Mssql] MSsslServer.exe
O4 - HKCU\..\RunServices: [Microsoft SSL Server Mssql] MSsslServer.exe

O4 - HKLM\..\Run: [Microsoft startup] SoftwareUpdates.exe
O4 - HKLM\..\RunServices: [Microsoft startup] SoftwareUpdates.exe

O4 - HKLM\..\Run: [Microsoft Svchost local services] botcrx.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] botcrx.exe

O4 - HKLM\..\Run: [Microsoft Svchost local services] msnmesseng.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] msnmesseng.exe

04 - HKLM\..\Run: [Microsoft Svchost local services] winoem.exe
O4 - HKLM\..\RunServices: [Microsoft Svchost local services] winoem.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] ___synmgr.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] ___synmgr.exe

O4 - HKLM\..\Run: [Microsoft Synchronization Manager] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Synchronization Manager] bot.exe
O4 - HKCU\..\Run: [Microsoft Synchronization Manager] bot.exe

O4 - HKLM\..\Run: [Microsoft System Administration] system.exe
O4 - HKLM\..\RunServices: [Microsoft System Administration] system.exe
O4 - HKCU\..\Run: [Microsoft System Administration] system.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msmsgr.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] msnmsgr.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] msnmsgr.exe

O4 - HKLM\..\Run: [Microsoft System Firewall 2006.2] reg32.exe
O4 - HKLM\..\RunServices: [Microsoft System Firewall 2006.2] reg32.exe

O4 - HKLM\..\Run: [Microsoft System Service] dnservice.exe
O4 - HKLM\..\RunServices: [Microsoft System Service] dnservice.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] telcoms.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] telcoms.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] telcoms.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestore.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestore.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestore.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winupcd.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winupcd.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winupcd.exe

O4 - HKLM\..\Run: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] xpfilesys.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] xpfilesys.exe

O4 - HKLM\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKLM\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\Run: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe
O4 - HKCU\..\RunServices: [Microsoft TTL Verifier] C:\WINDOWS\System32\msttl.exe

O4 - HKLM\..\Run: [Micrcoft Updat] spoolsae.exe
O4 - HKLM\..\RunServices: [Micrcoft Updat] spoolsae.exe

O4 - HKLM\..\Run: [Microsft Updtes] sarvice.exe
O4 - HKLM\..\RunServices: [Microsft Updtes] sarvice.exe

O4 - HKLM\..\Run: [Microsoft Update] bling.exe
O4 - HKLM\..\RunServices: [Microsoft Update] bling.exe
O4 - HKCU\..\Run: [Microsoft Update] bling.exe

O4 - HKLM\..\Run: [Microsoft Update] drive.exe
O4 - HKLM\..\RunServices: [Microsoft Update] drive.exe
O4 - HKCU\..\Run: [Microsoft Update] drive.exe

O4 - HKLM\..\Run: [Microsoft Update] msconfg.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msconfg.exe
O4 - HKCU\..\Run: [Microsoft Update] msconfg.exe

O4 - HKLM\..\Run: [Microsoft Update] msn.exe
O4 - HKCU\..\Run: [Microsoft Update] msn.exe

O4 - HKLM\..\Run: [Microsoft Update] msnmessenger.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msnmessenger.exe
O4 - HKCU\..\Run: [Microsoft Update] msnmessenger.exe

O4 - HKLM\..\Run: [Microsoft Update] nbdos.exe
O4 - HKLM\..\RunServices: [Microsoft Update] nbdos.exe
O4 - HKCU\..\Run: [Microsoft Update] nbdos.exe

O4 - HKLM\..\Run: [Microsoft Update] snlogsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Update] snlogsvc.exe
O4 - HKCU\..\Run: [Microsoft Update] snlogsvc.exe

O4 - HKLM\..\Run: [Microsoft Update] svschost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] svschost.exe
O4 - HKCU\..\Run: [Microsoft Update] svschost.exe

O4 - HKLM\..\Run: [Microsoft Update] Sygate.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [Microsoft Update] Sygate.exe

O4 - HKLM\..\Run: [Microsoft Update] system32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] system32.exe
O4 - HKCU\..\Run: [Microsoft Update] system32.exe

O4 - HKLM\..\Run: [Microsoft Update] taskmgr32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] taskmgr32.exe
O4 - HKCU\..\Run: [Microsoft Update] taskmgr32.exe

O4 - HKLM\..\Run: [Microsoft update] tskmgr.exe
O4 - HKLM\..\RunServices: [Microsoft update] tskmgr.exe

O4 - HKLM\..\Run: [Microsoft Update] update.exe
O4 - HKLM\..\RunServices: [Microsoft Update] update.exe
O4 - HKCU\..\Run: [Microsoft Update] update.exe

O4 - HKLM\..\Run: [Microsoft Update] wangard.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wangard.exe
O4 - HKCU\..\Run: [Microsoft Update] wangard.exe

O4 - HKLM\..\Run: [Microsoft Update] win32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] win32.exe
O4 - HKCU\..\Run: [Microsoft Update] win32.exe

O4 - HKLM\..\Run: [Microsoft Update] WinDrv32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] WinDrv32.exe
O4 - HKCU\..\Run: [Microsoft Update] WinDrv32.exe

O4 - HKLM\..\Run: [Microsoft Update] wingrd32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wingrd32.exe
O4 - HKCU\..\Run: [Microsoft Update] wingrd32.exe

O4 - HKLM\..\Run: [Microsoft Update] winsys.exe
O4 - HKLM\..\RunServices: [Microsoft Update] winsys.exe
O4 - HKCU\..\Run: [Microsoft Update] winsys.exe
O4 - HKCU\..\RunServices: [Microsoft Update] winsys.exe

O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe

O4 - HKLM\..\Run: [Microsoft Update Loaders 2005] winusers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Loaders 2005] winusers.exe

O4 - HKLM\..\Run: [Microsoft-Updates] svxhost.exe
O4 - HKLM\..\RunServices: [Microsoft-Updates] svxhost.exe

O4 - HKLM\..\Run: [Microsoft Updates] winit.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] winit.exe

O4 - HKLM\..\Run: [Microft Update 32] winssx.exe
O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe

O4 - HKLM\..\Run: [Microsoft Update 32] neta.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] neta.exe

O4 - HKLM\..\Run: [Microsoft Update 32] network.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] network.exe

O4 - HKLM\..\Run: [Microsoft Update 32] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] windowsp.exe

O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe

O4 - HKLM\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\Run: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe
O4 - HKCU\..\RunServices: [Microsoft Update Device] C:\WINDOWS\SYSTEM32\drivers\flolo.exe

O4 - HKLM\..\Run: [Microsoft Update Drivers] explorers.exe
O4 - HKLM\..\RunServices: [Microsoft Update Drivers] explorers.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] bee.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bee.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] bot.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] bot.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] bot.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] cssrssv.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] cssrssv.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] cssrssv.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] servicz.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] servicz.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] syspic9.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] syspic9.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] syspic9.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] winhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] winhost.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] winhost.exe

O4 - HKLM\..\Run: [Microsoft Update Manager] scvideo.exe
O4 - HKLM\..\RunServices: [Microsoft Update Manager] scvideo.exe

O4 - HKLM\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKLM\..\RunServices: [Microsoft Vista Upgrade Validation Service] cfmon.exe
O4 - HKCU\..\Run: [Microsoft Vista Upgrade Validation Service] cfmon.exe

O4 - HKLM\..\Run: [Microsoft web update] webmsn.exe
O4 - HKLM\..\RunServices: [Microsoft web update] webmsn.exe

O4 - HKLM\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKLM\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\Run: [Microsoft Win Corp TLS Verification] mswintls.exe
O4 - HKCU\..\RunServices: [Microsoft Win Corp TLS Verification] mswintls.exe

O4 - HKLM\..\Run: [Microsoft WIN32 DOS] MSdos32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 DOS] MSdos32.exe

O4 - HKLM\..\Run: [Microsoft WIN32 Security] MSsec32.exe
O4 - HKLM\..\RunServices: [Microsoft WIN32 Security] MSsec32.exe

F2 - REG:system.ini: Shell=Explorer.exe msclt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msclt.exe
O4 - HKLM\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\Run: [Microsoft Windows Client Firewall] msclt.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Client Firewall] msclt.exe

F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bootini.exe
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\RunServices: [Microsoft Windows] bootini.exe

F2 - REG:system.ini: Shell=Explorer.exe wincomm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,wincomm.exe
O4 - HKLM\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe
O4 - HKCU\..\Run: [Microsoft Windows Communicator for NT/XP] wincomm.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] dllmanager32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] dllmanager32.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll.exe
O4 - HKCU\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] newdll2.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] newdll2.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] proxy.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] proxy.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe

O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

O4 - HKLM\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\Run: [Microsoft Windows Drivers] windrv.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Drivers] windrv.exe

O4 - HKLM\..\Run: [Microsoft Windows Explorer] C:\WINDOWS\system32\explorewin.exe

O4 - HKLM\..\Run: [Microsoft Windows Secure] windocs.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Secure] windocs.exe
O4 - HKCU\..\Run: [Microsoft Windows Secure] windocs.exe

O4 - HKLM\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services] msw32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services] msw32.exe

O4 - HKLM\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] dllrun32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Services Edt] dllrun32.exe

O4 - HKLM\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Services Edt] ssvvcchhoosst.exe
O4 - HKCU\..\Run: [Microsoft Windows Services Edt] ssvvcchhoosst.exe

O4 - HKLM\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\Run: [Microsoft Windows Socketx32 Services] winsockx32.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Socketx32 Services] winsockx32.exe

O4 - HKLM\..\Run: [Microsoft Windows Startup] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Startup] explorer.exe

O4 - HKLM\..\Run: [Microsoft Windows System] srwhost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] srwhost.exe

O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\Run: [Microsoft Windows Task Management] mstasks.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Task Management] mstasks.exe

O4 - HKLM\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\Run: [Microsoft Windows Tasks Management] taskmng.exe
O4 - HKCU\..\RunServices: [Microsoft Windows Tasks Management] taskmng.exe

O4 - HKLM\..\Run: [Microsoft Windows Updata] windows.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updata] windows.exe

O4 - HKLM\..\Run: [MICROSOFT Windows update] pdate.exe
O4 - HKLM\..\RunServices: [MICROSOFT Windows update] pdate.exe
O4 - HKCU\..\Run: [MICROSOFT Windows update] pdate.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] syssinfos.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] syssinfos.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] syssinfos.exe

O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe

O4 - HKLM\..\Run: [Microsoft Windows Updater] winupdate.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updater] winupdate.exe
O4 - HKCU\..\Run: [Microsoft Windows Updater] winupdate.exe

O4 - HKLM\..\Run: [Microsoft Windows Updates] wsap32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updates] wsap32.exe

O4 - HKLM\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKLM\..\RunServices: [Microsoft(R) Windows(R) Updating System] msresource.exe
O4 - HKCU\..\Run: [Microsoft(R) Windows(R) Updating System] msresource.exe

O4 - HKLM\..\Run: [Microsoft WinUpdate] syswin32.exe
O4 - HKLM\..\RunServices: [Microsoft WinUpdate] syswin32.exe
O4 - HKCU\..\Run: [Microsoft WinUpdate] syswin32.exe

O4 - HKLM\..\Run: [Microsoft Xp] pdate.exe
O4 - HKLM\..\RunServices: [Microsoft Xp] pdate.exe

O4 - HKLM\..\Run: [Microsoft XPSP Protocol] xp386.exe
O4 - HKLM\..\RunServices: [Microsoft XPSP Protocol] xp386.exe
O4 - HKCU\..\Run: [Microsoft XPSP Protocol] xp386.exe

O4 - HKLM\..\Run: [Micrsft Updese] xagwxz.exe
O4 - HKLM\..\RunServices: [Micrsft Updese] xagwxz.exe

O4 - HKLM\..\Run: [Micsoft-Published-Software] explrer.exe
O4 - HKLM\..\RunServices: [Micsoft-Published-Software] explrer.exe
O4 - HKCU\..\Run: [Micsoft-Published-Software] explrer.exe

O4 - HKLM\..\Run: [Mirsoft sdcE] taskmegr.exe
O4 - HKLM\..\RunServices: [Mirsoft sdcE] taskmegr.exe

O4 - HKLM\..\Run: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif
O4 - HKLM\..\RunServices: [Mlcr0s0ftf DDEs C0ntr0i] WAed.pif

O4 - HKLM\..\Run: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe
O4 - HKLM\..\RunServices: [Mlcrosoft Updates] C:\WINDOWS\System32\wmwplayers.exe

O4 - HKLM\..\Run: [mlibsysmc] comzcinc.exe
O4 - HKLM\..\RunServices: [mlibsysmc] comzcinc.exe

O4 - HKLM\..\Run: [mrsvctr] C:\WINDOWS\system32\mrsvctr.exe

O4 - HKLM\..\Run: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKLM\..\RunServices: [MS Auto-IPSec Protection] MSASP32.exe
O4 - HKCU\..\Run: [MS Auto-IPSec Protection] MSASP32.exe

O4 - HKLM\..\Run: [MS Config] msdconfig.exe
O4 - HKLM\..\RunServices: [MS Config] msdconfig.exe
O4 - HKCU\..\Run: [MS Config] msdconfig.exe

O4 - HKLM\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKLM\..\RunServices: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\Run: [Ms configsu] msconfigsu.exe
O4 - HKCU\..\RunServices: [Ms configsu] msconfigsu.exe

O4 - HKLM\..\Run: [MS Config Service] Msloader32.exe
O4 - HKLM\..\RunServices: [MS Config Service] Msloader32.exe

O4 - HKLM\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] MSDNSD32.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] MSDNSD32.exe

O4 - HKLM\..\Run: [MS Domain Name Server Deamon] p.exe
O4 - HKLM\..\RunServices: [MS Domain Name Server Deamon] p.exe
O4 - HKCU\..\Run: [MS Domain Name Server Deamon] p.exe

O4 - HKLM\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKLM\..\RunServices: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe
O4 - HKCU\..\Run: [MS Dynamic Host Configuration Protocol] MSDHCP32.exe

F2 - REG:system.ini: Shell=Explorer.exe javaapplets.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplets.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT, ME & XP] javaapplets.exe

F2 - REG:system.ini: Shell=Explorer.exe javaapplet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javaapplet.exe
O4 - HKLM\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKLM\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\Run: [MS Java Applets for Windows NT & XP] javaapplet.exe
O4 - HKCU\..\RunServices: [MS Java Applets for Windows NT & XP] javaapplet.exe

F2 - REG:system.ini: Shell=Explorer.exe msjava.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjava.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\Run: [Ms Java for Windows NT] msjava.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe
(or filename - mguard.exe / msi32java.exe / (Random Number)_netapi.exe / MS32.exe)

F2 - REG:system.ini: Shell=Explorer.exe xpjavams.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xpjavams.exe
O4 - HKLM\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKLM\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\Run: [MS Java for Windows NT, XP & ME] xpjavams.exe
O4 - HKCU\..\RunServices: [MS Java for Windows NT, XP & ME] xpjavams.exe

F2 - REG:system.ini: Shell=Explorer.exe javanet.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,javanet.exe
O4 - HKLM\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKLM\..\RunServices: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\Run: [MS Java for Windows XP & NT] javanet.exe
O4 - HKCU\..\RunServices: [MS Java for Windows XP & NT] javanet.exe

F2 - REG:system.ini: Shell=Explorer.exe msjavames.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavames.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, ME & XP] msjavames.exe

F2 - REG:system.ini: Shell=Explorer.exe msjavaxps.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msjavaxps.exe
O4 - HKLM\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\Run: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows 98, NT, XP & ME] msjavaxps.exe

F2 - REG:system.ini: Shell=Explorer.exe wrapper.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,wrapper.exe
O4 - HKLM\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKLM\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\Run: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe
O4 - HKCU\..\RunServices: [MS Java Service Wrapper for Windows NT & XP] wrapper.exe

F2 - REG:system.ini: Shell=Explorer.exe msijavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msijavaupdt32.exe
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKLM\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
O4 - HKCU\..\RunServices: [Ms Java Update For Windows NT/XP] msijavaupdt32.exe
(or filename - msejavaupdt32.exe)

F2 - REG:system.ini: Shell=Explorer.exe winskd.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,winskd.exe
O4 - HKLM\..\Run: [Ms load for Windows NT] winskd.exe
O4 - HKCU\..\Run: [Ms load for Windows NT] winskd.exe

O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe

F2 - REG:system.ini: Shell=Explorer.exe msident.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msident.exe
O4 - HKLM\..\Run: [MS Security Update 993] msident.exe
O4 - HKLM\..\RunServices: [MS Security Update 993] msident.exe
O4 - HKCU\..\Run: [MS Security Update 993] msident.exe
O4 - HKCU\..\RunServices: [MS Security Update 993] msident.exe

F2 - REG:system.ini: Shell=Explorer.exe winser.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winser.exe
O4 - HKLM\..\Run: [Ms sock for Windows NT] winser.exe
O4 - HKCU\..\Run: [Ms sock for Windows NT] winser.exe

O4 - HKLM\..\Run: [Ms Spool32] iexplore.exe
O4 - HKLM\..\RunServices: [Ms Spool32] iexplore.exe

O4 - HKLM\..\Run: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe
O4 - HKLM\..\RunServices: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe
O4 - HKCU\..\Run: [MS System Call Function] C:\WINDOWS\system32\msscf32.exe

O4 - HKLM\..\Run: [Ms System Config] Mscfg.exe
O4 - HKLM\..\RunServices: [Ms System Config] Mscfg.exe
O4 - HKCU\..\Run: [Ms System Config] Mscfg.exe
O4 - HKCU\..\RunServices: [Ms System Config] Mscfg.exe

O4 - HKLM\..\Run: [Ms System Config] pcedit.exe
O4 - HKLM\..\RunServices: [Ms System Config] pcedit.exe
O4 - HKCU\..\Run: [Ms System Config] pcedit.exe

O4 - HKLM\..\Run: [MS Service Drivers] winscv.exe
O4 - HKLM\..\RunServices: [MS Service Drivers] winscv.exe
O4 - HKCU\..\Run: [MS Service Drivers] winscv.exe
O4 - HKCU\..\RunServices: [MS Service Drivers] winscv.exe

O4 - HKLM\..\Run: [Ms Task Manager] tskmgr.exe
O4 - HKLM\..\RunServices: [Ms Task Manager] tskmgr.exe

O4 - HKLM\..\Run: [MS Unix Binary] cssrs.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] cssrs.exe
O4 - HKCU\..\Run: [MS Unix Binary] cssrs.exe

O4 - HKLM\..\Run: [MS Unix Binary] hypertrm.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] hypertrm.exe
O4 - HKCU\..\Run: [MS Unix Binary] hypertrm.exe

O4 - HKLM\..\Run: [MS Unix Binary] msnupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] msmq2inst.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msmq2inst.exe
O4 - HKCU\..\Run: [MS Unix Binary] msmq2inst.exe

O4 - HKLM\..\Run: [MS Unix Binary] msnq3insller.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] msnq3insller.exe
O4 - HKCU\..\Run: [MS Unix Binary] msnq3insller.exe

O4 - HKLM\..\Run: [MS Unix Binary] Norton2005Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Norton2005Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Norton2005Update.exe

O4 - HKLM\..\Run: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] outlookexpressupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] outlookexpressupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] trmupdate.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] trmupdate.exe
O4 - HKCU\..\Run: [MS Unix Binary] trmupdate.exe

O4 - HKLM\..\Run: [MS Unix Binary] win32ttb.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] win32ttb.exe
O4 - HKCU\..\Run: [MS Unix Binary] win32ttb.exe

O4 - HKLM\..\Run: [MS Unix Binary] Win32Update.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] Win32Update.exe
O4 - HKCU\..\Run: [MS Unix Binary] Win32Update.exe

O4 - HKLM\..\Run: [MS Unix Binary] WinGuard.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] WinGuard.exe
O4 - HKCU\..\Run: [MS Unix Binary] WinGuard.exe

O4 - HKLM\..\Run: [MS Unix Binary] wrdpad05.exe
O4 - HKLM\..\RunServices: [MS Unix Binary] wrdpad05.exe
O4 - HKCU\..\Run: [MS Unix Binary] wrdpad05.exe

F2 - REG:system.ini: Shell=Explorer.exe winservnt32.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,winservnt32.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\RunServices: [Ms Update WinServices NT/XP] winservnt32.exe

O4 - HKLM\..\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\..\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\..\Run: [MS Windows System Alert] MSWSA32.exe

O4 - HKLM\..\Run: [MS-Windows Login Service] winlogin32.exe
O4 - HKLM\..\RunServices: [MS-Windows Login Service] winlogin32.exe

O4 - HKLM\..\Run: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe

O4 - HKLM\..\Run: [msdatabase] msdatabase.exe
O4 - HKLM\..\RunServices: [msdatabase] msdatabase.exe

O4 - HKLM\..\Run: [msdev] msdev.exe
O4 - HKLM\..\RunOnce: [msdev] msdev.exe
O4 - HKLM\..\RunServices: [msdev] msdev.exe
O4 - HKCU\..\Run: [msdev] msdev.exe
O4 - HKCU\..\RunOnce: [msdev] msdev.exe

F2 - REG:system.ini: Shell=Explorer.exe msdnxp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdnxp.exe
O4 - HKLM\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe
O4 - HKCU\..\RunServices: [MSDN for Windows NT & WinXP] msdnxp.exe

F2 - REG:system.ini: Shell=Explorer.exe msdn-nt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,msdn-nt.exe
O4 - HKLM\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe
O4 - HKCU\..\RunServices: [MSDN for Windows with NT's] msdn-nt.exe

O4 - HKLM\..\Run: [MSDOS Windows Service] MSDOS.PIF
O4 - HKLM\..\RunServices: [MSDOS Windows Service] MSDOS.PIF
O4 - HKCU\..\Run: [MSDOS Windows Service] MSDOS.PIF

O4 - HKCU\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe
O4 - HKLM\..\Run: [msmsngr] C:\WINDOWS\System32\msmsngr.exe

O4 - HKLM\..\Run: [MSN] msn16.exe
O4 - HKLM\..\RunServices: [MSN] msn16.exe
O4 - HKCU\..\Run: [MSN] msn16.exe

O4 - HKLM\..\Run: [msnsmgr] MsnMsr.exe

O4 - HKLM\..\Run: [MSN Checker] msnchecker.exe
O4 - HKLM\..\RunServices: [MSN Checker] msnchecker.exe
O4 - HKCU\..\Run: [MSN Checker] msnchecker.exe
O4 - HKCU\..\RunServices: [MSN Checker] msnchecker.exe

O4 - HKLM\..\Run: [MSN Live Messanger] msnlive.exe
O4 - HKLM\..\RunServices: [MSN Live Messanger] msnlive.exe

O4 - HKCU\..\Run: [MSN Live Messanger] msnlivegs.exe
O4 - HKLM\..\Run: [MSN Live Messanger] msnlivegs.exe

O4 - HKLM\..\Run: [Msn Messanger] C:\WINDOWS\system32\crsss.exe
O4 - HKLM\..\RunServices: [Msn Messanger] C:\WINDOWS\system32\crsss.exe

O4 - HKLM\..\Run: [MSN messanger] msnmsgsm.exe
O4 - HKLM\..\RunServices: [MSN messanger] msnmsgsm.exe

O4 - HKLM\..\Run: [MSN Messanger] msnmsgsmn.exe
O4 - HKLM\..\RunServices: [MSN Messanger] msnmsgsmn.exe
O4 - HKCU\..\Run: [MSN Messanger] msnmsgsmn.exe

O4 - HKLM\..\Run: [MSN Messanger Live] winntmsn.exe
O4 - HKLM\..\RunServices: [MSN Messanger Live] winntmsn.exe
O4 - HKCU\..\Run: [MSN Messanger Live] winntmsn.exe

O4 - HKLM\..\Run: [Msn Messenger] msnmsgs.exe

O4 - HKLM\..\Run: [MSN MESSENGER] svhostes.exe
O4 - HKLM\..\RunServices: [MSN MESSENGER] svhostes.exe
O4 - HKCU\..\Run: [MSN MESSENGER] svhostes.exe

O4 - HKLM\..\Run:
24 Mars 2007 15:10:51

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:10:38, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\services.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\services.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\courteoux\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6195 bytes
24 Mars 2007 15:13:01

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:10:38, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\services.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\services.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\courteoux\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6195 bytes
24 Mars 2007 15:20:34

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:10:38, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\services.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\services.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\courteoux\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 6195 bytes
24 Mars 2007 15:47:11

Tu as refais une mauvaise manip avec SDFix et HijackThis est inchangé.
Tu n'as pas non plus supprimé les fichiers demandés.

Recommence ceci.

chercheur_ a dit :
Re


Supprime SDFix, on change de façon de faire


Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
.


1 Télécharge
CCleaner.

http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...


2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


3 Relance un scan HijackThis et coche les lignes ci-dessous :

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Loud Date 16 Soap] C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate\Thunkdash.exe
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer


5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate
C:\Documents and Settings\courteoux\Application Data\32 dale logo
C:\WINDOWS\Tasks\A847E5B991849C2D.job

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.


6 Lance le nettoyage avec CCleaner.


7 Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.

24 Mars 2007 15:55:50

Si j'ai fait exactement sa..
24 Mars 2007 15:57:29

Si j'ai fait exactement sa..
24 Mars 2007 16:04:32

J'ai réussi a suprimer C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate et C:\WINDOWS\Tasks\A847E5B991849C2D.job mais le reste impossible!
24 Mars 2007 16:05:32

Bonjour


Tu as encore fait une mauvaise manip avec SDFix.
Et les fichiers infectieux sont toujours là.
Recommence ceci

chercheur_ a dit :
Re


Supprime SDFix, on change de façon de faire


Une partie de la procédure se déroulera sans avoir accès à internet, prière d'imprimer ces instructions, ou de les coller dans un fichier texte, pour lecture durant cette désinfection.
Les manipulations sont à faire sans interruption et dans l'ordre.
Si tu ne comprends pas quelque chose, demande des explications avant de commencer
.


1 Télécharge
CCleaner.

http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...


2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.


3 Relance un scan HijackThis et coche les lignes ci-dessous :

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (file missing)
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Loud Date 16 Soap] C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate\Thunkdash.exe
O4 - HKCU\..\Run: [Gpl roam] C:\DOCUME~1\COURTE~1\APPLIC~1\32DALE~1\PART WINDOW CLOCK.exe
O4 - HKLM\..\Policies\Explorer\Run: [DirectX For Microsoft® Windows] C:\WINDOWS\system32\fservice.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


4 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer


5 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Documents and Settings\All Users\Application Data\Dumbbaselouddate
C:\Documents and Settings\courteoux\Application Data\32 dale logo
C:\WINDOWS\Tasks\A847E5B991849C2D.job

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.


6 Lance le nettoyage avec CCleaner.


7 Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer

Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche

Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.

24 Mars 2007 16:33:15

Il n'y pas de Report.txt
24 Mars 2007 17:04:52

a75b015 a dit :
Il n'y pas de Report.txt

Cest normal, SDFix n'a pas été bien utilisé.

As tu fais la manip en mode sans échec ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS