[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Live Windows Messenger Version
Device IO System
Core System Hardware


%winsys%\msnmessage7.7.exe
%winsys%\eviceio.exe
%winsys%\syscorehd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Security Server DB"=-
"Security Service DB"=-
"Security Center Distribution"=-
"Device Hardware"=-


%winsys%\devicehnd.exe
%winsys%\secserver.exe
%winsys%\securesec.exe
%winsys%\secservice.exe

Mise à jour / Update
Hostsclean.exe

Ajout / Add

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Security Driver"=%winsys%\devicesec.exe

Ajout de Hostsclean.exe
Hostsclean.exe est un outil que j'ai créé, Il permet de supprimer les lignes du fichier hosts qui pourraient empécher le téléchargement, Mise à jour de vos logiciels de sécurité mais encore empêcher l'accès à certains sites de dépannage tel que Malekal.com par exemple. L'outil fonctionne par comparaison grace à une liste de référence contenant actuellement un peu plus de 300 entrées

Liste des sites / forums traités par Hostsclean.exe
2ca.com
2-spyware.com
360.cn
360safe.com
5starsupport.com
about.com
adwareaway.com
ahnlab.com
aldria.com
alground.com
amazingtechs.com
analysis.seclab.tuwien.ac.at
andymanchesta.com
antirootkit.com
antislyware.com
antispywareoffensief.nl
antivir.es
antivirus.about.com
anti-virus.by
antivirus.com
antivirus.comodo.com
arcabit.com
assiste.com
atribune.org
auditmypc.com
authentium.com
avast.com
avg.com
avg-antivirus.net
avira.com
avira.com
avlab.comodo.com
avlab-ua.com
avp.com
baidu.com
baike.360.cn
bbs.360safe.com
bbs.cfan.com.cn
bbs.ikaka.com
besttechie.net
bfccomputers.com
bit9.com
bitdefender.com
bleedingthreats.net
bleepingcomputer.com
blog.hispasec.com
blog.threatfire.com
bluetack.co.uk
ca.com
carmainc.org
castlecops.com
castlecorps.com
castlecrops.com
cddchiangmai.net
centralcommand.com
cfan.com.cn
cfasi.fr
changelog.fr
chkrootkit.org
cit.kookmin.ac.kr
clamav.net
clamav.net
clamwin.com
commonsensesecurity.info
comodo.com
complex.is
computing.net
csrrt.org
customer.symantec.com
cwsandbox.org
cyberanswers.org
d-a-l.com
daniweb.com
dazhizhu.cn
dials.ru
diamondcs.com.au
discussions.virtualdr.com
down.360safe.com
download.bleepingcomputer.com
download.f-secure.com
download.lavasoft.de
download.mcafee.com
download.nai.com
download.sysinternals.com
dozleng.com
dreamwiz.com
drweb.com
eAladdin.com
elitepvpers.de
emsisoft.com
eradicatespyware.net
eset.com
ewido.net
experts-exchange.com
feedback.agnitum.com
file.ikaka.com
files.filefont.com
final4ever.com
finjan.com
firewallguide.com
forospyware.com
fortiguardcenter.com
fortinet.com
forum.hijackthis.de
forum.malekal.com
forum.piriform.com
forum.securitycadets.com
forum.sysinternals.com
forum.telecharger.01net.com
forum.tweaks.com
forums.maddoktor2.com
forums.majorgeeks.com
forums.techguy.org
forums.whatthetech.com
f-prot.com
free.avg.com
free.grisoft.com
free-av.com
freedomlist.com
freespywareremoval.info
f-secure.com
futurenow.bitdefender.com
geekstogo.com
geot.com
gladiator-antivirus.com
greatis.com
grisoft.com
grisoft.cz
guru0.grisoft.cz
guru1.grisoft.cz
guru2.grisoft.cz
guru3.grisoft.cz
guru4.grisoft.cz
guru5.grisoft.cz
hacksoft.com.pe
hauri.co.kr
hijackthis.de
hijackthis.nl
hispasec.com
hjt.net
hjt.networktechs.com
hjt-data.trend-braintree.com
hosts-file.net
housecall.trendmicro.com
huaifai.go.th
ikaka.com
ikarus.at
ikarus.net
inca.co.kr
incodesolutions.com
infos-du-net.com
infosecpodcast.com
infospyware.com
kaba.360.cn
kaspersky.com
kaspersky-labs.com
krupunmai.com
landzdown.com
lavasoft.com
lavasoft.de
lexikon.ikarus.at
linhadefensiva.org
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
lockergnome.com
lurker.clamav.net
maddoktor2.com
mailcenter.rising.com
mailcenter.rising.com.cn
majorgeeks.com
malekal.com
malwarebytes.org
malwarecomplaints.info
malwareremoval.com
mast.mcafee.com
mcafee.com
members.rushmore.com
Merijn.org
mickeytheman.com
microsoft.com
microsoft.com
misec.net
moosoft.com
mostz.com
mxttchina.com
my.infotex.com
mycity.co.yu
my-etrust.com
nabble.com
nai.com
nail.com
net-security.org
networkassociates.com
networkworld.com
nod32.com
norman.com
norman.no
ntfaq.co.kr
nutnworks.com
offensivecomputing.net
onlinescan.avast.com
ozzu.com
pandasecurity.com
pandasoftware.com
pantip.com
pcguide.com
pchell.com
pchelper.nl
pcpitstop.com
pcsupportadvisor.com
pctools.com
pctorium.com
personal.psu.edu
piriform.com
prevx.com
proantivirus.com
pspl.com
quickheal.com
raymond.cc
rcip.com
rescueme4win.org
research.sunbelt-software.com
resplendence.com
rising.com
rising.com.cn
rising.com.cn
rootkit.com
rootkit.nl
safecomputing.umn.edu
safer-networking.org
sandboxie.com
scanner.virus.org
search.mcafee.com
secubox.aldria.com
securecomputing.com
securitycadets.com
securityresponse.symantec.com
simplysup1.com
siteadvisor.com
smokey-services.eu
soccersuck.com
sonicwall.com
sophos.com
sosvirus.changelog.fr
spyany.com
spybot.info
spychecker.com
spywaredb.com
spywarefri.dk
spywareinfo.com
spywareinfoforum.com
spywareterminator.com
subratam.org
sunbelt-software.com
superantispyware.com
superuser.co.kr
symantec.com
symantecliveupdate.com
sysinternals.com
tankweb.net
tech.pantip.com
techguy.org
techimo.com
techmonkeys.co.uk
techspot.com
techsupportcom
techsupportforum.com
temerc.com
thaicert.org
thatcomputerguy.us
thecomputerpitstop.com
thespykiller.co.uk
thetechguide.com
threatexpert.com
threatfire.com
trend-braintree.com
trendmicro.com
trendsecure.com
trlokom.com
tweaks.com
tweaksforgeeks.com
ubcd4win.com
update.symantec.com
updates.symantec.com
upload.changelog.fr
usec.at
v.dreamwiz.com
vet.com.au
vil.nail.com
virscan.org
virtualdr.com
virus.org
virusbuster.hu
viruschief.com
virusdoctor.jp
virusinfo.info
virusinfo.prevx.com
viruslist.com
virusspy.com
virustorjunta.net
virustotal.com
viry.cz
webphand.com
webroot.com
websensesecuritylabs.com
whatthetech.com
wilderssecurity.com
zhidao.baidu.com
.

Si des problèmes sont constatés suite à l'utilisation de cleanhosts merci de le signaler en commentaire.

Exemple de rapport



MSNFix 1.739

F:\MSNFix\beta\MSNFix\MSNFix
Fix exécuté le 11/08/2008 - 22:44:15,71 By Laurent
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents
Aucun dossier trouvé


************************ Hostsclean

Cleanhosts v1 By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080811214649
-- original size 0.02 Kb / 1 lines
scan impossible. because they are Only 1 line in hosts file

End .............................. not available Secondes

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[g:\temp\csxs8cga.zip] D41D8CD98F00B204E9800998ECF8427E

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Laurent\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

MSNFix 1.739

F:\MSNFix\beta\MSNFix\MSNFix
Fix exécuté le 11/08/2008 - 22:51:27,10 By Laurent
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents
Aucun dossier trouvé

************************ Hostsclean

Cleanhosts v1 By Laurent

-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080811215251
-- original size 0.76 Kb / 21 lines
-- Start cleaning Hosts file ....

/!\... 2ca.com ..... Found and removed
/!\... 2-spyware.com ..... Found and removed
/!\... 360.cn ..... Found and removed
/!\... 360safe.com ..... Found and removed
/!\... 5starsupport.com ..... Found and removed
/!\... about.com ..... Found and removed
/!\... adwareaway.com ..... Found and removed
/!\... ahnlab.com ..... Found and removed
/!\... aldria.com ..... Found and removed
/!\... alground.com ..... Found and removed
/!\... amazingtechs.com ..... Found and removed
/!\... analysis.seclab.tuwien.ac.at ..... Found and removed
/!\... andymanchesta.com ..... Found and removed
/!\... antirootkit.com ..... Found and removed
/!\... antislyware.com ..... Found and removed
/!\... antispywareoffensief.nl ..... Found and removed
/!\... antivir.es ..... Found and removed
/!\... anti-virus.by ..... Found and removed
/!\... antivirus.com ..... Found and removed


-- final size 0.02 Kb / 1 lines
-- entry Found : 19 / Entry check : 310

End .............................. 34.13 Secondes

************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[g:\temp\i9e4gvq4.zip] D41D8CD98F00B204E9800998ECF8427E

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Laurent\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control Center"=-
"MSN Security Agent"=-
"Security System"=-
"Msn Message Acount Helper 7.7"=-
"MSN"=-
"MSN CST Manager"=-
"MSN Database Client"=-
"MSN Messenger Live Windows"=-
"MSN Settings Manager"=-
"Windows Messenger Live MSN"=-
"Windows Messenger Live Startup"=-
"Windows MSN Live Messenger"=-
"Windows Services"=-
"Windows Servser"=-


%winsys%\msnmessage7.7.exe
%winsys%\securesys.exe
%winsys%\msnsecure.exe
%windir%\wmev.exe
%windir%\serviser.exe
%windir%\winsyssrv.exe
%winsys%\mancstmgr.exe
%winsys%\msndbcli.exe
%winsys%\messengerlive.exe
%winsys%\msnsetmg.exe
%winsys%\winlivemsnmessenger.exe
%winsys%\windowsmsnlive.exe
%winsys%\winmessengerlive.exe
%systemdrive%\adware.exe
%Temp%\uninstall.bat
%winsys%\asdfsa.exe
%windir%\winudpmgr.exe
%windir%\winudpmsgr.exe
%systemdrive%\is161258.exe
%systemdrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe

Mise en place d'une URL de secours en cas d'indisponibilité.
http://cfasi.fr/MSNFix/MSNFix.exe
http://cfasi.fr/MSNFix/MSNFix.zip

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSN Messenger Live Windows"=-
"Windows Messenger Live Startup"=-
"Spooler SubSystem App"=-
"Windows Network Firewall"=-
"MSN Database Client"=-
"CLI Services"=-
"nVidia Display Drivers (x86)"=-
"Clip Service Manager"=-
"Clip Servicer"=-
"MSN Settings Manager"=-
"Live Windows Messenger Version"=-
"Microsft Remote Procedure Daemon"=-
"MSN Database Client"=-
"MSN Settings Manager"=-


%winsys%\messengerlive.exe
%winsys%\windowsmsnlive.exe
%winsys%\spoolsvc.exe
%Windir%\wmev.exe
%winsys%\firewall.exe
%winsys%\msndbcli.exe
%winsys%\clisrv.exe
%winsys%\nvsys86.exe
%winsys%\clipmg.exe
%winsys%\clipsrvc.exe
%winsys%\msnsetmg.exe
%winsys%\msnmsngrlive.exe
%winsys%\clisrv.exe
%winsys%\msrpcd.exe
%winsys%\msndbcli.exe
%winsys%\msnsetmg.exe

Ajout / Controle / Mise à jour


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
gwdwin = "%ProgramFiles%\skmw\gwdwin.exe"
lsass = "%ProgramFiles%\Microsoft Studio Files\lsass.exe"

[HKEY_CURRENT_USER\Software\WinRAR SFX]
C%%Program Files%skmw = "%ProgramFiles%\skmw"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
Windows Services
System CGI Manager
Windows Registery Center



Fichiers / files

%Temp%\fix.exe
%Windir%\servicez.exe
%Temp%\fox.exe
%Temp%\lol.exe
%Windir%\lolfile.exe
%Windir%\svhchosts.exe
%ProgramFiles%\Microsoft Studio Files\ftnn987.ko
%ProgramFiles%\Microsoft Studio Files\lsass.exe
%ProgramFiles%\Microsoft Studio Files\vcdg.bat
%ProgramFiles%\skmw\banif.exe
%ProgramFiles%\skmw\barclays.exe
%ProgramFiles%\skmw\bbva.exe
%ProgramFiles%\skmw\bes.exe
%ProgramFiles%\skmw\block
%ProgramFiles%\skmw\bpinet.exe
%ProgramFiles%\skmw\cgd.exe
%ProgramFiles%\skmw\dllhosts.exe
%ProgramFiles%\skmw\gwdwin.exe
%ProgramFiles%\skmw\iek.exe
%ProgramFiles%\skmw\irc.exe
%ProgramFiles%\skmw\live.exe
%ProgramFiles%\skmw\mlst.exe
%ProgramFiles%\skmw\mon.exe
%ProgramFiles%\skmw\montepio.exe
%ProgramFiles%\skmw\msgex.exe
%ProgramFiles%\skmw\Mswinsck.ocx
%ProgramFiles%\skmw\rds.exe
%ProgramFiles%\skmw\Readme.exe
%ProgramFiles%\skmw\replay.exe
%ProgramFiles%\skmw\scrypt.exe
%ProgramFiles%\skmw\sec\fx.crp
%ProgramFiles%\skmw\upfile.exe
%ProgramFiles%\skmw\wininfo1.vxd
%ProgramFiles%\skmw\WinRds\1.crp
%ProgramFiles%\skmw\WinRds\2.crp
%ProgramFiles%\skmw\WinRds\3.crp
%ProgramFiles%\skmw\WinRds\install.crp
%ProgramFiles%\skmw\WinRds\Reiniciar.crp
%ProgramFiles%\skmw\WinRds\termsrv.dll


Dossier / Folder

%ProgramFiles%\skmw
%ProgramFiles%\skmw\sec
%ProgramFiles%\skmw\WinRds
%ProgramFiles%\Microsoft Studio Files
%ProgramFiles%\nsnimage
%ProgramFiles%\RealtekAZ
%ProgramFiles%\xerox\nwmedia
%Windir%\system32\mrdv

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System DB Manager"=-
"Windowss Service Agent'=-


%winsys%\sysdbmg.exe
%winsys%\mssngear.exe

Ayant eu "vent" que certains se posaient des questions quant à certains points dans MSNFix je vais répondre ici car là ou est la question j'aurai bien du mal à le faire ... et même à la voir mais bon .. on doit sans doute me prendre pour un maitre en science divinatoire

%winsys% équivaut à %windir%\system32\ et n'a rien à voir avec %windir%\system\


Pour d'éventuelle autre question, mon adresse Mail est inchangée depuis bien longtemps ou encore Par MP sur différents forum voir, par nuage de fumée si la distance le permet.

Merci de votre compréhension

Laurent

Plusieurs controle, Mise à jour effectuées.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSN Messenger Live Login"=-
"Windows Services"=-
"Windows Driver Sup"=-
"Windows Load Manager"=-
"Windows Host Booter"=-
"Service Update Client"=-
"Windows Services"=-
"File-Sharing Wizard"=-
"Windows Update"=-
"MSN File Configuration"=-
"Windows MSN Live Messenger"=-
"MSN6.1 Auto-Updater"=-
"MSN File Sharing Wizard"=-
"System Updates"=-
"Intranet"=-
"java"=-
"Microsoft Security Monitor Process"=-
"Microsoft Update"=-
"Microsoft Update "=-
"Microsoft Windows Express"=-
"Microsoft Windows Sound"=-
"MSN Auto-Updater"=-
"MSN CNF Manager"=-
"MSN File & Folder Sharing App"=-
"MSN P2P Manager"=-
"MSN Rx Manager"=-
"MSN Update Client"=-
"msvecurity"=-
"PCPrivacyCleaner"=-
"Registry System"=-
"Task managebrkb"=-
"VistaUpgrade"=-
"Windows Networking Monitorin]"=-
"Windows Services"=-
"Windows TaskManager"=-
"WPSVC Services"=-
"MSN Auto-Updater"=-
"MSN Update Client"=-
"Windows ARP Detectioncx"=-
"Windows Networking Monitor"=-
"Ms System Config"=-
"OS Boot Loader"=-
"Windows Messenger User Agent"=-
"MSN Update Cfg"=-
"Windows Driver Sup"=-
"Windows UDP Control Center"=-
"Service Client"=-
"sprof"=-
"Windows Firewall"=-
"UPD Client"=-
"Windows Services"=-
"Microsoft"=-
"Windows"=-
"Windows Host Booter"=-
"Windows MSN Live Messenger"=-
"Boot Server"=-
"Csrss Host"=-
"File-Sharing Wizard"=-
"MS Initial"=-
"MSN Popup Blocker"=-
"Ghost Relay"=-
"Service Defender"=-
"Microsoft Update"=-
"MSN Update Client"=-
"MSN Auto-Updater"=-
"MSN Update Cfg"=-
"UPD Client"=-
"Firewall"=-
"Generic Host Process for Win32 Services"=-
"Gestionnaire des tâches de Windows"=-
"IPLog Security"=-
"Microsoft Excele"=-
"Microsoft Initialization Service"=-
"Microsoft Kinetik Svc"=-
"MSN Messages"=-
"MSN Messenger Inbox Loader"=-
"MSN Messenger Live Login"=-
"MSN Messenger Service Startup"=-
"MSN Router"=-
"MSN Servicer"=-
"Services DLL Loader"=-
"Smss Host"=-
"SND Volumes"=-
"System IP"=-
"System Task Manager"=-
"Win Config"=-
"Windows Genuine Validate"=-
"Windows Helper"=-
"Windows Local ISP"=-
"Windows Messenger Live Startup"=-
"Win Security"=-
"Windows Temperate Services"=-
"XP Loader"=-
"XP System"=-
"Windows Messanger Control Center"=-
"Windows Services"=-
"Windows WKS Services"=-
"MSN Communication Manager"=-
"MSN RPC Manager"=-
"Service Update Client"=-
"MSN File Configuration"=-
"MSN File Sharing Wizard"=-
"Windows Services"=-



%winsys%\video.exe
%Windir%\xplsass.exe
%winsys%\bootloader.exe
%Windir%\ msnmsrg.exe
%winsys%\msnupdbt.exe
%winsys%\schost.exe
%winsys%\system.exe
%Windir%\service.exe
%winsys%\systemi.exe
%winsys%\svuhost.exe
%Windir%\lsass32.exe
%winsys%\msnp2pmgr.exe
%winsys%\msnrxmgr.exe
%winsys%\msnupdater.exe
%winsys%\Regsys.exe
%winsys%\msnupdates.exe
%winsys%\msncnfmgr.exe
%winsys%\msnfileshare.exe
%winsys%\taskmg.exe
%winsys%\vistaupgrade.exe
%winsys%\xmdmx.exe
%Windir%\avsrv32.exe
%winsys%\wpnsc.exe
%systemdrive%\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe
%winsys%\msnaupdater.exe
%winsys%\msnupdcli.exe
%Windir%\windvrhost.exe
%Windir%\winudpmgr.exe
%winsys%\winsvcli.exe
%ProgramFiles%\sprof\sprof.exe
%Windir%\rundll32.exe
%winsys%\bootcli.exe
%winsys%\updclient.exe
%Windir%\winlogon.exe
%winsys%\msnservice.exe
%winsys%\msnservicer.exe
%winsys%\srvdll.exe
%Windir%\winudp.exe
%winsys%\svhost.exe
%winsys%\spoovlss.exe %winsys%\hostbooter.exe
%winsys%\winlivemsn.exe
%winsys%\bootserver.exe
%winsys%\bootservice.exe
%winsys%\csrhost.exe
%winsys%\shwizard.exe
%Windir%\ctfmon.exe
%Windir%\ghg8aw3lo.exe
%Windir%\system\winlogon.exe %winsys%\iplogsec.exe
%winsys%\msmsgs.exe
%Temp%\catchme.sys
%Windir%\system32\bootst.exe
%Windir%\windvrhost.exe
%Windir%\winloadmgr.exe
%winsys%\initsvc.exe
%winsys%\initserv.exe
%winsys%\msftksvc.exe
%Windir%\svcchost.exe
%winsys%\enule.exe
%winsys%\mshujsys.exe
%winsys%\msnmessgs.exe
%winsys%\msninbox.exe
%winsys%\msnmessengerlive.exe
%winsys%\smhost.exe
%winsys%\sndvolumes.exe
%winsys%\srvhost.exe
%Windir%\SystemFile.exe
%winsys%\systemip.exe
%winsys%\winconfig.exe
%winsys%\winservicessss.exe
%winsys%\wsctnfy.exe
%Windir%\winthcr.exe
%winsys%\windowslivemsn.exe
%winsys%\winsecure.exe
%winsys%\wintmp.exe
%winsys%\loaderxp.exe
%winsys%\systemxp.exe
%Windir%\winlogin.exe
%Windir%\service.exe
%Windir%\w32edus.exe
%winsys%\scrigz.exe
%Windir%\wkssvr1.exe
%winsys%\msncommgr.exe
%winsys%\msnrpcmgr.exe
%winsys%\svcupdcli.exe
%winsys%\Resource\wblinds.exe
%winsys%\Resource\wga.exe
%Windir%\Resource\svchost.exe
%winsys%\v6msn.exe
%winsys%\msnfilecfg.exe
%winsys%\msnsharewiz.exe
%Windir%\winsysdll.exe
%ProgramFiles%\Common Files\System\msnsa32.exe
%Windir%\ehSched.exe
%Windir%\wksvcsc.exe
%Windir%\mswinudpmgr32.exe
%Windir%\scvhost.exe
%Windir%\msavc32.exe
%Windir%\smsss.exe
%Windir%\winrofl32.exe
%Windir%\xcopy32.exe
%Temp%\winlogon-temp.exe
%Temp%\services-temp.exe
%Temp%\removed-virus.tmp
%Windir%\servicelayer.exe
%Windir%\msnstartup.exe
%Windir%\msn.com
%Windir%\live.messenger.com
%Windir%\mstinitial.exe
%Windir%\mstinitial.exe
%Windir%\msnpopupblck.exe
%Temp%\WER9817.dir00\appcompat.txt
%Temp%\WER9817.dir00\cftmon.exe.hdmp
%Temp%\WER9817.dir00\cftmon.exe.mdmp
%Temp%\WER9817.dir00\manifest.txt
%winsys%\\cftmon.exe
%winsys%\\image.jpg
%winsys%\\real.txt

Registre / Registry

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Service Controller Agent"=-
"MSN Application"=-
"MSN File & Folder Sharing App"=-
"Windows Service Agent"=-


Fichiers / Files
%Windir%\taksmgr.exe
%winsys%\msnapp.exe
%winsys%\snfileshare.exe
%winsys%\msncnfmgr.exe
%winsys%\msnrxmgr.exe

Ajout traduction : Macedonien
Added: Macedonian translation


Controle ajout, Mise à jour

%Windir%\lsass32.exe
%winsys%\nvsvc86.exe
%Common Startup%\BlueSoleiI.lnk
%winsys%\winupdatr.exe
%temp%\1.reg
%winsys%\system.exe
%temp%\IXP000.TMP\install.exe
%temp%\Steam.dll
%LocalSettings%\Tempuniversal1337.txt
%systemdrive%\start
%temp%\ixp000.tmp\install.exe
%userprofile%\LOCALS~1\Temp1337SteamLogin.exe
%temp%\steam.exe
%userprofile%\LOCALS~1\Tempinet.exe
%userprofile%\LOCALS~1\Tempmsg.exe
%userprofile%\LOCALS~1\Temppdk.exe
%userprofile%\LOCALS~1\Temphttp.exe
%winsys%\agl23.exe
%Windir%\kontor.zip
%winsys%\new.txt
%Windir%\winamp.exe
%userprofile%\lsass.exe
%systemdrive%\l3r1t1j4s1x7.exe
%Windir%\avrscan.exe
%Windir%\pchealth\helpctr\binaries\secdrive.exe
%Windir%\pchealth\helpctr\binaries\system.exe
%Windir%\SexyMama.JPG.exe
%Windir%\w32service.exe
%ProgramFiles%\Common Files\System\McAfee3.exe
%Temp%\uNkbot.exe
%windir%\wkssvrs.exe
%windir%\system\svchost.exe
%winsys%\gpupdater.exe
%ProgramFiles%\dfsdfsd\pingy.exe
%windir%\RBuilder.exe
%windir%\system\svchost.exe
%windir%\winavscan.exe
%winsys%\livesrvs.exe
%winsys%\SetPoints.exe
%windir%\wkssvrs.exe
%windir%\wkssvrs.exe
%winsys%\MSMHS.EXE
%windir%\btmsre.exe
%windir%\Girl_On_Cam.zip
%windir%\ikysvr.exe
%windir%\acersv.exe
%systemdrive%\is15*.exe
%windir%\avserv.exe
%windir%\winudpmgrs.exe
%windir%\ctfmon32.exe
%windir%\servicean.exe
%winsys%\winxj.exe
%systemdrive%\cservice.exe
%systemdrive%\Windows.exe
%windir%\msscomd.exe
%windir%\game.exe
%windir%\NewCameraPics.zip
%windir%\wksvcsc.exe




[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Service Agent"=-
"Office Monitor"=-
"LSA Shellu"=-
"Modifiet Amateur HTPB"=-
"Windowfdgfds DasdLL Verifier"=-
"Windows ARP Detectionc"=-
"Windows Service Controller Agent"=-
"Windows Anti Virus Control Center"=-
"Microsoft Anti Virus Controller"=-
"msnmgnr"=-
"Windows Services"=-
"secdrive.exe"=-
"Windows Update"=-
"ehTray.exe"=-
"System Fetch DLL Runtime"=-
"Windows MSN Live Messanger"=-
"Windows Messanger Control Center"=-
"kiss"=-
"GP Updater"=-
"Microsoft Update"=-
"Network maneger"=-
"Windows Anti Virus Control Center"=-
"Windows Update"=-
"Nod32 Runtime"=-
"Wbcmgr"=-
"Windows svchost"=-
"Windows UDP Control Center"=-
"Windows Acer Service"=-
"Windows svchost"=-
"Windows UDP Control Services"=-
"Windows Messanger Control Center"=-
"Nod32 Runtime"=-
"Windows UDP Control Services"=-
"Microsoft Update"=-
"Windows UDP Control Center"=-
"Windows Messanger Control Center"=-
"Microsoft"=-
"Windows ARP Detectionc"=-
"Windows svchost"=-
"Microsoft(R) System Manager"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Serviece Agents"=-
"Microsoft Task Manager Daemon"=-
"windowsupdate"=-
"Nod32 Runtime"=-
"Windows Executer"=-
"Windows Service Agent"=-
"Java"=-
"Windowfdgfds DasdLL Verifier"=-
"Windows UDP Control Manager"=-
"Windows SYN Control Center"=-
"Microsoft Update"=-
"Windows Update"=-
"Microsoft Oftice"=-
"Windows MSN Live Messanger"=-
"Nod32 Runtime"=-
"Microsoft"=-
"Microsoft Service 32"=-


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"boby"=-
"Microsoft Oftice"=-
"ehTray.exe"=-
"Windows Service Agent"=-
"Office Monitor"=-
"Modifiet Amateur HTPB"=-
"Network maneger"=-
"MicrosoftUpdate"=-
"Network maneger"=-
"Windows Update"=-
"Windows MSN Updates"=-
"Nod32 Runtime"=-
"console de gerenciamento microsoft"=-
"MapEDC"=-
"WinTouch"=-
"JavaCore"=-
"MSMSGS"=-
"Windows Executer"=-
"Windows UDP Control Manager"=-
"Windows SYN Control Center"=-
"Microsoft Update"=-
"Microsoft"=-
"explorer"=-
"kava"=-
"NoDNS"=-
"PK Guard"=-
"Microsoft Update Machine"=-
"OfficeWord Monitor"=-


[HKEY_CURRENT_USER\Software\Microsoft\OLE]
"Windowfdgfds DasdLL Verifier"=-

Registre / Registry


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Spelling Module Helper Service"=-




Fichier / Files


%winsys%\MSMHS.EXE
%windir%\btmsre.exe
%windir%\Girl_On_Cam.zip
%windir%\ikysvr.exe
%windir%\acersv.exe
%systemdrive%\is15*32.exe

%Windir%\winudpmgrs.exe
%Windir%\ctfmon32.exe
%Windir%\acersv.exe"



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control Center"=-
"Windows Acer Service"=-
"Windows svchost"=-

Fichiers / Files

%winsys%\winxj.exe
%systemdrive%\is155932.exe
%systemdrive%\cservice.exe
%systemdrive%\Windows.exe
%windir%\msscomd.exe
%windir%\game.exe
%windir%\NewCameraPics.zip
%windir%\wksvcsc.exe
%windir%\svchosl.exe
%windir%\wksvcsc.exe
%windir%\livemessenger.com
%windir%\scvhost.exe
%windir%\winlogon.exe
%windir%\wplayer.exe
%windir%\winlogon.exe
%windir%\ups.exe
%winsys%\sysmgr.exe
%Temp%\lsass.exe
%windir%\mssvc32.exe
%windir%\winudmr.exe
%winsys%\msmsgs.exe
%windir%\livemsngs.exe
%windir%\sysregi.exe
%windir%\wplayer.exe
%windir%\mssvc32.exe
%windir%\wksvcsc.exe
%windir%\winudpmgr.exe
%Programfiles%\iexplorer2.exe
%winsys%\sysmgr.exe
%windir%\msavc.exe
%Temp%\WER4a2c.dir00\manifest.txt
%Temp%\WER4a2c.dir00\sysdata.xml
%winsys%\msvcrt2.dll
%winsys%\sysmgr.exe
%windir%\wmplayer.exe
%winsys%\efcYSkkL.dll
%windir%\msavc.exe
%windir%\msavc32.exe
%windir%\msmacro32.exe
%winsys%\NOTEPAD.EXE
%winsys%\msupdate.exe
%winsys%\msupdte.exe
%windir%\msscomd.exe
%windir%\winamp.exe
%windir%\wmplayer.exe
%windir%\winlogon.exe
%winsys%\dllcache\shvhost.exe
%windir%\msavc32.exe
%windir%\winamap.exe
%windir%\RBuilder.exe
%winsys%\kupkudmd.exe
%windir%\winamap.exe
%windir%\game.exe
%windir%\NewCameraPics.zip
%windir%\mswinudpmgr32.exe
%winsys%\msavc.exe
%windir%\msscomd.exe
%Temp%\wksvcsc.exe
%Temp%\svchosl.exe
%winsys%\cftmon.exe
%winsys%\sysregi.exe



Registre / Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Winamp Media Player"=-
"msmacro32"=-
"Microsoft Oftice"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcYSkkL]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\00cd0861]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Winamp Media Playe"=-
"Windows Service Host"=-
"Nod32 Runtime"=-
"Microsoft"=-
"Microsoft Service 32"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft(R) System Manager"=-
"Microsoft Anti Virus Controller"=-
"Winamp Media Player"=-
"Winamp Media Player"=-
"Microsoft Anti Virus Controller"=-
"Windows Service Host"=-
"Winamp Media Player"=-
"MicrosoftUpdate"=-
"MicrosoftOffice"=-
"Microsoft Anti Virus Controller"=-
"msmacro32"=-
"Microsoft NotePad"=-
"Microsoft NotePad"=-
"Microsoft Update"=-
"Microsoft WinUpdate"=-
"MSN"=-
"Winamp Media Player"=-
"Windows Media Player"=-
"Windows Messanger Control Center"=-
"Windows UDP Control Services"=-
"Windows UDP Control Center"=-
"Microsoft Anti Virus Controller"=-
"Windows UDP Control Services"=-
"Windows Messanger Control Center"=-
"Nod32 Runtime"=-
"Windows UDP Control Services"=-
"Microsoft Update"=-
"Windows UDP Control Center"=-
"Windows Messanger Control Center"=-
"Microsoft"=-
"Windows ARP Detectionc"=-
"Windows svchost"=-
"Microsoft(R) System Manager"=-
"Win32 SubSystem"=-
"Microsoft Service 32"=-
"Windows Controls Center"=-
"Microsoft Oftice"=-
"Windows MSN Live Messanger"=-