dimanche 27 avril 2008
Naked
Par Laurent, dimanche 27 avril 2008 à 20:28
MAD (Malware Analysis & Diagnostic) nous propose une lecture fort interessante retraçant l'évolution des variantes "Naked"
En lire plus
En lire plus
Version1.713
Par Laurent, dimanche 27 avril 2008 à 18:18
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Csrss Host"=-
%winsys%\csrhost.exe
"Csrss Host"=-
%winsys%\csrhost.exe
Version 1.712
Par Laurent, dimanche 27 avril 2008 à 09:24
Controle / Mise à jour / ajout
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Modifiet Amateur"=-
"Clip Srv"=-
"java"=-
"Windows Sound Manager"=-
"Microsoft Windows Express"=-
"Windows Driver Sup"=-
"MSN UPNP"=-
"MSN Software"=-
"Msn Serv"=-
"MSN Hosts"=-
"Sysctrls"=-
"MSN User Service!"=-
"Wifi Booter"=-
"System Manager"=-
"Wifi Loader"=-
"Microsoft Oftice"=-
"MSN Messager"=-
"CHK Disker"=-
"Win32 Config"=-
"Chat Deamon MSN"=-
"MSN Servicer"=-
"MSN Manager"=-
"MSN Server"=-
"Windows System"=-
"Microsoft Windows Express"=-
"Clean Mgr"=-
"DRam prosessor"=-
"Wifi Boot"=-
"Windows Live Messenger!"=-
"Smss Host"=-
"Win Updates"=-
"MSN Configs"=-
"MS Initial"=-
"MSN Live Client"=-
"Microsoft Security Monitor Process"=-
"IPLog Security"=-
"Microsoft Live 8.5"=-
"Windows Boot"=-
"Windows Time Service Diagnostic Tool"=-
"Wifi Loader!"=-
"Windows Service Threads"=-
"Clip Srv"=-
"Windows Sound Manager"=-
"Windows Driver Sup"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Modifiet Amateur"=-
"java"=-
"Sysctrls"=-
"Microsoft Oftice"=-
"GetWayLayer"=-
"Microsoft Live 8.5"=-
"Windows Time Service Diagnostic Tool"=-
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"java"=-
"Microsoft Windows Express"=-
"GetWayLaye"=-
"Microsoft Security Monitor Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Express"=-
"Sysctrls"=-
"Win32 Config"=-
"Microsoft Windows Express"=-
"DRam prosessor"=-
"GetWayLayer"=-
"Microsoft Security Monitor Process"=-
"Microsoft Live 8.5"=-
"Windows Time Service Diagnostic Tool"=-
[HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa]
"Win32 Config"=-
%Windir%\princ.exe
%Temp%\1.reg
%winsys%\system.exe
%winsys%\aqwsde.exe
%winsys%\msl.exe
%winsys%\clipsv.exe
%winsys%\system.exe
%windir%\gearsec.exe
%winsys%\windowslogonb.exe
%Windir%\adminlogg.txt
%Windir%\windvrhost.exe
%winsys%\keymaker.exe
%winsys%\win32dll.exe
%winsys%\wbem\winscrvs.exe
%Windir%\windvrhost.exe
%winsys%\clipsv.exe
%winsys%\svcthreading.exe
%winsys%\wifiloader.exe
%winsys%\windowsboot.exe
%winsys%\xwwfrpo.exe
%winsys%\iplogsec.exe
%winsys%\msnlvclient.exe
%winsys%\mstinitial.exe
%winsys%\msnconfig.exe
%winsys%\xhxugzoyubc.exe
%winsys%\winupdates.exe
%winsys%\smhost.exe
%winsys%\wifiboot.exe
%winsys%\livemsngr.exe
%winsys%\msupdate.exe
%winsys%\cleanmg.exe
%winsys%\msnserv.exe
%winsys%\msnmgrsv.exe
%winsys%\msmsnserver.exe
%winsys%\msnsoftware.exe
%winsys%\msnupnp.exe
%winsys%\msnserv.exe
%winsys%\msnservicer.exe
%winsys%\msnhosts.exe
%winsys%\wifiload.exe
%winsys%\win32dll.exe
%winsys%\sysmgr.exe
%winsys%\msmsgs.exe
%winsys%\msnmgr.exe
%winsys%\chkdsker.exe
%winsys%\winsystem.exe
%winsys%\websploit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Modifiet Amateur"=-
"Clip Srv"=-
"java"=-
"Windows Sound Manager"=-
"Microsoft Windows Express"=-
"Windows Driver Sup"=-
"MSN UPNP"=-
"MSN Software"=-
"Msn Serv"=-
"MSN Hosts"=-
"Sysctrls"=-
"MSN User Service!"=-
"Wifi Booter"=-
"System Manager"=-
"Wifi Loader"=-
"Microsoft Oftice"=-
"MSN Messager"=-
"CHK Disker"=-
"Win32 Config"=-
"Chat Deamon MSN"=-
"MSN Servicer"=-
"MSN Manager"=-
"MSN Server"=-
"Windows System"=-
"Microsoft Windows Express"=-
"Clean Mgr"=-
"DRam prosessor"=-
"Wifi Boot"=-
"Windows Live Messenger!"=-
"Smss Host"=-
"Win Updates"=-
"MSN Configs"=-
"MS Initial"=-
"MSN Live Client"=-
"Microsoft Security Monitor Process"=-
"IPLog Security"=-
"Microsoft Live 8.5"=-
"Windows Boot"=-
"Windows Time Service Diagnostic Tool"=-
"Wifi Loader!"=-
"Windows Service Threads"=-
"Clip Srv"=-
"Windows Sound Manager"=-
"Windows Driver Sup"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Modifiet Amateur"=-
"java"=-
"Sysctrls"=-
"Microsoft Oftice"=-
"GetWayLayer"=-
"Microsoft Live 8.5"=-
"Windows Time Service Diagnostic Tool"=-
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"java"=-
"Microsoft Windows Express"=-
"GetWayLaye"=-
"Microsoft Security Monitor Process"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows Express"=-
"Sysctrls"=-
"Win32 Config"=-
"Microsoft Windows Express"=-
"DRam prosessor"=-
"GetWayLayer"=-
"Microsoft Security Monitor Process"=-
"Microsoft Live 8.5"=-
"Windows Time Service Diagnostic Tool"=-
[HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa]
"Win32 Config"=-
%Windir%\princ.exe
%Temp%\1.reg
%winsys%\system.exe
%winsys%\aqwsde.exe
%winsys%\msl.exe
%winsys%\clipsv.exe
%winsys%\system.exe
%windir%\gearsec.exe
%winsys%\windowslogonb.exe
%Windir%\adminlogg.txt
%Windir%\windvrhost.exe
%winsys%\keymaker.exe
%winsys%\win32dll.exe
%winsys%\wbem\winscrvs.exe
%Windir%\windvrhost.exe
%winsys%\clipsv.exe
%winsys%\svcthreading.exe
%winsys%\wifiloader.exe
%winsys%\windowsboot.exe
%winsys%\xwwfrpo.exe
%winsys%\iplogsec.exe
%winsys%\msnlvclient.exe
%winsys%\mstinitial.exe
%winsys%\msnconfig.exe
%winsys%\xhxugzoyubc.exe
%winsys%\winupdates.exe
%winsys%\smhost.exe
%winsys%\wifiboot.exe
%winsys%\livemsngr.exe
%winsys%\msupdate.exe
%winsys%\cleanmg.exe
%winsys%\msnserv.exe
%winsys%\msnmgrsv.exe
%winsys%\msmsnserver.exe
%winsys%\msnsoftware.exe
%winsys%\msnupnp.exe
%winsys%\msnserv.exe
%winsys%\msnservicer.exe
%winsys%\msnhosts.exe
%winsys%\wifiload.exe
%winsys%\win32dll.exe
%winsys%\sysmgr.exe
%winsys%\msmsgs.exe
%winsys%\msnmgr.exe
%winsys%\chkdsker.exe
%winsys%\winsystem.exe
%winsys%\websploit.exe
samedi 26 avril 2008
Version 1.711
Par Laurent, samedi 26 avril 2008 à 10:30
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"User Login Function Service"=-
"System"=-
"Microsoft AntiVirus User Service"=-
"Terminal Execution Exchange Deamon Service"=-
"Windows Recovery Service Manager"=-
"MSN SHARE"=-
"Ci Svr"=-
"Clean Mgr"=-
"iExplore Ini"=-
"iExpresser"=-
"Boot K"=-
"Boot Verify"=-
"DVD Upgrade"=-
"Font Viewer"=-
"MSN User Server!"=-
"Windows Update"=-
"CHK Disker"=-
"Cli Confg"=-
"Clip Srv"=-
"cScripts"=-
"iPSec7"=-
"iPX Router"=-
"Live Messanger"=-
"MQT Svc"=-
"MS Initial"=-
"Popup Blocker"=-
"Windows Driver Sup"=-
%Windir%\adminlogg.txt
%Windir%\windvrhost.exe
%winsys%\msnshare.exe
%winsys%\texds.exe
%winsys%\kernels32.exe
%winsys%\msavus.exe
%winsys%\dlh9jkd1q8.exe
%winsys%\wrsm.exe
%winsys%\ulfs.exe
%winsys%\chkdsker.exe
%winsys%\cliconfig.exe
%winsys%\clipsv.exe
%winsys%\cscripts.exe
%winsys%\ipsec7.exe
%winsys%\ipxrouter.exe
%winsys%\wllmsngr.exe
%winsys%\mqtsvc.exe
%winsys%\mstinitial.exe
%winsys%\msnpopblck.exe
%winsys%\cisvr.exe
%winsys%\cleanmg.exe
%winsys%\ie4uini.exe
%winsys%\iexpresser.exe
%winsys%\msnservices.exe
%winsys%\bt\Systemx.exe
%winsys%\winlogonpc.exe
%winsys%\WINWGPX.EXE
%winsys%\bootk.exe
%winsys%\bootvfy.exe
%winsys%\dvdupgd.exe
%winsys%\fontviewer.exe
"User Login Function Service"=-
"System"=-
"Microsoft AntiVirus User Service"=-
"Terminal Execution Exchange Deamon Service"=-
"Windows Recovery Service Manager"=-
"MSN SHARE"=-
"Ci Svr"=-
"Clean Mgr"=-
"iExplore Ini"=-
"iExpresser"=-
"Boot K"=-
"Boot Verify"=-
"DVD Upgrade"=-
"Font Viewer"=-
"MSN User Server!"=-
"Windows Update"=-
"CHK Disker"=-
"Cli Confg"=-
"Clip Srv"=-
"cScripts"=-
"iPSec7"=-
"iPX Router"=-
"Live Messanger"=-
"MQT Svc"=-
"MS Initial"=-
"Popup Blocker"=-
"Windows Driver Sup"=-
%Windir%\adminlogg.txt
%Windir%\windvrhost.exe
%winsys%\msnshare.exe
%winsys%\texds.exe
%winsys%\kernels32.exe
%winsys%\msavus.exe
%winsys%\dlh9jkd1q8.exe
%winsys%\wrsm.exe
%winsys%\ulfs.exe
%winsys%\chkdsker.exe
%winsys%\cliconfig.exe
%winsys%\clipsv.exe
%winsys%\cscripts.exe
%winsys%\ipsec7.exe
%winsys%\ipxrouter.exe
%winsys%\wllmsngr.exe
%winsys%\mqtsvc.exe
%winsys%\mstinitial.exe
%winsys%\msnpopblck.exe
%winsys%\cisvr.exe
%winsys%\cleanmg.exe
%winsys%\ie4uini.exe
%winsys%\iexpresser.exe
%winsys%\msnservices.exe
%winsys%\bt\Systemx.exe
%winsys%\winlogonpc.exe
%winsys%\WINWGPX.EXE
%winsys%\bootk.exe
%winsys%\bootvfy.exe
%winsys%\dvdupgd.exe
%winsys%\fontviewer.exe
mercredi 23 avril 2008
Version 1.710
Par Laurent, mercredi 23 avril 2008 à 01:19
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft AntiVirus User Service = %system%\msavus.exe
Windows Recovery Service Manager = %system%\wrsm.exe
Microsoft AntiVirus User Service = %system%\msavus.exe
Windows Recovery Service Manager = %system%\wrsm.exe
mardi 22 avril 2008
Version 1.709
Par Laurent, mardi 22 avril 2008 à 00:54
%Temp%\WERb556.dir00\W,),),W,))),)W)W,,,WWWW))WWW),WW..hdmp
%Temp%\WERb556.dir00\W,),),W,))),)W)W,,,WWWW))WWW),WW..mdmp
%System%\funnymovies.txt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ghost Relay"=W,),),W,))),)W)W,,,WWWW))WWW),WW.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htc]
Content Type = "FT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit = "%System%\userinit.exe,W,),),W,))),)W)W,,,WWWW))WWW),WW.exe"
%Temp%\WERb556.dir00\W,),),W,))),)W)W,,,WWWW))WWW),WW..mdmp
%System%\funnymovies.txt
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ghost Relay"=W,),),W,))),)W)W,,,WWWW))WWW),WW.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htc]
Content Type = "FT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit = "%System%\userinit.exe,W,),),W,))),)W)W,,,WWWW))WWW),WW.exe"
samedi 19 avril 2008
Version 1.708
Par Laurent, samedi 19 avril 2008 à 21:24
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKEY_LOCAL_MACHINE\SOFTWARE\Sarr
HKEY_CURRENT_USER\Software\Classes\CLSID\{F0CD1A40-0C78-1033-0410-0710070001}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
advap32=-
System=-
DRM Upgrade=-
MS Paint=-
%Temp%\load3.exe
%Temp%\win32.exe
%System%\wind32.exe
%System%\dllgh8jkd1q8.exe
%System%\cbevtsvc.exe
%ProgramFiles%\InetGet2\YazzleBundle-1560.exe
%ProgramFiles%\Common Files\Yazzle1560OinAdmin.exe
%Temp%\mshtml3.exe
%Temp%\mshtml2.exe
%System%\dllgh8jkd1q8.exe
%System%\wind32.exe
%System%\drmupgd.exe
%System%\mspainter.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CBEVTSVC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CbEvtSvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKEY_LOCAL_MACHINE\SOFTWARE\Sarr
HKEY_CURRENT_USER\Software\Classes\CLSID\{F0CD1A40-0C78-1033-0410-0710070001}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
advap32=-
System=-
DRM Upgrade=-
MS Paint=-
%Temp%\load3.exe
%Temp%\win32.exe
%System%\wind32.exe
%System%\dllgh8jkd1q8.exe
%System%\cbevtsvc.exe
%ProgramFiles%\InetGet2\YazzleBundle-1560.exe
%ProgramFiles%\Common Files\Yazzle1560OinAdmin.exe
%Temp%\mshtml3.exe
%Temp%\mshtml2.exe
%System%\dllgh8jkd1q8.exe
%System%\wind32.exe
%System%\drmupgd.exe
%System%\mspainter.exe
Version 1.707
Par Laurent, samedi 19 avril 2008 à 09:14
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner]
[-HKEY_CURRENT_USER\Software\SpeedRunner]
%AppData%\SpeedRunner\config.cfg
%AppData%\SpeedRunner\SRUninstall.exe
%ProgramFiles%\InetGet2\SRInstaller.exe
%AppData%\SpeedRunner
%ProgramFiles%\Inet_Get_2
added Option N in langage menu (Norwegian translation)
[-HKEY_CURRENT_USER\Software\SpeedRunner]
%AppData%\SpeedRunner\config.cfg
%AppData%\SpeedRunner\SRUninstall.exe
%ProgramFiles%\InetGet2\SRInstaller.exe
%AppData%\SpeedRunner
%ProgramFiles%\Inet_Get_2
added Option N in langage menu (Norwegian translation)
Infection MSN : Comment
Par Laurent, samedi 19 avril 2008 à 08:40
Un petit topo sur les infections par MSN ou Windows live messenger. par Gof
mercredi 16 avril 2008
Version 1.706
Par Laurent, mercredi 16 avril 2008 à 06:28
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Twain"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Twain]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{F0CD1A40-0C78-1033-0410-0710070001}]
%InternetCache%\bestwiner.stt
%ProgramFiles%\Twain\Twain.exe
%Temp%\365.dat
%AppData%\Microsoft\Windows\qganni.exe
%ProgramFiles%\Temporary
%ProgramFiles%\Twain
"Twain"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Twain]
[-HKEY_CURRENT_USER\Software\Classes\CLSID\{F0CD1A40-0C78-1033-0410-0710070001}]
%InternetCache%\bestwiner.stt
%ProgramFiles%\Twain\Twain.exe
%Temp%\365.dat
%AppData%\Microsoft\Windows\qganni.exe
%ProgramFiles%\Temporary
%ProgramFiles%\Twain
lundi 14 avril 2008
Version 1.704
Par Laurent, lundi 14 avril 2008 à 06:40
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Msn Boot = "msnbootcfg.exe"
Msn Startup = "msnstartup.exe"
Msn Boot = "msnbootcfg.exe"
Msn Startup = "msnstartup.exe"
dimanche 13 avril 2008
Version 1.703
Par Laurent, dimanche 13 avril 2008 à 09:38
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^ %%%^% %^^ ^^%%% %^^%% % ^%^^% % ^%^^ % %^^^^% .exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^ %%%^% %^^ ^^%%% %^^%% % ^%^^% % ^%^^ % %^^^^% .exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\^ %%%^% %^^ ^^%%% %^^%% % ^%^^% % ^%^^ % %^^^^% .exe
mercredi 9 avril 2008
Version 1.702
Par Laurent, mercredi 9 avril 2008 à 06:45
%winsys%\csf.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Side Firewall"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Side Firewall"=-
mardi 8 avril 2008
Version 1.701
Par Laurent, mardi 8 avril 2008 à 06:39
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSN Manager = "msnmgrsv.exe"
Windows Live Messenger! = "livemsngr.exe"
Remote Services Manager = "msrmsvc.exe"
MSN Live Client = "msnlvclient.exe"
Windows Live Msgr = "wllivemsgr.exe"
MSN Manager = "msnmgrsv.exe"
Windows Live Messenger! = "livemsngr.exe"
Remote Services Manager = "msrmsvc.exe"
MSN Live Client = "msnlvclient.exe"
Windows Live Msgr = "wllivemsgr.exe"
dimanche 6 avril 2008
Version 1.700
Par Laurent, dimanche 6 avril 2008 à 10:22
%Windir%\winlogon.exe
%System%\servl.dll
%System%\servl2.dll
%System%\msnsoftware.exe
%System%\spool23.exe
%System%\teim.exe
%System%\cdmsn.exe
%System%\livemsngr.exe
%System%\msupnp.exe
%Temp%\misfotos_*.zip
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogon"=-
"MSN Software"=-
"Microsoft Spool Service"=-
"Telnet Engin Interface Manager"=-
"Chat Deamon MSN"=-
"Windows Live Messenger!"=-
"Microsoft UPnP"=-
%System%\servl.dll
%System%\servl2.dll
%System%\msnsoftware.exe
%System%\spool23.exe
%System%\teim.exe
%System%\cdmsn.exe
%System%\livemsngr.exe
%System%\msupnp.exe
%Temp%\misfotos_*.zip
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winlogon"=-
"MSN Software"=-
"Microsoft Spool Service"=-
"Telnet Engin Interface Manager"=-
"Chat Deamon MSN"=-
"Windows Live Messenger!"=-
"Microsoft UPnP"=-
samedi 5 avril 2008
Version 1.699
Par Laurent, samedi 5 avril 2008 à 08:18
* __Fichier__
%winsys%\msnusr.exe
%winsys%\msnupdsv.exe
%winsys%\prov.exe
%winsys%\ysmngr.exe
%winsys%\wnd32.exe
%winsys%\psknowoxbli.exe
%winsys%\msnlvclient.exe
%winsys%\msnupnp.exe
* __Registre__
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSN File Sharing"=-
"MSN Update Service"=-
"MSN Live Client"=-
"System Manager"=-
"Windows MSN Updates"=-
"GetWayLayer"=-
"MSN UPSP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"GetWayLayer"=-
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"GetWayLayer"=
%winsys%\msnusr.exe
%winsys%\msnupdsv.exe
%winsys%\prov.exe
%winsys%\ysmngr.exe
%winsys%\wnd32.exe
%winsys%\psknowoxbli.exe
%winsys%\msnlvclient.exe
%winsys%\msnupnp.exe
* __Registre__
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSN File Sharing"=-
"MSN Update Service"=-
"MSN Live Client"=-
"System Manager"=-
"Windows MSN Updates"=-
"GetWayLayer"=-
"MSN UPSP"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"GetWayLayer"=-
[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"GetWayLayer"=
jeudi 3 avril 2008
Version 1.698
Par Laurent, jeudi 3 avril 2008 à 19:29
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Service Manager Device"=-
"Microsoft Help"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System Service Manager Device"=-
[HKEY_CURRENT_USER\Software\ASProtect]
"System Service Manager Device"=-
%winsys%\svho.exe
%systemdrive%\RECYCLER\svchost.exe
"System Service Manager Device"=-
"Microsoft Help"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"System Service Manager Device"=-
[HKEY_CURRENT_USER\Software\ASProtect]
"System Service Manager Device"=-
%winsys%\svho.exe
%systemdrive%\RECYCLER\svchost.exe
Version 1.697-1
Par Laurent, jeudi 3 avril 2008 à 06:18
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Microsofts Nav Manager = "mswnm.exe"
%windir%\system32\mswnm.exe
mercredi 2 avril 2008
Version 1.697
Par Laurent, mercredi 2 avril 2008 à 19:57
%windir%\Msshield.exe
%windir%\Party_*_jpg.zip
%temp%\misfotos_*.zip
%Common Startup%\msn_*_upd*.exe
O4 - HKLM\..\Run: [Msshield.exe] C:\WINDOWS\Msshield.exe
O4 - HKLM\..\Run: [Windows Chat Deamon] wcds.exe
mardi 1 avril 2008
version 1.696
Par Laurent, mardi 1 avril 2008 à 20:49
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\^^^^^^.exe
O4 - HKLM\..\Run: Flash Media C:\WINDOWS\system32\^^^^^^.exe
