Infecté par win 32 adan 074 et 094
klyde
-
klyde -
klyde -
bonjour a tous!!
voila j'ai un tres gros souci avec un adwere du nom de "win 32 adan-074 et 094" malgré plusieurs tentative avec ad-aware ,spy bot etc..... le adwere n'a toujours pas ete eradiqué de mon pc.... ça commence vraiment a me gonfler cette histoire y'a t'il quelqu' un pour m'aider svp.....????? avast s'affole et plante pendant le scan ..ewido pareil et tous les antispyware sité plus haut aussi ...et pour couronner le tout mon pc rame comme un fou...la totale quoi :(
(c'est avast qui l'a detecté le premier )
"http://85.255.117.124/users/rainy/web/images/two.jpgWin32:Adan-094 ( ou 074) [Adw]" est indiqué a chaque foi en bas de mon ecran ....
voici le rapport highjack:
Logfile of HijackThis v1.99.1
Scan saved at 22:27:08, on 2006-07-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
E:\alien ware\alien decompress dark star\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eoRezo\EoEngine.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\qttask.exe
E:\wiin mp\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\crimecam\espion 2004\Wspn\wspn.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
D:\Program Files\TribalWeb.net\tribalweb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnsympatico.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\wiin mp\Winamp\winampa.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Wspn] E:\crimecam\espion 2004\Wspn\wspn.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [pknvg.exe] C:\WINDOWS\System32\pknvg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: TribalWeb.net.lnk = D:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Dalila.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{152C6743-444C-4FB9-B121-0F263910CECB}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E68DF28-0999-4D10-9F0A-AE8D0F0BB466}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{5640549E-3D0B-4CD1-B71B-6F6CA61AA170}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF79E337-0390-423F-B8F8-B75C6AF9D5DE}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - E:\alien ware\alien decompress dark star\AlienGUIse\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
merci d'avance a++
voila j'ai un tres gros souci avec un adwere du nom de "win 32 adan-074 et 094" malgré plusieurs tentative avec ad-aware ,spy bot etc..... le adwere n'a toujours pas ete eradiqué de mon pc.... ça commence vraiment a me gonfler cette histoire y'a t'il quelqu' un pour m'aider svp.....????? avast s'affole et plante pendant le scan ..ewido pareil et tous les antispyware sité plus haut aussi ...et pour couronner le tout mon pc rame comme un fou...la totale quoi :(
(c'est avast qui l'a detecté le premier )
"http://85.255.117.124/users/rainy/web/images/two.jpgWin32:Adan-094 ( ou 074) [Adw]" est indiqué a chaque foi en bas de mon ecran ....
voici le rapport highjack:
Logfile of HijackThis v1.99.1
Scan saved at 22:27:08, on 2006-07-22
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
E:\alien ware\alien decompress dark star\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eoRezo\EoEngine.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
D:\qttask.exe
E:\wiin mp\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\crimecam\espion 2004\Wspn\wspn.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
D:\Program Files\TribalWeb.net\tribalweb.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnsympatico.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\wiin mp\Winamp\winampa.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Wspn] E:\crimecam\espion 2004\Wspn\wspn.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [pknvg.exe] C:\WINDOWS\System32\pknvg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
O4 - Startup: TribalWeb.net.lnk = D:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Dalila.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{152C6743-444C-4FB9-B121-0F263910CECB}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E68DF28-0999-4D10-9F0A-AE8D0F0BB466}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{5640549E-3D0B-4CD1-B71B-6F6CA61AA170}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF79E337-0390-423F-B8F8-B75C6AF9D5DE}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - E:\alien ware\alien decompress dark star\AlienGUIse\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
merci d'avance a++
A voir également:
- Infecté par win 32 adan 074 et 094
- 32 bits - Guide
- Power iso 32 bit - Télécharger - Gravure
- Win rar - Télécharger - Compression & Décompression
- Telecharger adan - Télécharger - Histoire & Religion
- Télécharger windows 7 32 bits usb - Télécharger - Systèmes d'exploitation
2 réponses
Slt,
Fais ça d'abord,
017 è NAME SERVER
Télécharge Fixwareout à partir d'un des deux sites sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix : clique sur "Next" -> "Install" et assure toi que "Run fixit" est activé puis clique sur "Finish".
Le fix va alors commencer - suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. Ensuite, lance HijackThis, puis clique sur “Do a system scan only” et coche ces lignes puis clique sur "Fix checked":
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{152C6743-444C-4FB9-B121-0F263910CECB}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E68DF28-0999-4D10-9F0A-AE8D0F0BB466}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{5640549E-3D0B-4CD1-B71B-6F6CA61AA170}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF79E337-0390-423F-B8F8-B75C6AF9D5DE}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
…/…
À la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
Au final, copie/colle le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis.
A++
Fais ça d'abord,
017 è NAME SERVER
Télécharge Fixwareout à partir d'un des deux sites sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix : clique sur "Next" -> "Install" et assure toi que "Run fixit" est activé puis clique sur "Finish".
Le fix va alors commencer - suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Quand ton système aura redémarré, suis les invites des messages. Ensuite, lance HijackThis, puis clique sur “Do a system scan only” et coche ces lignes puis clique sur "Fix checked":
O17 - HKLM\System\CCS\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{152C6743-444C-4FB9-B121-0F263910CECB}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E68DF28-0999-4D10-9F0A-AE8D0F0BB466}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{5640549E-3D0B-4CD1-B71B-6F6CA61AA170}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF79E337-0390-423F-B8F8-B75C6AF9D5DE}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS1\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
O17 - HKLM\System\CS2\Services\Tcpip\..\{05BF4A7D-6832-4DD3-8B4A-BA1F9C433346}: NameServer = 85.255.116.131,85.255.112.165
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.131 85.255.112.165
…/…
À la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.
Au final, copie/colle le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis.
A++
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D9F7BCD35C9-684B-0DF4-24F7-70C465C4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A84824E266A-FC19-4C24-B46E-050EE576{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4E0768615B9B-534B-0924-9E14-E0DA291D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1D24188AD738-5279-2BA4-B113-5F7AD43F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B4D0FCCCACC4-118A-B5F4-70E7-EA4AA390{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}30D3C8A5B841-A069-9244-629C-6E832197{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A82EF11E4F7E-F3DA-F904-384D-C0E30C28{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}12983DC11B64-8169-2E24-D39E-1A819178{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A3794E095EE8-EACB-5BE4-7013-1ABD3E69{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA3E29B0F1E0-D36B-28D4-24B4-8F9D00FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}036CF749C0AD-8F6A-F144-E9AA-4F723786{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}971DDC3AA797-E87B-E354-2811-24846C54{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC075DF78669-458B-A3A4-6B3A-1EDEB64A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CB4EBC1CC759-1F4B-64D4-D492-82111C47{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC49C5BB634E-EEB8-19A4-080A-5DC8681C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6AFC97E3CCA3-4E5A-2DC4-4B15-909B79E9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AFB1A1FB4A83-EC79-0264-8DE4-B50465F2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D030DBB31CA3-49FB-35B4-4B65-887C2BAD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F0236BF1016-56CB-2AC4-234E-79742CCA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F1B8526D346-BAFA-65F4-0DE4-7FD22D70{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}118E4E00EA15-DA4A-48B4-3884-4A4FB124{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3D34DE5CDF89-700B-B544-A009-C6D3407E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F291CF7B0C69-F878-DCB4-C03E-2D31A8FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8DFF2F593364-942A-1B34-692E-EB6ABCA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0264D624B99-CCA8-8574-C7C4-CAD1C9AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F4E550E6A80B-EACA-1CA4-E415-9F98003C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1599C5737DD7-7BC9-B1E4-1DF3-549DAFCB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2392A9CEE5C6-4688-2014-C600-A429F60E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}02C1922CBB72-4648-A104-866F-B91B629B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9FB35FB01131-CC88-44B4-EEA3-73666665{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AEB2B7E4FE13-5D79-EAC4-B73D-14A06819{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}98380F43B61B-27FA-ED04-3CC0-572AD52D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FD755159329-E82A-5E44-6CAB-2DEF6B14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A271B29679AE-BE39-06C4-E64F-B47C86EE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AE4DBAD5B1D3-B36A-9BE4-A92F-1DCABFAC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7F1CE68202D5-BF1A-73F4-7D76-3FC127A1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1FFB62719D16-AD98-8024-3628-61FFD0FB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF8610A4960C-BB88-8514-BF20-23B32272{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EA180E4DE053-DBEB-4784-4C9E-A0C7B645{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2AC97DB0EDF8-0FEA-C544-F327-CF5CCEDC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF13091EB6F9-A158-7BF4-0589-D6D1CA1D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9DC8A79D9BD1-09CB-3584-9029-0A56C5EF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3158980BE028-FF7B-80E4-73D3-BC841471{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6900D3A9A0D7-FDF9-2DC4-A01D-D129C0F9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC1120032AD0-4F7A-D564-1107-D426E84E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}58E82804B8F5-6D1B-3BE4-4E9E-FC03D1FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}79D1D41C7955-4559-8144-3616-C1DA8DBE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1F97A201F539-533A-AB74-D08A-21CD197E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8287590400EB-B3E9-2FB4-A9E3-7EAF8C8A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C5EA8797947D-4F69-B894-97E2-3648DC14{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B6779D0F961-6F09-84E4-49FE-690469CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C317F8D8D37-D518-03D4-3054-CD152417{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42939585B511-93A8-5C14-D563-54C78E81{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A60438072A6-E679-D1A4-7CB9-780760EA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A7CF585E1A6B-BFC8-0424-D2FA-7326E5E2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A800EE956684-237A-3644-626E-941E56AB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CDE7DC4A021E-19FB-0054-A2DA-F2F752C9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D87E92053DE7-87B8-F5E4-EEDD-7AE6FC4E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E79AED50DF60-5AA9-8714-C318-63E71027{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C17400F6B057-571A-F894-1FF1-2C19E910{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A46E4F1B82F1-4E0A-1024-AFFD-5F1DAA0B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}040CF301F6EB-101B-C274-1A86-0BA85869{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D356BD8983C8-57FA-EFC4-90A2-3A5A6484{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8F9CDB76F17-405B-0814-A106-BD671927{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A37A5B9A78E4-C979-FE64-14A3-02DABF43{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F447768458A-0EAA-3F84-D80D-10A66640{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F67D2843971C-B29A-FC24-257C-DF073E37{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4F407F0B27AB-E078-AAE4-C32D-D6194D44{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B080A7E1D502-7B5A-86B4-ACB0-5A3D5EDE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}544A71525D4C-9008-8B34-2447-6AA4F393{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}890A791708A6-592A-6994-DE5A-A2FCF235{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4BC7E5C93F9C-7368-BAF4-7D64-B0A96237{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44D5B3A20936-ADDA-1594-A211-DE111B6F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C15BFEBAA7FB-B44B-0264-7D5B-40037CC6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3B56BA4BAEB-42F9-11C4-8958-03AA9836{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8F73230A16CE-EACA-6354-EB05-586E10C7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7538A124D699-705A-7344-6380-70FCF883{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}616D68B89E48-7329-9304-DC62-6A3C2CB7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}553D77A252BE-268A-BE54-05C7-58051DD9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A95939D9BB60-96F8-0874-35AC-53873EA9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68A378F74C5B-F14B-8344-4398-9314CD68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}369CB08BBAA7-8BBA-3834-3F47-C8634F66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}14007F6CE8C3-FC3A-EBF4-60AA-0E12AF6E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6F3F8C7C07BF-0B3A-4CD4-E234-EA463182{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}42286D152AF3-3769-11C4-60EC-09564A57{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}09727B5DDDD1-6A9A-7B74-26C6-86C18BD9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C8519620171E-F7E9-2424-E330-BEFE3235{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}52A56122D737-B5A8-5D04-FDA5-B99C9C87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5AF0C08CADCF-9319-A0D4-20E7-B586F919{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}68A4B5FE9887-3F5A-E884-2DFB-E1353190{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}64C0B25FFBAB-782B-0194-8A62-F7665457{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}78613FB20536-262A-88E4-4170-EF27DF91{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C2D9A30CF02F-8B28-B644-708C-F119824D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92D9125A1BE6-3DD8-8B94-876E-6CD660B0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8A8131F7A138-73FB-FF14-F330-86910141{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C974E09E3420-7859-0334-C0E3-A85C0569{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3BB93D3F76AB-F32B-FB54-C661-BF1FB24D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3F689CA306BC-777A-CA14-7A22-D4B2834E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3B3FA74914D-C16B-CE54-B05D-319DE5F5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0D76E5098139-2D9B-1624-231A-1CDE3104{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48144C06DBC2-2308-EDE4-B668-2C9C3486{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6A378D48480B-49D9-B194-48FD-D39C56DA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EF69A14C04EE-D76B-D0A4-2299-72047D26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B30940E989E-6D8B-DFE4-DF52-DE82C5DE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFFE891732C4-2F1B-5C84-D8F4-279CAD3F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F065D7762250-7C0B-14C4-85DB-ED1B9895{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D8C6C6C20EE-581A-3EE4-745B-05B5FE87{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}006986A8BB9D-CF88-DD24-6401-2DE9510E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0CE795DB3CD8-C23A-E184-6ACC-D8103B75{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}11466E15B38C-55C8-3AB4-925A-0F1FE250{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}41A32D2F058C-BA4A-F604-5144-2D05D964{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B407964EC969-0919-D8C4-3FCA-FF1A4164{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4865B558D57A-A6FB-5AD4-AA4F-4BDCD51F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6322E8B680BC-B7EA-D4C4-ACD8-EE7B9740{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FF5BB056BD9C-2C6B-B444-D885-C2563339{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53727B0650F3-B7CA-5644-5C9F-58CF38DD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}797D34B94290-797B-7214-9732-24783C99{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AB0A7C728844-5799-8E04-4C92-F4AEEDCE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A678250D3BEB-5EE9-FFB4-36BB-0082BA7F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AA37D561FB49-8489-26F4-DB4D-24EAA321{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A97CEE9BA3B8-07E9-6FF4-8AD3-AE854195{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7778DBB18FF3-ED69-A094-287D-20488DAF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F8CE9A0C9C5D-778B-F7E4-C3D7-15B14761{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7FCC9F40239D-702A-A284-29AE-DE2CEB66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B0FD4E1ECD69-221B-6CB4-8DFE-94450235{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F383AE1DB714-579B-B374-EDFC-960EFF91{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1B7F5B711466-11BB-E0E4-4015-71329291{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7E66909B0D96-2A5B-05B4-88DA-AC047DA0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B4A29CBA8736-A16B-03A4-2131-C1B1182D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CC6F8BEA55E6-8749-2CC4-899B-B54EEDE5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B8E2E0C3B827-25D8-A094-CF22-3352D989{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}895FE3F6C0AB-12E9-D764-36F3-64EC770B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E62283291F60-4A29-2504-3D51-557D94A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}800A67C42CA8-AF6B-2544-CCF9-891044AD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8818F58505BD-15BB-EAC4-F071-EB0ADDCC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5C12127E68D-45B9-3E64-1BE3-99A31C04{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF26F2EC4B9E-2E09-F0F4-39F6-C280769C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E29689C808C1-BA39-7064-BFA3-8CB1045D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}17716D24238C-D7F9-4C74-2145-3AEF8EBD{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6E696D76F8BB-13B8-2B54-8F88-8AEB1BC9{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6398F084963F-669B-F4E4-9F50-ED64185D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BAD74F6F9192-2449-09D4-E611-B514961F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B6EA85DDF8AC-A248-A144-7306-D353F2B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FAD7BFEE3264-2859-24E4-4C03-2518B435{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9D0272773F39-11DB-E5B4-3971-65EC7B20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E443841D6079-C768-7EC4-CC61-6DB9D09B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7BD08B1D0E33-F169-1504-86F5-10887EB7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CCEBD3590D7B-CFFB-3894-2CE2-90D34659{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}15724B598156-CB58-F454-8238-BFFB3126{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}695422A37F1F-27EB-F454-D8AA-C7765688{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C5ACADA23105-A868-7D64-02CD-03C6450C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74247A620E52-0538-2AD4-A176-8B816CC3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F1E405B06D80-4EFB-9654-CA95-A6F042EC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}24E4D1AE62B5-2D89-2624-2050-3AABEF1B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}782A232804D5-9EB8-4874-25BF-5B65A286{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}858B7E4662CE-EB78-0124-4339-42AF0ECA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4FABC72ED7CD-4688-2E54-6040-A1F075FE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5EE306D2740F-E16B-ECB4-CB9F-C21D66FF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4AA6BBB06F95-171A-7D14-4D7C-996DA1CB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}20CAC955E5C1-FAE9-35E4-0C4C-D04262D7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C5A0DBE76733-DD99-A374-9537-564324DB{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}149CBF58576C-9CC9-6164-00E6-5803860E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE35E45682A3-39C8-9724-9811-A21F0E17{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}285D8FD5DBC7-CF88-4A94-E19B-5F3277A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}06400AB7D5CE-648B-0874-5DE8-83681662{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}48FE6E4478AC-DDBA-EB04-9A81-F83E8D95{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B6445B42AC51-659A-0704-D106-5B945D66{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}386527C442F9-B96B-A7E4-349C-5C666D34{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FD5976AAFD05-5F8B-5D64-6066-78844821{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFF7B8213E5B-28B8-4B24-05F9-A070F645{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CE283003D8A3-EEAB-6744-54C8-C4740AC6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4B9960B745B8-5D1A-63C4-8CDA-D74DD1E6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}083E503C171B-687A-DA34-410D-E7E9414F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F2E406F40F59-737A-84B4-BEF7-B0834508{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}303008D66CF4-7FBB-4314-A646-707013F8{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F87DFC9CC585-611B-8C74-6E02-F6BB097F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F3B9ABDF59FA-F429-EDC4-D282-37D8FCC5{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}59D38FA8EE5A-F368-5BF4-291A-6EC3FDD6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D594E3813DAD-1468-A8E4-C408-89CE53C1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5B01BA1C717F-9629-0734-73F1-40EDF1C0{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E222CB141778-B058-58E4-7E96-68E05162{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CDB7F62428D-1B69-53A4-1433-25318A31{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3832003ADA51-C1BA-89B4-2D16-AF01BA20{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\ywumd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3F531BE83E8-CFD8-9374-0152-4C7D24B7{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}AD5175548647-6AA8-C794-20B3-5BEFFE68{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}67E7EDD108B5-396A-1B74-4810-C281620D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}92A986CC3651-CFBB-5A84-7C8F-98CAD5A6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F45A34BE5C07-190A-2C34-C691-45F5C07A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C6E593F94C8E-C54A-E714-6BAD-74E51ED3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}82981D35F32F-D589-B5B4-703F-3FAB7C56{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0FDB5C4C4A7C-788A-CA84-E56A-E92B71F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}65F618FDE87E-7058-99D4-BE2D-89ACA93E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C3655DB5BDD4-E448-F204-4859-C94A0FFA{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}11B1C4C68DE4-DEFA-E5E4-CED9-06506744{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84CE996FB2F4-0FF9-8314-0457-DD571127{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}53417742D4EC-23F9-5E14-4FCE-D7A16DC3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4F61EC8D3FB-E43B-0294-433E-7EF3EC65{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5E65F00D0A9-BBD8-B834-A96F-D87033D2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C0F32E2C3B24-863A-D4C4-1961-B1EA77F3{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}234906323FE5-444B-8A34-0952-49BFC26E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44D8933E1E56-2E9A-8B14-BAAD-332FC274{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}79ADE3E4BB76-264B-42D4-A8FA-F49BF99E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F6F70D405D3-C34A-CC34-7D6A-28E9B211{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D66000BABCEA-8599-D044-3DCE-2B60D386{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1392D19DFCED-A6DB-8684-3B2D-D1641355{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmuwy.exe"=-
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
* csr.exe C:\WINDOWS\System32\CSSFR.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSSFR.EXE 51 261 2006-07-20
C:\WINDOWS\SYSTEM32\DMHRE.EXE 62 002 2002-08-29
C:\WINDOWS\SYSTEM32\DMUWY.EXE 62 002 2002-08-29
Other suspects
Directory of C:\WINDOWS\system32
{5531461D-D2B3-4868-BD6A-DECFD91D2931}.exe
{683D06B2-ECD3-440D-9958-AECBAB00066D}.exe
{112B9E82-A6D7-43CC-A43C-3D504D07F6F2}.exe
{E99FB94F-AF8A-4D24-B462-67BB4E3EDA97}.exe
{472CF233-DAAB-41B8-A9E2-65E1E3398D44}.exe
{E62CFB94-2590-43A8-B444-5EF323609432}.exe
{3F77AE1B-1691-4C4D-A368-42B3C2E23F0C}.exe
{2D33078D-F69A-438B-8DBB-9A0D00F56E5F}.exe
{56CE3FE7-E334-4920-B34E-BF3D8CE16F4A}.exe
{3CD61A7D-ECF4-41E5-9F32-CE4D24771435}.exe
{721175DD-7540-4138-9FF0-4F2BF699EC48}.exe
{44760560-9DEC-4E5E-AFED-4ED86C4C1B11}.exe
{AFF0A49C-9584-402F-844E-4DDB5BD5563C}.exe
{E39ACA98-D2EB-4D99-8507-E78EDF816F56}.exe
{3F17B29E-A65E-48AC-A887-C7A4C4C5BDF0}.exe
{65C7BAF3-F307-4B5B-985D-F23F53D18928}.exe
{3DE15E47-DAB6-417E-A45C-E8C49F395E6C}.exe
{A70C5F54-196C-43C2-A091-70C5EB43A54F}.exe
{6A5DAC89-F8C7-48A5-BBFC-1563CC689A29}.exe
{D026182C-0184-47B1-A693-5B801DDE7E76}.exe
{86EFFEB5-3B02-497C-8AA6-7468455715DA}.exe
{7B42D7C4-2510-4739-8DFC-8E38EB135F3D}.exe
{02AB10FA-61D2-4B98-AB1C-15ADA3002383}.exe
{13A81352-3341-4A35-96B1-D82426F7BDC1}.exe
{26150E86-69E7-4E85-850B-877141BC222E}.exe
{0C1FDE04-1F37-4370-9269-F717C1AB10B5}.exe
{1C35EC98-804C-4E8A-8641-DAD3183E495D}.exe
{6DDF3CE6-A192-4FB5-863F-A5EE8AF83D95}.exe
{5CCF8D73-282D-4CDE-924F-AF95FDBA9B3F}.exe
{F790BB6F-20E6-47C8-B116-585CC9CFD78F}.exe
{8F310707-646A-4134-BBF7-4FC66D800303}.exe
{8054380B-7FEB-4B48-A737-95F04F604E2F}.exe
{6E1DD47D-ADC8-4C36-A1D5-8B547B0699B4}.exe
{6CA0474C-8C45-4476-BAEE-3A8D300382EC}.exe
{546F070A-9F50-42B4-8B82-B5E3128B7FFE}.exe
{12844887-6606-46D5-B8F5-50DFAA6795DF}.exe
{43D666C5-C943-4E7A-B69B-9F244C725683}.exe
{66D549B5-601D-4070-A956-15CA24B5446B}.exe
{59D8E38F-18A9-40BE-ABDD-CA8744E6EF84}.exe
{26618638-8ED5-4780-B846-EC5D7BA00460}.exe
{4A7723F5-B91E-49A4-88FC-7CBD5DF8D582}.exe
{71E0F12A-1189-4279-8C93-3A28654E53EC}.exe
{E0683085-6E00-4616-9CC9-C67585FBC941}.exe
{BD423465-7359-473A-99DD-33767EBD0A5C}.exe
{7D26240D-C4C0-4E53-9EAF-1C5E559CAC02}.exe
{BC1AD699-C7D4-41D7-A171-59F60BBB6AA4}.exe
{FF66D12C-F9BC-4BCE-B61E-F0472D603EE5}.exe
{EF570F1A-0406-45E2-8864-DC7DE27CBAF4}.exe
{ACE0FA24-9334-4210-87BE-EC2664E7B858}.exe
{682A56B5-FB52-4784-8BE9-5D408232A287}.exe
{B1FEBAA3-0502-4262-98D2-5B26EA1D4E42}.exe
{CE240F6A-59AC-4569-BFE4-08D60B504E1F}.exe
{3CC618B8-671A-4DA2-8350-25E026A74247}.exe
{C0546C30-DC20-46D7-868A-50132ADACA5C}.exe
{8865677C-AA8D-454F-BE72-F1F73A224596}.exe
{6213BFFB-8328-454F-85BC-651895B42751}.exe
{95643D09-2EC2-4983-BFFC-B7D0953DBECC}.exe
{7BE78801-5F68-4051-961F-33E0D1B80DB7}.exe
{B90D9BD6-16CC-4CE7-867C-9706D148344E}.exe
{02B7CE56-1793-4B5E-BD11-93F3772720D9}.exe
{534B8152-30C4-4E42-9582-4623EEFB7DAF}.exe
{7B2F353D-6037-441A-842A-CA8FDD58AE6B}.exe
{F169415B-116E-4D90-9442-2919F6F47DAB}.exe
{D58146DE-05F9-4E4F-B966-F369480F8936}.exe
{9CB1BEA8-88F8-45B2-8B31-BB8F67D696E6}.exe
{DBE8FEA3-5412-47C4-9F7D-C83242D61771}.exe
{D5401BC8-3AFB-4607-93AB-1C808C98692E}.exe
{C967082C-6F93-4F0F-90E2-E9B4CE2F62FC}.exe
{40C13A99-3EB1-46E3-9B54-D86E72121C5F}.exe
{CCDDA0BE-170F-4CAE-BB51-DB50585F8188}.exe
{DA440198-9FCC-4452-B6FA-8AC24C76A008}.exe
{4A49D755-15D3-4052-92A4-06F19238226E}.exe
{B077CE46-3F63-467D-9E21-BA0C6F3EF598}.exe
{989D2533-22FC-490A-8D52-728B3C0E2E8B}.exe
{5EDEE45B-B998-4CC2-9478-6E55AEB8F6CC}.exe
{D2811B1C-1312-4A30-B61A-6378ABC92A4B}.exe
{0AD740CA-AD88-4B50-B5A2-69D0B90966E7}.exe
{19292317-5104-4E0E-BB11-664117B5F7B1}.exe
{19FFE069-CFDE-473B-B975-417BD1EA383F}.exe
{53205449-EFD8-4BC6-B122-96DCE1E4DF0B}.exe
{66BEC2ED-EA92-482A-A207-D93204F9CCF7}.exe
{16741B51-7D3C-4E7F-B877-D5C9C0A9EC8F}.exe
{FAD88402-D782-490A-96DE-3FF81BBD8777}.exe
{591458EA-3DA8-4FF6-9E70-8B3AB9EEC79A}.exe
{123AAE42-D4BD-4F62-9848-94BF165D73AA}.exe
{F7AB2800-BB63-4BFF-9EE5-BEB3D052876A}.exe
{ECDEEA4F-29C4-40E8-9975-448827C7A0BA}.exe
{99C38742-2379-4127-B797-09249B43D797}.exe
{DD83FC85-F9C5-4465-AC7B-3F0560B72735}.exe
{9333652C-588D-444B-B6C2-C9DB650BB5FF}.exe
{0479B7EE-8DCA-4C4D-AE7B-CB086B8E2236}.exe
{F15DCDB4-F4AA-4DA5-BF6A-A75D855B5684}.exe
{4614A1FF-ACF3-4C8D-9190-969CE469704B}.exe
{469D50D2-4415-406F-A4AB-C850F2D23A14}.exe
{052EF1F0-A529-4BA3-8C55-C83B51E66411}.exe
{57B3018D-CCA6-481E-A32C-8DC3BD597EC0}.exe
{E0159ED2-1046-42DD-88FC-D9BB8A689600}.exe
{78EF5B50-B547-4EE3-A185-EE02C6C6C8D4}.exe
{5989B1DE-BD58-4C41-B0C7-0522677D560F}.exe
{F3DAC972-4F8D-48C5-B1F2-4C237198EFFE}.exe
{ED5C28ED-25FD-4EFD-B8D6-E989E04903B4}.exe
{62D74027-9922-4A0D-B67D-EE40C41A96FE}.exe
{AD65C93D-DF84-491B-9D94-B08484D873A6}.exe
{6843C9C2-866B-4EDE-8032-2CBD60C44184}.exe
{4013EDC1-A132-4261-B9D2-9318905E67D0}.exe
{5F5ED913-D50B-45EC-B61C-D41947AF3B3D}.exe
{E4382B4D-22A7-41AC-A777-CB603AC986F3}.exe
{D42BF1FB-166C-45BF-B23F-BA67F3D39BB3}.exe
{9650C58A-3E0C-4330-9587-0243E90E479C}.exe
{14101968-033F-41FF-BF37-831A7F1318A8}.exe
{0B066DC6-E678-49B8-8DD3-6EB1A5219D29}.exe
{D428911F-C807-446B-82B8-F20FC03A9D2C}.exe
{19FD72FE-0714-4E88-A262-63502BF31687}.exe
{7545667F-26A8-4910-B287-BABFF52B0C46}.exe
{0913531E-BFD2-488E-A5F3-7889EF5B4A86}.exe
{919F685B-7E02-4D0A-9139-FCDAC80C0FA5}.exe
{78C9C99B-5ADF-40D5-8A5B-737D22165A25}.exe
{5323EFEB-033E-4242-9E7F-E1710269158C}.exe
{9DB81C68-6C62-47B7-A9A6-1DDDD5B72790}.exe
{75A46590-CE06-4C11-9673-3FA251D68224}.exe
{281364AE-432E-4DC4-A3B0-FB70C7C8F3F6}.exe
{E6FA21E0-AA06-4FBE-A3CF-3C8EC6F70041}.exe
{66F4368C-74F3-4383-ABB8-7AABB80BC963}.exe
{86DC4139-8934-4438-B41F-B5C47F873A86}.exe
{9AE37835-CA53-4780-8F69-06BB9D93959A}.exe
{9DD15085-7C50-45EB-A862-EB252A77D355}.exe
{7BC2C3A6-26CD-4039-9237-84E98B86D616}.exe
{388FCF07-0836-4437-A507-996D421A8357}.exe
{7C01E685-50BE-4536-ACAE-EC61A03237F8}.exe
{6389AA30-8598-4C11-9F24-BEAB4AB65B3D}.exe
{6CC73004-B5D7-4620-B44B-BF7AABEFB51C}.exe
{F6B111ED-112A-4951-ADDA-63902A3B5D44}.exe
{73269A0B-46D7-4FAB-8637-C9F39C5E7CB4}.exe
{532FCF2A-A5ED-4996-A295-6A807197A098}.exe
{393F4AA6-7442-43B8-8009-C4D52517A445}.exe
{EDE5D3A5-0BCA-4B68-A5B7-205D1E7A080B}.exe
{44D4916D-D23C-4EAA-870E-BA72B0F704F4}.exe
{73E370FD-C752-42CF-A92B-C1793482D76F}.exe
{04666A01-D08D-48F3-AAE0-A854867744F2}.exe
{34FBAD20-3A41-46EF-979C-4E87A9B5A73A}.exe
{729176DB-601A-4180-B504-71F67BDC9F8B}.exe
{4846A5A3-2A09-4CFE-AF75-8C3898DB653D}.exe
{96858AB0-68A1-472C-B101-BE6F103FC040}.exe
{B0AAD1F5-DFFA-4201-A0E4-1F28B1F4E64A}.exe
{019E91C2-1FF1-498F-A175-750B6F00471C}.exe
{72017E36-813C-4178-9AA5-06FD05DEA97E}.exe
{E4CF6EA7-DDEE-4E5F-8B78-7ED35029E78D}.exe
{9C257F2F-AD2A-4500-BF91-E120A4CD7EDC}.exe
{BA65E149-E626-4463-A732-486659EE008A}.exe
{2E5E6237-AF2D-4240-8CFB-B6A1E585FC7A}.exe
{AE067087-9BC7-4A1D-976E-6A27083406A1}.exe
{18E87C45-365D-41C5-8A39-115B58593924}.exe
{714251DC-4503-4D30-815D-73D8D8F713C0}.exe
{BC964096-EF94-4E48-90F6-169F0D9776B0}.exe
{41CD8463-2E79-498B-96F4-D7497978AE5C}.exe
{A8C8FAE7-3E9A-4BF2-9E3B-BE0040957828}.exe
{E791DC12-A80D-47BA-A335-935F102A79F1}.exe
{EBD8AD1C-6163-4418-9554-5597C14D1D97}.exe
{FF1D30CF-E9E4-4EB3-B1D6-5F8B40828E85}.exe
{E48E624D-7011-465D-A7F4-0DA2300211CF}.exe
{9F0C921D-D10A-4CD2-9FDF-7D0A9A3D0096}.exe
{174148CB-3D37-4E08-B7FF-820EB0898513}.exe
{FE5C65A0-9209-4853-BC90-1DB9D97A8CD9}.exe
{D1AC1D6D-9850-4FB7-851A-9F6BE19031FF}.exe
{CDECC5FC-723F-445C-AEF0-8FDE0BD79CA2}.exe
{546B7C0A-E9C4-4874-BEBD-350ED4E081AE}.exe
{27223B32-02FB-4158-88BB-C0694A0168FF}.exe
{BF0DFF16-8263-4208-89DA-61D91726BFF1}.exe
{1A721CF3-67D7-4F37-A1FB-5D20286EC1F7}.exe
{CAFBACD1-F29A-4EB9-A63B-3D1B5DABD4EA}.exe
{EE68C74B-F46E-4C60-93EB-EA97692B172A}.exe
{41B6FED2-BAC6-44E5-A28E-923951557DF7}.exe
{D25DA275-0CC3-40DE-AF72-B16B34F08389}.exe
{91860A41-D37B-4CAE-97D5-31EF4E7B2BEA}.exe
{56666637-3AEE-4B44-88CC-13110BF53BF9}.exe
{B926B19B-F668-401A-8464-27BBC2291C20}.exe
{E06F924A-006C-4102-8864-6C5EEC9A2932}.exe
{BCFAD945-3FD1-4E1B-9CB7-7DD7375C9951}.exe
{C30089F9-514E-4AC1-ACAE-B08A6E055E4F}.exe
{FA9C1DAC-4C7C-4758-8ACC-99B426D4620E}.exe
{0ACBA6BE-E296-43B1-A249-463395F2FFD8}.exe
{FF8A13D2-E30C-4BCD-878F-96C0B7FC192F}.exe
{E7043D6C-900A-445B-B007-98FDC5ED43D3}.exe
{421BF4A4-4883-4B84-A4AD-51AE00E4E811}.exe
{07D22DF7-4ED0-4F56-AFAB-643D6258B1F4}.exe
{ACC24797-E432-4CA2-BC65-6101FB6320F7}.exe
{DAB2C788-56B4-4B53-BF94-3AC13BBD030D}.exe
{2F56405B-4ED8-4620-97CE-38A4BF1A1BFA}.exe
{9E97B909-51B4-4CD2-A5E4-3ACC3E79CFA6}.exe
{C1868CD5-A080-4A91-8BEE-E436BB5C94CF}.exe
{74C11128-294D-4D46-B4F1-957CC1CBE4BC}.exe
{A46BEDE1-A3B6-4A3A-B854-96687FD570CF}.exe
{45C64842-1182-453E-B78E-797AA3CDD179}.exe
{687327F4-AA9E-441F-A6F8-DA0C947FC630}.exe
{FF00D9F8-4B42-4D82-B63D-0E1F0B92E3AC}.exe
{96E3DBA1-3107-4EB5-BCAE-8EE590E4973A}.exe
{871918A1-E93D-42E2-9618-46B11CD38921}.exe
{791238E6-C926-4429-960A-148B5A8C3D03}.exe
{093AA4AE-7E07-4F5B-A811-4CCACCCF0D4B}.exe
{F34DA7F5-311B-4AB2-9725-837DA88142D1}.exe
{D192AD0E-41E9-4290-B435-B9B5168670E4}.exe
{675EE050-E64B-42C4-91CF-A662E42848A8}.exe
et mon rapport highjack this:
Logfile of HijackThis v1.99.1
Scan saved at 15:39:26, on 2006-07-23
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
E:\alien ware\alien decompress dark star\AlienGUIse\wbload.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eoRezo\EoEngine.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\qttask.exe
E:\wiin mp\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\crimecam\espion 2004\Wspn\wspn.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
D:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\wiin mp\Winamp\winampa.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Wspn] E:\crimecam\espion 2004\Wspn\wspn.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [bylow.exe] C:\WINDOWS\System32\bylow.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - Startup: TribalWeb.net.lnk = D:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C1C3CC42-F029-49A2-91C2-C043DFAE3C96} (Samson Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Dalila.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - E:\alien ware\alien decompress dark star\AlienGUIse\fastload.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe