Trojan non détecté par mon anti-virus donc insupprimable
Dernière réponse : dans Sécurité
Bonjour ![:hello:]( ":hello:")
,
Depuis 4 jours mon ordinateur est contaminé par des fichiers de types **exhdd.f.exe (** un nombre entre 00 et 99), **exssd32.g.exe, **exmodul32e.h.exe, **exinjs.l.exe, et setup.exe. Tous ces fichiers sont dans le dossiers C![:D]( ":D")
ocuments and Settings\minijim C\Local Settings\Temp\
A chaque redémarrage de l'ordinateur ces virus sont détectés et healed ou deleted mais ils reviennent systematiquement et de plus en plus nombreux, au debut j'en avais 2 ou 3 mais aujourd'hui j'en ai eu plus de 30!!
Je n'arrive absolument pas à m'en débarrasser définitivement, et je ne sais absolument ce que font ces virus sur mon pc. J'ai utilisé spybot, ad-aware,, ils detectent tous des infections les nettoient mais elles reviennent tout le temps
Si quelqu'un a une methode pour nettoyer definitivement mon pc je suis preneur.
Merci
EDIT: J'ai également remarquer qu'une pair de fichier se cree un peu partout. Ils se nomment "setup.exe" et "autorun.ini", J'les ai effacés par tous les moyens en ma possession, ils reviennent tous seul au démarrage.
Je rajoute aussi qu'uncun anti-virus ni anti-spyware ne les détectent...
,Depuis 4 jours mon ordinateur est contaminé par des fichiers de types **exhdd.f.exe (** un nombre entre 00 et 99), **exssd32.g.exe, **exmodul32e.h.exe, **exinjs.l.exe, et setup.exe. Tous ces fichiers sont dans le dossiers C
ocuments and Settings\minijim C\Local Settings\Temp\A chaque redémarrage de l'ordinateur ces virus sont détectés et healed ou deleted mais ils reviennent systematiquement et de plus en plus nombreux, au debut j'en avais 2 ou 3 mais aujourd'hui j'en ai eu plus de 30!!
Je n'arrive absolument pas à m'en débarrasser définitivement, et je ne sais absolument ce que font ces virus sur mon pc. J'ai utilisé spybot, ad-aware,, ils detectent tous des infections les nettoient mais elles reviennent tout le temps
Si quelqu'un a une methode pour nettoyer definitivement mon pc je suis preneur.
Merci
EDIT: J'ai également remarquer qu'une pair de fichier se cree un peu partout. Ils se nomment "setup.exe" et "autorun.ini", J'les ai effacés par tous les moyens en ma possession, ils reviennent tous seul au démarrage.
Je rajoute aussi qu'uncun anti-virus ni anti-spyware ne les détectent...
Autres pages sur : trojan detecte anti virus insupprimable
Lassé par la pub ? Créez un compte
Bonjour,
- Télécharge Hijackthis de Merjin.
- Dézippe le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
AIDE : Aide sur Hijackthis (Malekal)
- Télécharge Hijackthis de Merjin.
- Dézippe le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
AIDE : Aide sur Hijackthis (Malekal)
Voilà
Logfile of HijackThis v1.99.1
Scan saved at 14:47:06, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Soft\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Soft4Ever\looknstop\looknstop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\Soft\eMule\emule.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Jeux\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Soft\HijackThis\Scanner.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] E:\Soft\eMule\emule.exe -AutoStart
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B3135E6-97F1-4153-9D40-F39ED2871EB9}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - E:\Soft\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Soft\alcohol 120%\Alcohol 120\StarWind\StarWindService.exe
Bonjour,
Infecté effectivement.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
Infecté effectivement.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
J'ai exactement le meme probleme.
J'ai donc suivi la procédure et voici les rapports :
rapport de SDFIX :
SDFix: Version 1.45
****************
08/12/2006 - 10:04:40,99
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
File Path:
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\DOCUME~1\fgiraud\LOCALS~1\Temp\setup.exe
C:\WINDOWS\system\smss.exe
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Authorized Applications Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"="C:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE:*:Enabled:3CDaemon Application"
"C:\\Program Files\\Reflection\\Rx.exe"="C:\\Program Files\\Reflection\\Rx.exe:*:Enabled:Reflection X"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:Logiciel de transfert de fichiers"
"D:\\Documents and Settings\\fgiraud\\Mes Documents\\blobby\\volley.exe"="D:\\Documents and Settings\\fgiraud\\Mes Documents\\blobby\\volley.exe:*:Enabled:volley"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*![:D]( ":D")
isabled:mRouterRuntime"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Novadigm\\RadUIShell.exe"="C:\\Program Files\\Novadigm\\RadUIShell.exe:*:Enabled:raduishell"
"C:\\Program Files\\Novadigm\\radtray.exe"="C:\\Program Files\\Novadigm\\radtray.exe:*:Enabled:radtray"
"C:\\Program Files\\Novadigm\\radexecd.exe"="C:\\Program Files\\Novadigm\\radexecd.exe:*:Enabled:radexecd"
"C:\\Novadigm\\ManagementAgent\\nvdkit.exe"="C:\\Novadigm\\ManagementAgent\\nvdkit.exe:*:Enabled:rma"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\35exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\35exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\29exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\29exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\4exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\4exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\56exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\56exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\95exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\95exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\44exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\44exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\2exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\2exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\85exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\85exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\89exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\89exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\92exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\92exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\33exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\33exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\96exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\96exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\81exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\81exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\63exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\63exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\50exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\50exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\64exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\64exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\86exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\86exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\16exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\16exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\30exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\30exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\83exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\83exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\23exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\23exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\34exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\34exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\17exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\17exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\3exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\3exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\13exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\13exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\74exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\74exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\94exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\94exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\70exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\70exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\99exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\99exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\10exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\10exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\71exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\71exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\19exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\19exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\41exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\41exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\61exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\61exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\66exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\66exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\36exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\36exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\49exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\49exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\43exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\43exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\75exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\75exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\45exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\45exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\58exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\58exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\53exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\53exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\68exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\68exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\65exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\65exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\78exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\78exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\11exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\11exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\6exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\6exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\20exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\20exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\26exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\26exinjs.t.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\2exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\2exinjs.s.exe:*![:D]( ":D")
isabled:2exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\31exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\31exinjs.s.exe:*![:D]( ":D")
isabled:31exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\60exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\60exinjs.s.exe:*![:D]( ":D")
isabled:60exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\52exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\52exinjs.s.exe:*![:D]( ":D")
isabled:52exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\85exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\85exinjs.s.exe:*![:D]( ":D")
isabled:85exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.s.exe:*![:D]( ":D")
isabled:67exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\44exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\44exinjs.s.exe:*![:D]( ":D")
isabled:44exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.s.exe:*![:D]( ":D")
isabled:91exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\80exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\80exinjs.s.exe:*![:D]( ":D")
isabled:80exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\89exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\89exinjs.s.exe:*![:D]( ":D")
isabled:89exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\92exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\92exinjs.s.exe:*![:D]( ":D")
isabled:92exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\8exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\8exinjs.s.exe:*![:D]( ":D")
isabled:8exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\59exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\59exinjs.s.exe:*![:D]( ":D")
isabled:59exinjs.s"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\88exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\88exinjs.t.exe:*![:D]( ":D")
isabled:88exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\13exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\13exinjs.t.exe:*![:D]( ":D")
isabled:13exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\22exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\22exinjs.t.exe:*![:D]( ":D")
isabled:22exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\15exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\15exinjs.t.exe:*![:D]( ":D")
isabled:15exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.t.exe:*![:D]( ":D")
isabled:91exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\41exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\41exinjs.t.exe:*![:D]( ":D")
isabled:41exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\54exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\54exinjs.t.exe:*![:D]( ":D")
isabled:54exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.t.exe:*![:D]( ":D")
isabled:67exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\66exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\66exinjs.t.exe:*![:D]( ":D")
isabled:66exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\49exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\49exinjs.t.exe:*![:D]( ":D")
isabled:49exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\45exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\45exinjs.t.exe:*![:D]( ":D")
isabled:45exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\53exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\53exinjs.t.exe:*![:D]( ":D")
isabled:53exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\39exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\39exinjs.t.exe:*![:D]( ":D")
isabled:39exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\68exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\68exinjs.t.exe:*![:D]( ":D")
isabled:68exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\76exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\76exinjs.t.exe:*![:D]( ":D")
isabled:76exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\24exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\24exinjs.t.exe:*![:D]( ":D")
isabled:24exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\65exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\65exinjs.t.exe:*![:D]( ":D")
isabled:65exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\73exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\73exinjs.t.exe:*![:D]( ":D")
isabled:73exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\78exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\78exinjs.t.exe:*![:D]( ":D")
isabled:78exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\6exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\6exinjs.t.exe:*![:D]( ":D")
isabled:6exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\20exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\20exinjs.t.exe:*![:D]( ":D")
isabled:20exinjs.t"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\51exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\51exinjs.t.exe:*![:D]( ":D")
isabled:51exinjs.t"
Files:
------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\Program Files\Seagate Software\Shared\pg32conv.dll
C:\Program Files\Seagate Software\Shared\s2sqlprs.dll
C:\Program Files\Seagate Software\Shared\sscsdk80.dll
C:\WINDOWS\Crystal\u252000.dll
C:\WINDOWS\Crystal\u25dts.dll
C:\WINDOWS\Crystal\u2dapp.dll
C:\WINDOWS\Crystal\u2ddisk.dll
C:\WINDOWS\Crystal\u2dmapi.dll
C:\WINDOWS\Crystal\u2dnotes.dll
C:\WINDOWS\Crystal\u2dpost.dll
C:\WINDOWS\Crystal\u2dvim.dll
C:\WINDOWS\Crystal\u2fcr.dll
C:\WINDOWS\Crystal\u2fdif.dll
C:\WINDOWS\Crystal\u2fhtml.dll
C:\WINDOWS\Crystal\u2fodbc.dll
C:\WINDOWS\Crystal\u2frdef.dll
C:\WINDOWS\Crystal\u2frec.dll
C:\WINDOWS\Crystal\u2frtf.dll
C:\WINDOWS\Crystal\u2fsepv.dll
C:\WINDOWS\Crystal\u2ftext.dll
C:\WINDOWS\Crystal\u2fwks.dll
C:\WINDOWS\Crystal\u2fwordw.dll
C:\WINDOWS\Crystal\u2fxls.dll
C:\WINDOWS\Crystal\u2l2000.dll
C:\WINDOWS\Crystal\u2lcom.dll
C:\WINDOWS\Crystal\u2ldts.dll
C:\WINDOWS\Crystal\u2lexch.dll
C:\WINDOWS\Crystal\u2lfinra.dll
C:\WINDOWS\Crystal\u2lsamp1.dll
C:\WINDOWS\system32\craxdrt.dll
C:\WINDOWS\system32\Crpaig80.dll
C:\WINDOWS\system32\crviewer.dll
C:\WINDOWS\system32\Implode.dll
C:\WINDOWS\system32\p2bdao.dll
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\fgiraud\Application Data\Microsoft\Word\~WRL0002.tmp
C:\Documents and Settings\fgiraud\Application Data\Microsoft\Word\~WRL1224.tmp
FINISHED!
------------------------------------
Rapport de HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 10:22:28, on 08/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\PROGRA~1\Novadigm\radexecd.exe
C:\PROGRA~1\Novadigm\radsched.exe
C:\PROGRA~1\Novadigm\Radstgms.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\soft\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.18.47.9:9090
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\DOCUME~1\fgiraud\LOCALS~1\Temp\wbemtool.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://extranet-sr/dana-cached/setup/JuniperSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = isr.silicomp.fr
O17 - HKLM\Software\..\Telephony: DomainName = isr.silicomp.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4DE1B7C-211B-4271-B576-CB4CBCECCA24}: NameServer = 172.16.16.22,194.51.78.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = isr.silicomp.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: HP ITO Agent - Hewlett-Packard Company - C:\usr\OV\bin\OpC\opcctla.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMap - Unknown owner - C:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\Novadigm\Radstgms.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\PROGRA~1\TightVNC\WinVNC.exe" -service (file missing)
----------------------------------------
Alors docteur, c'est réparé ???
Merci d'avance.
J'ai donc suivi la procédure et voici les rapports :
rapport de SDFIX :
SDFix: Version 1.45
****************
08/12/2006 - 10:04:40,99
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
File Path:
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\DOCUME~1\fgiraud\LOCALS~1\Temp\setup.exe
C:\WINDOWS\system\smss.exe
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Authorized Applications Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"="C:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE:*:Enabled:3CDaemon Application"
"C:\\Program Files\\Reflection\\Rx.exe"="C:\\Program Files\\Reflection\\Rx.exe:*:Enabled:Reflection X"
"C:\\WINDOWS\\system32\\ftp.exe"="C:\\WINDOWS\\system32\\ftp.exe:*:Enabled:Logiciel de transfert de fichiers"
"D:\\Documents and Settings\\fgiraud\\Mes Documents\\blobby\\volley.exe"="D:\\Documents and Settings\\fgiraud\\Mes Documents\\blobby\\volley.exe:*:Enabled:volley"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*
isabled:mRouterRuntime""C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Novadigm\\RadUIShell.exe"="C:\\Program Files\\Novadigm\\RadUIShell.exe:*:Enabled:raduishell"
"C:\\Program Files\\Novadigm\\radtray.exe"="C:\\Program Files\\Novadigm\\radtray.exe:*:Enabled:radtray"
"C:\\Program Files\\Novadigm\\radexecd.exe"="C:\\Program Files\\Novadigm\\radexecd.exe:*:Enabled:radexecd"
"C:\\Novadigm\\ManagementAgent\\nvdkit.exe"="C:\\Novadigm\\ManagementAgent\\nvdkit.exe:*:Enabled:rma"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\35exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\35exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\29exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\29exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\90exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\4exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\4exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\56exmodul32f.d.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\56exmodul32f.d.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\95exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\95exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\44exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\44exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\2exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\2exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\85exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\85exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\80exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\89exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\89exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\92exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\92exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exinjs.s.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exinjs.s.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\33exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\33exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\96exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\96exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\81exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\81exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\59exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\63exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\63exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\50exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\50exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\97exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\64exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\64exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\48exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\8exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\86exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\86exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\16exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\16exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\30exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\30exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\83exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\83exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\60exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\23exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\23exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\34exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\34exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\88exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\17exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\17exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\3exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\3exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\40exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\13exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\13exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\74exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\74exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\94exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\94exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\70exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\70exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\99exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\99exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\22exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\10exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\10exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\71exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\71exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\15exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\91exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\19exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\19exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\41exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\41exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\31exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\54exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\46exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\61exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\61exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\66exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\66exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\36exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\36exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\49exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\49exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\43exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\43exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\28exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\75exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\75exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\45exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\45exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\67exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\58exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\58exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\53exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\53exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\52exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\39exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\68exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\68exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\76exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\24exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\65exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\65exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\73exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\78exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\78exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\11exmodul32f.i.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\11exmodul32f.i.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\6exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\6exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\20exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\20exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\51exinjs.t.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\26exinjs.t.exe"="C:\\DOCUME~1\\fgiraud\\LOCALS~1\\Temp\\26exinjs.t.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\2exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\2exinjs.s.exe:*
isabled:2exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\31exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\31exinjs.s.exe:*
isabled:31exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\60exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\60exinjs.s.exe:*
isabled:60exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\52exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\52exinjs.s.exe:*
isabled:52exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\85exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\85exinjs.s.exe:*
isabled:85exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.s.exe:*
isabled:67exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\44exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\44exinjs.s.exe:*
isabled:44exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.s.exe:*
isabled:91exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\80exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\80exinjs.s.exe:*
isabled:80exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\89exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\89exinjs.s.exe:*
isabled:89exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\92exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\92exinjs.s.exe:*
isabled:92exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\8exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\8exinjs.s.exe:*
isabled:8exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\59exinjs.s.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\59exinjs.s.exe:*
isabled:59exinjs.s""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\88exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\88exinjs.t.exe:*
isabled:88exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\13exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\13exinjs.t.exe:*
isabled:13exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\22exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\22exinjs.t.exe:*
isabled:22exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\15exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\15exinjs.t.exe:*
isabled:15exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\91exinjs.t.exe:*
isabled:91exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\41exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\41exinjs.t.exe:*
isabled:41exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\54exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\54exinjs.t.exe:*
isabled:54exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\67exinjs.t.exe:*
isabled:67exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\66exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\66exinjs.t.exe:*
isabled:66exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\49exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\49exinjs.t.exe:*
isabled:49exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\45exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\45exinjs.t.exe:*
isabled:45exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\53exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\53exinjs.t.exe:*
isabled:53exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\39exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\39exinjs.t.exe:*
isabled:39exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\68exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\68exinjs.t.exe:*
isabled:68exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\76exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\76exinjs.t.exe:*
isabled:76exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\24exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\24exinjs.t.exe:*
isabled:24exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\65exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\65exinjs.t.exe:*
isabled:65exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\73exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\73exinjs.t.exe:*
isabled:73exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\78exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\78exinjs.t.exe:*
isabled:78exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\6exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\6exinjs.t.exe:*
isabled:6exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\20exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\20exinjs.t.exe:*
isabled:20exinjs.t""C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\51exinjs.t.exe"="C:\\Documents and Settings\\fgiraud\\Local Settings\\Temp\\51exinjs.t.exe:*
isabled:51exinjs.t"Files:
------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\Program Files\Seagate Software\Shared\pg32conv.dll
C:\Program Files\Seagate Software\Shared\s2sqlprs.dll
C:\Program Files\Seagate Software\Shared\sscsdk80.dll
C:\WINDOWS\Crystal\u252000.dll
C:\WINDOWS\Crystal\u25dts.dll
C:\WINDOWS\Crystal\u2dapp.dll
C:\WINDOWS\Crystal\u2ddisk.dll
C:\WINDOWS\Crystal\u2dmapi.dll
C:\WINDOWS\Crystal\u2dnotes.dll
C:\WINDOWS\Crystal\u2dpost.dll
C:\WINDOWS\Crystal\u2dvim.dll
C:\WINDOWS\Crystal\u2fcr.dll
C:\WINDOWS\Crystal\u2fdif.dll
C:\WINDOWS\Crystal\u2fhtml.dll
C:\WINDOWS\Crystal\u2fodbc.dll
C:\WINDOWS\Crystal\u2frdef.dll
C:\WINDOWS\Crystal\u2frec.dll
C:\WINDOWS\Crystal\u2frtf.dll
C:\WINDOWS\Crystal\u2fsepv.dll
C:\WINDOWS\Crystal\u2ftext.dll
C:\WINDOWS\Crystal\u2fwks.dll
C:\WINDOWS\Crystal\u2fwordw.dll
C:\WINDOWS\Crystal\u2fxls.dll
C:\WINDOWS\Crystal\u2l2000.dll
C:\WINDOWS\Crystal\u2lcom.dll
C:\WINDOWS\Crystal\u2ldts.dll
C:\WINDOWS\Crystal\u2lexch.dll
C:\WINDOWS\Crystal\u2lfinra.dll
C:\WINDOWS\Crystal\u2lsamp1.dll
C:\WINDOWS\system32\craxdrt.dll
C:\WINDOWS\system32\Crpaig80.dll
C:\WINDOWS\system32\crviewer.dll
C:\WINDOWS\system32\Implode.dll
C:\WINDOWS\system32\p2bdao.dll
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\fgiraud\Application Data\Microsoft\Word\~WRL0002.tmp
C:\Documents and Settings\fgiraud\Application Data\Microsoft\Word\~WRL1224.tmp
FINISHED!
------------------------------------
Rapport de HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 10:22:28, on 08/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\Windows\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NMapWin\bin\nmapserv.exe
C:\PROGRA~1\Novadigm\radexecd.exe
C:\PROGRA~1\Novadigm\radsched.exe
C:\PROGRA~1\Novadigm\Radstgms.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\soft\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.18.47.9:9090
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {9C3497D6-ED98-11D0-9647-00C04FD9B15B} (WMI Login Control) - file://C:\DOCUME~1\fgiraud\LOCALS~1\Temp\wbemtool.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://extranet-sr/dana-cached/setup/JuniperSetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = isr.silicomp.fr
O17 - HKLM\Software\..\Telephony: DomainName = isr.silicomp.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4DE1B7C-211B-4271-B576-CB4CBCECCA24}: NameServer = 172.16.16.22,194.51.78.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = isr.silicomp.fr
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: HP ITO Agent - Hewlett-Packard Company - C:\usr\OV\bin\OpC\opcctla.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NMap - Unknown owner - C:\Program Files\NMapWin\bin\nmapserv.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\Novadigm\Radstgms.exe
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\PROGRA~1\TightVNC\WinVNC.exe" -service (file missing)
----------------------------------------
Alors docteur, c'est réparé ???
Merci d'avance.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTrojan vundo insupprimable
- ForumTrojan virus
- ForumVirus ou trojan
- ForumDétecter un trojan
- ForumAnti-trojan anti-virus aidez moi a nettoyer
- ForumAnti virus win32 trojan gen
- ForumAidez moi anti virus, trojan spy etc.
- ForumDétecter trojan
- ForumAnti virus trojan win32 comisproc
- ForumTrojan win anti virus
- Voir plus
