Virtumonde ! SOS !!

Résolu
MiSSZ24 Messages postés 43 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Gros problème ek Virtumonde. J'ai scanner avec Avast et il n'a rien trouvé mais SpyBot lui trouve quelque chose ...
http://img144.imageshack.us/img144/4981/viruscynthiatf9.jpg (Cliquer dessus pour l'agrandir) J'ai besoin d'aide pour m'en débarrasser ... je n'ai pas envie de reformater tout sa !

J'ai essayer ceci : http://www.commentcamarche.net/forum/affich 3092451 virtumonde
Et sa N'A PAS marcher !
Et Cela: http://www.malekal.com/Trojan.vundo.php
ET sa N'A PAS marcher non plus ... J'ai besoin d'aide rapidement ...
Configuration: Windows XP

25 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    0
  2. MiSSZ24 Messages postés 43 Statut Membre
     
    Voici mon rapport:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:53, on 2007-11-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [0fbc282b] rundll32.exe "C:\WINDOWS\system32\qvvgsdge.dll",b
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    0
  3. MiSSZ24 Messages postés 43 Statut Membre
     
    Rapport ComboFix:

    ComboFix 07-11-19.4 - Owner 2007-11-27 17:29:21.2 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.282 [GMT -5:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Owner\Application Data\inst.exe
    C:\WINDOWS\system32\geeby.dll
    C:\WINDOWS\system32\ybeeg.ini
    C:\WINDOWS\system32\ybeeg.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
    .

    2007-11-27 16:06 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-26 19:15 85,056 --a------ C:\WINDOWS\system32\qvvgsdge.dll
    2007-11-26 19:15 414 ---hs---- C:\WINDOWS\system32\egdsgvvq.ini
    2007-11-26 19:12 80,960 --a------ C:\WINDOWS\system32\qrkaxven.dll
    2007-11-23 16:45 83,520 --a------ C:\WINDOWS\system32\ccekwryk.dll
    2007-11-23 16:42 738,656 ---hs---- C:\WINDOWS\system32\kpbphsbu.ini
    2007-11-23 16:42 85,056 --a------ C:\WINDOWS\system32\ubshpbpk.dll
    2007-11-23 14:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
    2007-11-23 14:37 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-11-23 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-11-22 21:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-11-22 21:18 30,590 --a------ C:\WINDOWS\system32\pavas.ico
    2007-11-22 21:18 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
    2007-11-22 21:18 1,406 --a------ C:\WINDOWS\system32\Help.ico
    2007-11-22 20:24 <DIR> d-------- C:\Program Files\BHODemon 2
    2007-11-22 19:52 <DIR> d-------- C:\VundoFix Backups
    2007-11-22 15:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-22 15:45 738,596 ---hs---- C:\WINDOWS\system32\rmasrtwm.ini
    2007-11-22 15:42 79,936 --a------ C:\WINDOWS\system32\jnmfsopx.dll
    2007-11-21 11:08 80,960 --a------ C:\WINDOWS\system32\cnmenqst.dll
    2007-11-21 11:02 714,461 ---hs---- C:\WINDOWS\system32\knastbuf.ini
    2007-11-21 11:02 85,056 --a------ C:\WINDOWS\system32\fubtsank.dll
    2007-11-21 02:59 2,321,792 --a------ C:\WINDOWS\system32\TUKernel.exe
    2007-11-19 23:32 83,008 --a------ C:\WINDOWS\system32\eqexkaad.dll
    2007-11-19 23:27 689,283 ---hs---- C:\WINDOWS\system32\ssggoeem.ini
    2007-11-19 23:26 85,056 --a------ C:\WINDOWS\system32\meeoggss.dll
    2007-11-19 21:22 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-19 21:19 37,376 --a------ C:\WINDOWS\system32\fccyxxx.dll
    2007-11-19 21:19 260 --a------ C:\4063.bat
    2007-11-19 21:19 120 --a------ C:\n.bat
    2007-11-19 21:19 0 --a------ C:\z.dat
    2007-11-19 21:19 0 --a------ C:\x.dat
    2007-11-19 21:18 37,376 --a------ C:\WINDOWS\system32\mljjgef.dll.vir
    2007-11-19 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-15 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2007-11-15 22:16 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2007-11-15 22:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-15 22:02 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TuneUp Software
    2007-11-12 21:17 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-11-12 21:16 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-11-12 21:09 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
    2007-11-12 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-11-07 23:23 <DIR> d-------- C:\Program Files\MSBuild
    2007-11-07 23:23 <DIR> d-------- C:\Program Files\Microsoft Works
    2007-11-07 23:22 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-11-07 23:20 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-11-07 23:19 <DIR> d-------- C:\WINDOWS\SHELLNEW

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-18 16:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-12 03:39 --------- d-----w C:\Program Files\DivX
    2007-10-12 03:35 --------- d-----w C:\Program Files\WinAVI Video Converter
    2007-10-12 00:03 --------- d-----w C:\Program Files\WinAVI Video Capture
    2007-10-08 20:59 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
    2007-10-08 20:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2007-10-08 20:57 --------- d-----w C:\Program Files\Common Files\Ahead
    2007-10-08 02:54 --------- d-----w C:\Program Files\LGE PC Portal
    2007-10-08 02:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Destinator
    2007-10-03 01:29 --------- d-----w C:\Program Files\Nicolas MERLET
    2007-10-02 23:43 --------- d-----w C:\Program Files\Common Files\Simple Star Shared
    2007-10-02 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simple Star Shared
    2007-10-02 23:42 --------- d-----w C:\Program Files\AskTBar
    2007-10-02 23:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\Simple Star
    2007-09-30 21:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-09-30 20:47 --------- d-----w C:\Program Files\Alwil Software
    2007-09-30 20:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2007-09-30 20:23 --------- d-----w C:\Program Files\Windows Live
    2007-09-30 20:23 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-09-30 20:23 --------- d-----w C:\Program Files\Adverts
    2007-07-23 01:39 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    2007-01-10 17:15 839,702 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2007-01-10 17:15 839,701 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2007-01-10 17:15 839,701 --sh--w C:\WINDOWS\Fonts\svchost.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{378d8fe8-8d3d-45a6-9fe7-498dbf5798aa}]
    2007-11-26 19:12 80960 --a------ C:\WINDOWS\system32\qrkaxven.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7BFAEB8E-7545-4524-A927-B6C9F3C32B18}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1F78710-EEDB-4E63-B180-23ABC0366671}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8f3f1e0-ce64-467f-a1bb-b1bed85f6e23}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00]
    "MétéoIMédia"="C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe" []
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 17:06]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-08-16 11:21 C:\WINDOWS\SkyTel.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02]
    "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57]
    "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34]
    "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-09-07 19:52]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 C:\WINDOWS\system32\bthprops.cpl]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
    "0fbc282b"="C:\WINDOWS\system32\qvvgsdge.dll" [2007-11-26 19:15]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-04 01:23]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-08-03 15:34:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeby.dll

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

    R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys
    R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe -k netsvcs
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    R3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys
    R3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-23 22:20:20 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - D:\TuneUpSecurity\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-27 17:38:39
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-27 17:42:51 - machine was rebooted
    .
    --- E O F ---
    0
  4. MiSSZ24 Messages postés 43 Statut Membre
     
    Voici mon rapport SpyBot après toute ca, je veux comprendre ... Merci !
    [IMG]http://img144.imageshack.us/img144/4981/viruscynthiatf9.jpg[/IMG]
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    _______
    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    ______________

    colle le rapport d'un scan en ligne
    avec

    Panda en ligne :
    http://pandasoftware.fr

    _________________

    recolle un rapport hijackthis en le renommant et un nouveau rappport combofix

    aplus
    0
  7. MiSSZ24 Messages postés 43 Statut Membre
     
    Scan VundiFix:

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    VundoFix V6.6.2

    Checking Java version...

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Scan started at 01:09:32 2007-11-28

    Listing files found while scanning....

    No infected files were found.

    Scan VirtumondeBeGone:

    [11/28/2007, 15:42:10] - VirtumundoBeGone v1.5 ( "D:\VirtumundoBeGone.exe" )
    [11/28/2007, 15:42:46] - Detected System Information:
    [11/28/2007, 15:42:46] - Windows Version: 5.1.2600, Service Pack 2
    [11/28/2007, 15:42:46] - Current Username: Owner (Admin)
    [11/28/2007, 15:42:46] - Windows is in NORMAL mode.
    [11/28/2007, 15:42:46] - Searching for Browser Helper Objects:
    [11/28/2007, 15:42:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [11/28/2007, 15:42:46] - BHO 2: {378d8fe8-8d3d-45a6-9fe7-498dbf5798aa} ()
    [11/28/2007, 15:42:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/28/2007, 15:42:46] - Checking for HKLM\...\Winlogon\Notify\qrkaxven
    [11/28/2007, 15:42:46] - Key not found: HKLM\...\Winlogon\Notify\qrkaxven, continuing.
    [11/28/2007, 15:42:46] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    [11/28/2007, 15:42:46] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [11/28/2007, 15:42:46] - BHO 5: {7BFAEB8E-7545-4524-A927-B6C9F3C32B18} ()
    [11/28/2007, 15:42:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/28/2007, 15:42:46] - No filename found. Continuing.
    [11/28/2007, 15:42:46] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [11/28/2007, 15:42:46] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [11/28/2007, 15:42:46] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [11/28/2007, 15:42:46] - BHO 9: {C1F78710-EEDB-4E63-B180-23ABC0366671} ()
    [11/28/2007, 15:42:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/28/2007, 15:42:46] - No filename found. Continuing.
    [11/28/2007, 15:42:46] - BHO 10: {d8f3f1e0-ce64-467f-a1bb-b1bed85f6e23} ()
    [11/28/2007, 15:42:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [11/28/2007, 15:42:46] - No filename found. Continuing.
    [11/28/2007, 15:42:46] - Finished Searching Browser Helper Objects
    [11/28/2007, 15:42:46] - Finishing up...
    [11/28/2007, 15:42:46] - Nothing found! Exiting...

    Scan avec Panda TotalSCan:
    Résultats
    Félicitations !
    Aucun virus, logiciel espion, cheval de Troie ou aucune autre menace ACTIVE ou LATENTE n'a été détecté(e) sur votre PC.
    Nous avons détecté que avast! antivirus 4.7.1074 [VPS 071128-0] est activé(e) et à jour.
    El texto que corresponda en cada momento
    Après l'analyse complète de votre PC, aucun logiciel malveillant ACTIF ou LATENT n'a été détecté.

    Rapport Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:11:50, on 2007-11-28
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\My Documents\Mes fichiers reçus\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: {aa8975fb-d894-7ef9-6a54-d3d88ef8d873} - {378d8fe8-8d3d-45a6-9fe7-498dbf5798aa} - C:\WINDOWS\system32\qrkaxven.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7BFAEB8E-7545-4524-A927-B6C9F3C32B18} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C1F78710-EEDB-4E63-B180-23ABC0366671} - (no file)
    O2 - BHO: (no name) - {d8f3f1e0-ce64-467f-a1bb-b1bed85f6e23} - (no file)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [0fbc282b] rundll32.exe "C:\WINDOWS\system32\qvvgsdge.dll",b
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    si tu as avast et norton vire un des deux

    _________________

    lance hijackthis, selectionne ces lignes puis fais fix cheked

    O2 - BHO: {aa8975fb-d894-7ef9-6a54-d3d88ef8d873} - {378d8fe8-8d3d-45a6-9fe7-498dbf5798aa} - C:\WINDOWS\system32\qrkaxven.dll

    O2 - BHO: (no name) - {C1F78710-EEDB-4E63-B180-23ABC0366671} - (no file)
    O2 - BHO: (no name) - {d8f3f1e0-ce64-467f-a1bb-b1bed85f6e23} - (no file)

    O4 - HKLM\..\Run: [0fbc282b] rundll32.exe "C:\WINDOWS\system32\qvvgsdge.dll",b
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    ____________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\qvvgsdge.dll
    C:\WINDOWS\system32\qrkaxven.dll
    C:\WINDOWS\system32\mljjgef.dll.vir

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

    ________________________

    analyse ces fichiers sur virus total : https://www.virustotal.com/gui/

    ceux qui sont inféctés tu les vires avec otmovit: comme precedement

    C:\WINDOWS\system32\egdsgvvq.ini
    C:\WINDOWS\system32\ccekwryk.dll
    C:\WINDOWS\system32\kpbphsbu.ini
    C:\WINDOWS\system32\ubshpbpk.dll
    C:\WINDOWS\system32\rmasrtwm.ini
    C:\WINDOWS\system32\jnmfsopx.dll
    C:\WINDOWS\system32\cnmenqst.dll
    C:\WINDOWS\system32\knastbuf.ini
    C:\WINDOWS\system32\fubtsank.dll
    C:\WINDOWS\system32\eqexkaad.dll
    C:\WINDOWS\system32\ssggoeem.ini
    C:\WINDOWS\system32\meeoggss.dll
    C:\WINDOWS\system32\vbzip10.dll
    C:\WINDOWS\system32\fccyxxx.dll

    ______________________

    nettoie ton registre avec regcleaner:

    http://manuelsdaide.com/RegCleaner/RegCleaner.htm

    _______________________

    installe
    SPYWAREBLASTER pour immuniser le système contre vundo que tu avais mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    _______________________

    recolle un rapport combofix, hijakthis et surtout dis tes problemes
    0
  9. MiSSZ24 Messages postés 43 Statut Membre
     
    J'ai suivi les procédures plus haut et sa fonctionner avec l'aide de jlpjlp ! Merci
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait mais as tu fais le message 7 et analysé les fichiers pour voir si il faut les virer?
    0
  11. MiSSZ24 Messages postés 43 Statut Membre
     
    SVP JLPJLP !
    Encore pogner ce maudit virus !!! VIRTUMONDE détecter avec Spybot:

    Rapport Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:29:39, on 2008-08-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\VMSnap3.EXE
    C:\WINDOWS\Domino.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\acc\acc.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Owner\Desktop\sanner.exe..exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7BFAEB8E-7545-4524-A927-B6C9F3C32B18} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {c8767520-8a74-b5c8-39a4-d8b01a800da9} - {9ad008a1-0b8d-4a93-8c5b-47a80257678c} - C:\WINDOWS\system32\hjdzaa.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {E482A951-26ED-4898-A1EB-09A942D95A52} - C:\WINDOWS\system32\pmnkhGaX.dll
    *O2 - BHO: (no name) - {FFA69C76-13CA-4C7E-A7E0-822917C8066E} - C:\WINDOWS\system32\ljJaWQGa.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BOOTSKIN.EXE" /StartupJobs
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [acc] C:\PROGRA~1\acc\acc.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O20 - Winlogon Notify: pmnkhGaX - C:\WINDOWS\SYSTEM32\pmnkhGaX.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)

    -
    End of file - 12279 bytes
    D'après moi le problème serais en gras ... Aidez-moi SVP !
    0
  12. MiSSZ24 Messages postés 43 Statut Membre
     
    Rapport CombiFix:

    ComboFix 08-08-11.01 - Owner 2008-08-12 1:58:39.5 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.373 [GMT -4:00]
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\SJ4B454P\interclick.com
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\SJ4B454P\interclick.com\ud.sol
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\WINDOWS\system32\aGQWaJjl.ini
    C:\WINDOWS\system32\aGQWaJjl.ini2
    C:\WINDOWS\system32\ddcyVnMG.dll
    C:\WINDOWS\system32\egdsgvvq.ini
    C:\WINDOWS\system32\eqodqptl.dll
    C:\WINDOWS\system32\hjdzaa.dll
    C:\WINDOWS\system32\knastbuf.ini
    C:\WINDOWS\system32\kpbphsbu.ini
    C:\WINDOWS\system32\ljJaWQGa.dll
    C:\WINDOWS\system32\ltpqdoqe.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\pmnkhGaX.dll
    C:\WINDOWS\system32\rmasrtwm.ini
    C:\WINDOWS\system32\xingiuix.dll
    C:\x.dat
    C:\z.dat

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-12 to 2008-08-12 )))))))))))))))))))))))))))))))
    .

    2008-08-11 17:34 . 2008-08-11 17:34 <DIR> d-------- C:\Program Files\acc
    2008-08-09 13:24 . 2008-08-09 13:24 1,071 --a------ C:\WINDOWS\AWMODEM.INF
    2008-08-02 20:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-08-02 20:16 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Program Files\ScanSoft
    2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared
    2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ScanSoft
    2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
    2008-08-02 20:15 . 2008-08-02 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2008-08-02 20:15 . 2008-08-02 20:15 412 --a------ C:\WINDOWS\MAXLINK.INI
    2008-08-02 20:13 . 2008-08-02 20:13 <DIR> d-------- C:\Program Files\Common Files\CANON
    2008-08-02 20:10 . 2008-08-02 20:10 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information
    2008-08-02 20:10 . 2008-08-02 20:10 <DIR> d--h----- C:\Program Files\CanonBJ
    2008-08-02 20:10 . 2008-08-02 20:11 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
    2008-08-02 20:10 . 2007-03-23 03:30 1,400,832 --a------ C:\WINDOWS\system32\CNC210C.DLL
    2008-08-02 20:10 . 2007-03-18 16:00 215,040 --a------ C:\WINDOWS\system32\CNMLM8S.DLL
    2008-08-02 20:10 . 2007-03-18 21:16 200,704 --a------ C:\WINDOWS\system32\CNC210L.DLL
    2008-08-02 20:10 . 2007-03-15 01:12 188,416 --a------ C:\WINDOWS\system32\CNC210O.DLL
    2008-08-02 20:10 . 2007-03-23 03:29 98,304 --a------ C:\WINDOWS\system32\CNC210I.DLL
    2008-08-02 20:09 . 2008-08-02 20:09 <DIR> d-------- C:\Program Files\Canon
    2008-07-27 20:10 . 2008-07-27 20:10 <DIR> d-------- C:\Program Files\Real
    2008-07-27 20:10 . 2008-07-27 20:10 <DIR> d-------- C:\Program Files\Common Files\Real

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-28 00:10 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2007-07-23 00:39 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
    2007-10-12 02:40 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-10-12 02:40 56 --sh--r C:\WINDOWS\system32\75F2130F9C.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-27_17.41.57.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-11-17 18:31:32 347,136 ------w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
    + 2004-11-17 17:31:32 347,136 ------w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
    - 2004-10-14 15:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
    + 2004-10-14 14:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
    - 2004-10-14 15:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
    + 2004-10-14 14:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
    - 2004-10-14 15:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
    + 2004-10-14 14:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
    - 2004-10-14 15:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
    + 2004-10-14 14:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
    - 2004-10-28 02:28:18 721,920 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
    + 2004-10-28 01:28:18 721,920 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
    - 2004-10-28 02:15:16 448,128 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    + 2004-10-28 01:15:16 448,128 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    - 2004-10-28 02:14:56 174,592 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
    + 2004-10-28 01:14:56 174,592 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
    - 2004-10-14 16:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
    + 2004-10-14 15:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
    - 2004-10-14 16:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
    + 2004-10-14 15:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
    - 2004-10-14 16:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
    + 2004-10-14 15:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
    - 2004-10-14 16:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
    + 2004-10-14 15:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
    - 2004-10-14 16:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
    + 2004-10-14 15:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
    - 2004-10-14 16:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
    + 2004-10-14 15:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
    - 2004-10-14 16:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
    + 2004-10-14 15:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
    - 2004-10-14 16:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
    + 2004-10-14 15:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
    - 2004-09-29 23:31:18 134,912 ------w C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys
    + 2004-09-29 22:31:18 134,912 ------w C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys
    - 2004-10-14 19:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll
    + 2004-10-14 18:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll
    - 2004-10-14 19:36:16 169,984 ------w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
    + 2004-10-14 18:36:16 169,984 ------w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
    - 2004-10-14 19:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll
    + 2004-10-14 18:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll
    - 2004-10-14 19:34:52 654,848 ------w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
    + 2004-10-14 18:34:52 654,848 ------w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
    - 2004-10-13 17:21:24 1,694,208 ------w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
    + 2004-10-13 16:21:24 1,694,208 ------w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
    - 2004-10-14 16:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
    + 2004-10-14 15:34:52 7,168 ------w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
    - 2004-10-14 16:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
    + 2004-10-14 15:36:18 169,984 ------w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
    - 2004-10-14 16:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
    + 2004-10-14 15:36:16 21,504 ------w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
    - 2004-10-14 16:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
    + 2004-10-14 15:34:54 654,848 ------w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
    - 2004-12-07 20:29:20 96,768 ------w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
    + 2004-12-07 19:29:20 96,768 ------w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
    - 2004-11-30 19:46:38 7,168 ------w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
    + 2004-11-30 18:46:38 7,168 ------w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
    - 2004-12-01 01:22:42 169,984 ------w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
    + 2004-12-01 00:22:42 169,984 ------w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
    - 2004-12-01 01:22:40 21,504 ------w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
    + 2004-12-01 00:22:40 21,504 ------w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
    - 2004-11-30 19:46:40 654,848 ------w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
    + 2004-11-30 18:46:40 654,848 ------w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
    - 2005-04-22 06:18:52 57,344 ------w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
    + 2005-04-22 05:18:52 57,344 ------w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll
    - 2005-05-17 01:26:30 17,920 ------w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll
    + 2005-05-17 00:26:30 17,920 ------w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
    - 2005-03-02 19:19:56 62,464 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
    + 2005-03-02 18:19:56 62,464 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
    - 2005-03-02 02:02:14 2,135,552 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
    + 2005-03-02 01:02:14 2,135,552 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
    - 2005-03-02 01:36:40 2,056,832 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    + 2005-03-02 00:36:40 2,056,832 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    - 2005-03-02 01:36:42 2,015,232 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
    + 2005-03-02 00:36:42 2,015,232 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
    - 2005-03-02 02:04:22 2,179,456 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    + 2005-03-02 01:04:22 2,179,456 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    - 2005-03-02 19:19:56 577,024 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    + 2005-03-02 18:19:56 577,024 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    - 2005-03-02 02:11:26 1,836,160 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
    + 2005-03-02 01:11:26 1,836,160 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
    - 2005-03-02 19:19:56 291,328 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
    + 2005-03-02 18:19:56 291,328 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
    - 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
    + 2005-02-24 23:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
    - 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
    + 2005-02-24 23:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
    - 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
    + 2005-02-24 23:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
    - 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
    + 2005-02-24 23:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
    - 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
    + 2005-02-24 23:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
    - 2004-11-30 19:46:38 7,168 ------w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
    + 2004-11-30 18:46:38 7,168 ------w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
    - 2004-12-01 01:22:42 169,984 ------w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
    + 2004-12-01 00:22:42 169,984 ------w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
    - 2004-12-01 01:22:40 21,504 ------w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
    + 2004-12-01 00:22:40 21,504 ------w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
    - 2004-11-30 19:46:40 654,848 ------w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
    + 2004-11-30 18:46:40 654,848 ------w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
    - 2005-07-08 17:28:58 249,344 ------w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    + 2005-07-08 16:28:58 249,344 ------w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
    - 2005-07-08 00:27:08 30,720 ------w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
    + 2005-07-07 23:27:08 30,720 ------w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
    - 2005-04-28 20:35:02 1,286,144 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
    + 2005-04-28 19:35:02 1,286,144 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
    - 2005-04-28 20:35:02 74,752 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
    + 2005-04-28 19:35:02 74,752 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
    - 2005-04-28 20:35:02 37,376 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
    + 2005-04-28 19:35:02 37,376 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
    - 2005-04-28 20:35:02 396,288 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    + 2005-04-28 19:35:02 396,288 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
    - 2005-05-27 00:26:50 10,752 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
    + 2005-05-26 23:26:50 10,752 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
    - 2005-05-27 03:09:00 41,472 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
    + 2005-05-27 02:09:00 41,472 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
    - 2005-05-27 03:09:00 155,136 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
    + 2005-05-27 02:09:00 155,136 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
    - 2005-05-27 03:09:00 137,216 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
    + 2005-05-27 02:09:00 137,216 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
    - 2005-06-11 01:17:14 57,856 ------w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    + 2005-06-11 00:17:14 57,856 ------w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
    - 2005-06-29 21:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
    + 2005-06-29 20:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
    - 2005-05-11 00:51:10 75,776 ------w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
    + 2005-05-10 23:51:10 75,776 ------w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
    - 2005-02-25 04:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
    + 2005-02-25 03:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
    - 2005-02-25 04:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
    + 2005-02-25 03:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
    - 2005-02-25 04:35:06 22,752 ------w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
    + 2005-02-25 03:35:06 22,752 ------w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
    - 2005-02-25 04:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
    + 2005-02-25 03:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
    - 2005-02-25 04:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
    + 2005-02-25 03:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
    - 2005-02-25 04:35:06 371,936 ------w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
    + 2005-02-25 03:35:06 371,936 ------w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
    - 2005-06-15 18:42:36 297,984 ------w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
    + 2005-06-15 17:42:36 297,984 ------w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
    - 2005-06-29 21:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
    + 2005-06-29 20:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
    - 2005-06-10 05:06:02 139,528 ------w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
    + 2005-06-10 04:06:02 139,528 ------w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
    - 2005-06-29 21:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
    + 2005-06-29 20:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
    - 2006-02-15 01:30:08 142,464 ------w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
    + 2006-02-15 00:30:08 142,464 ------w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
    - 2005-09-01 02:44:04 19,968 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    + 2005-09-01 01:44:04 19,968 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    - 2005-09-23 04:18:20 8,452,608 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
    + 2005-09-23 03:18:20 8,452,608 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
    - 2005-09-03 00:53:42 474,112 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
    + 2005-09-02 23:53:42 474,112 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
    - 2005-09-01 02:44:06 291,840 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
    + 2005-09-01 01:44:06 291,840 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
    - 2005-09-27 01:29:46 21,504 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\xpsp3res.dll
    + 2005-09-27 00:29:46 21,504 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\xpsp3res.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
    - 2005-09-26 22:36:24 30,720 ------w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
    + 2005-09-26 21:36:24 30,720 ------w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
    - 2005-09-10 02:48:48 2,068,480 ------w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
    + 2005-09-10 01:48:48 2,068,480 ------w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
    - 2005-09-09 21:26:26 30,720 ------w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
    + 2005-09-09 20:26:26 30,720 ------w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB901190\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB901190\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB901190\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB901190\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB901190\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB901190\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB901190\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB901190\update\updspapi.dll
    - 2005-06-29 02:49:56 254,976 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
    + 2005-06-29 01:49:56 254,976 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
    - 2005-06-29 02:49:56 73,728 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
    + 2005-06-29 01:49:56 73,728 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    - 2005-07-26 05:20:24 225,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
    + 2005-07-26 04:20:24 225,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
    - 2005-07-26 05:20:24 625,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
    + 2005-07-26 04:20:24 625,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
    - 2005-07-26 05:20:24 110,080 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
    + 2005-07-26 04:20:24 110,080 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
    - 2005-07-26 05:20:24 498,688 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
    + 2005-07-26 04:20:24 498,688 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
    - 2005-07-26 05:20:24 60,416 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
    + 2005-07-26 04:20:24 60,416 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
    - 2005-07-26 05:20:24 195,072 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
    + 2005-07-26 04:20:24 195,072 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
    - 2005-07-26 05:20:26 97,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
    + 2005-07-26 04:20:26 97,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
    - 2005-07-26 05:20:28 1,267,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
    + 2005-07-26 04:20:28 1,267,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
    - 2005-07-26 05:20:28 540,160 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
    + 2005-07-26 04:20:28 540,160 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
    - 2005-07-26 05:20:28 243,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
    + 2005-07-26 04:20:28 243,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
    - 2005-07-26 00:42:36 8,704 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
    + 2005-07-25 23:42:36 8,704 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
    - 2005-07-26 05:20:30 425,472 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
    + 2005-07-26 04:20:30 425,472 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
    - 2005-07-26 05:20:32 945,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
    + 2005-07-26 04:20:32 945,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
    - 2005-07-26 05:20:32 161,280 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
    + 2005-07-26 04:20:32 161,280 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
    - 2005-07-26 05:20:40 66,560 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
    + 2005-07-26 04:20:40 66,560 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
    - 2005-07-26 05:20:40 91,136 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
    + 2005-07-26 04:20:40 91,136 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
    - 2005-07-26 05:20:40 1,285,632 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
    + 2005-07-26 04:20:40 1,285,632 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
    - 2005-07-26 05:20:40 74,752 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
    + 2005-07-26 04:20:40 74,752 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
    - 2005-07-26 05:20:40 37,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
    + 2005-07-26 04:20:40 37,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
    - 2005-07-26 05:20:40 398,336 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    + 2005-07-26 04:20:40 398,336 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    - 2005-07-26 05:20:40 101,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
    + 2005-07-26 04:20:40 101,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
    - 2005-07-26 05:20:40 11,776 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
    + 2005-07-26 04:20:40 11,776 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
    - 2005-07-26 00:21:18 30,720 ------w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
    + 2005-07-25 23:21:18 30,720 ------w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
    - 2005-08-22 19:24:56 197,632 ------w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
    + 2005-08-22 18:24:56 197,632 ------w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
    - 2005-02-25 04:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
    + 2005-02-25 03:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
    - 2005-02-25 04:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
    + 2005-02-25 03:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
    - 2005-08-20 00:50:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
    + 2005-08-19 23:50:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
    - 2005-02-25 04:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
    + 2005-02-25 03:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
    - 2005-02-25 04:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
    + 2005-02-25 03:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
    - 2005-02-25 04:35:06 371,936 ------w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
    + 2005-02-25 03:35:06 371,936 ------w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
    - 2005-08-23 04:39:54 123,392 ------w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
    + 2005-08-23 03:39:54 123,392 ------w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
    - 2005-02-25 01:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
    + 2005-02-25 00:35:06 14,048 ------w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
    - 2005-02-25 01:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
    + 2005-02-25 00:35:06 209,632 ------w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
    - 2005-08-22 23:01:30 30,720 ------w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
    + 2005-08-22 22:01:30 30,720 ------w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
    - 2005-02-25 01:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
    + 2005-02-25 00:35:06 22,240 ------w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
    - 2005-02-25 01:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
    + 2005-02-25 00:35:06 718,048 ------w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
    - 2005-02-25 01:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
    + 2005-02-25 00:35:08 371,936 ------w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
    - 2005-10-17 22:21:20 80,896 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
    + 2005-10-17 21:21:20 80,896 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
    - 2005-10-17 22:21:20 117,760 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
    + 2005-10-17 21:21:20 117,760 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
    - 2006-03-17 05:46:32 8,454,656 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
    + 2006-03-17 04:46:32 8,454,656 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
    - 2006-03-17 02:05:36 28,672 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
    + 2006-03-17 01:05:36 28,672 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
    - 2006-03-22 02:29:44 23,040 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll
    + 2006-03-22 01:29:44 23,040 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
    - 2005-10-20 23:26:40 1,082,368 ------w C:\WINDOWS\$hf_mig$\KB910437\SP2QFE\esent.dll
    + 2005-10-20 22:26:40 1,082,368 ------w C:\WINDOWS\$hf_mig$\KB910437\SP2QFE\esent.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB910437\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB910437\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB910437\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB910437\update\spcustom.dll
    - 2005-10-13 00:12:28 716,000 ------w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
    + 2005-10-12 23:12:28 716,000 ------w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB910437\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB910437\update\updspapi.dll
    - 2006-06-22 11:36:52 180,736 ------w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
    + 2006-06-22 10:36:52 180,736 ------w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
    - 2006-03-23 06:53:08 143,360 ------w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
    + 2006-03-23 05:53:08 143,360 ------w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
    - 2006-01-04 05:18:34 68,096 ------w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
    + 2006-01-04 04:18:34 68,096 ------w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
    - 2006-03-01 20:34:20 426,496 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
    + 2006-03-01 19:34:20 426,496 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
    - 2006-03-01 20:34:20 956,416 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
    + 2006-03-01 19:34:20 956,416 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
    - 2006-03-01 20:34:20 161,280 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
    + 2006-03-01 19:34:20 161,280 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
    - 2006-03-01 20:34:20 66,560 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
    + 2006-03-01 19:34:20 66,560 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
    - 2006-03-01 20:34:20 91,136 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
    + 2006-03-01 19:34:20 91,136 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
    - 2006-03-01 20:34:20 11,776 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
    + 2006-03-01 19:34:20 11,776 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
    - 2006-05-19 14:46:40 112,128 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
    + 2006-05-19 13:46:40 112,128 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
    - 2006-05-19 14:46:40 147,456 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
    + 2006-05-19 13:46:40 147,456 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
    - 2006-05-19 14:46:40 94,720 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
    + 2006-05-19 13:46:40 94,720 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
    - 2006-05-05 11:16:40 454,400 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    + 2006-05-05 10:16:40 454,400 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    - 2006-05-05 11:22:52 174,592 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
    + 2006-05-05 10:22:52 174,592 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
    - 2006-03-17 02:08:10 262,656 ------w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
    + 2006-03-17 01:08:10 262,656 ------w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
    - 2005-10-13 00:16:50 14,048 ------w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
    + 2005-10-12 23:16:50 14,048 ------w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
    - 2005-10-13 00:16:50 213,216 ------w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
    + 2005-10-12 23:16:50 213,216 ------w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
    - 2005-10-13 00:16:50 22,752 ------w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
    + 2005-10-12 23:16:50 22,752 ------w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
    - 2005-10-13 00:16:52 716,000 ------w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
    + 2005-10-12 23:16:52 716,000 ------w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
    - 2005-10-13 00:16:56 371,424 ------w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
    + 2005-10-12 23:16:56 371,424 ------w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
    - 2006-05-18 06:37:44 450,560 ------w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
    + 2006-05-18 05:37:44 450,560 ------w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
    - 2005-10-13 00:16:50 14,048 ------w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll
    + 2005-10-12 23:16:50 14,048 ------w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll
    - 2005-10-13 00:16:50 213,216 ------w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe
    + 2005-10-12 23:16:50 213,216 ------w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe
    - 2005-10-13 00:16:50 22,752 ------w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll
    + 2005-10-12 23:16:50 22,752 ------w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll
    - 2005-10-13 00:16:52 716,000 ------w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
    + 2005-10-12 23:16:52 716,000 ------w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
    - 2005-10-13 00:16:56 371,424 ------w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll
    + 2005-10-12 23:16:56 371,424 ------w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll
    - 2006-04-20 13:18:36 360,576 ------w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    + 2006-04-20 12:18:36 360,576 ------w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll
    - 2006-11-27 16:17:10 539,136 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
    + 2006-11-27 15:17:10 539,136 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
    - 2006-11-27 16:17:10 433,664 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
    + 2006-11-27 15:17:10 433,664 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
    - 2006-06-01 20:39:42 163,840 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
    + 2006-06-01 19:39:42 163,840 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
    - 2006-06-01 20:39:42 27,648 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
    + 2006-06-01 19:39:42 27,648 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
    - 2006-07-13 12:43:08 202,496 ------w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
    + 2006-07-13 11:43:08 202,496 ------w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
    - 2006-07-21 09:26:50 72,704 ------w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
    + 2006-07-21 08:26:50 72,704 ------w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
    - 2005-10-13 00:16:50 14,048 ------w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
    + 2005-10-12 23:16:50 14,048 ------w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
    - 2005-10-13 00:16:50 213,216 ------w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
    + 2005-10-12 23:16:50 213,216 ------w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
    - 2005-10-13 00:16:50 22,752 ------w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
    + 2005-10-12 23:16:50 22,752 ------w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
    - 2005-10-13 00:16:52 716,000 ------w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
    + 2005-10-12 23:16:52 716,000 ------w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
    - 2005-10-13 00:16:56 371,424 ------w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
    + 2005-10-12 23:16:56 371,424 ------w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
    - 2006-06-26 18:45:20 147,456 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
    + 2006-06-26 17:45:20 147,456 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
    - 2006-06-26 18:45:20 7,680 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
    + 2006-06-26 17:45:20 7,680 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
    - 2006-06-22 06:22:04 69,120 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
    + 2006-06-22 05:22:04 69,120 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
    - 2006-06-22 06:22:06 1,435,648 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
    + 2006-06-22 05:22:06 1,435,648 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
    - 2006-06-14 09:50:20 172,416 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
    + 2006-06-14 08:50:20 172,416 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
    - 2006-06-14 09:50:20 6,272 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
    + 2006-06-14 08:50:20 6,272 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
    - 2006-06-14 10:17:04 82,944 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
    + 2006-06-14 09:17:04 82,944 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
    - 2007-05-17 12:25:22 549,888 ------w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
    + 2007-05-17 11:25:22 549,888 ------w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
    - 2005-10-13 00:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
    + 2005-10-12 23:12:26 14,048 ------w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
    - 2005-10-13 00:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
    + 2005-10-12 23:12:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
    - 2005-10-13 00:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
    + 2005-10-12 23:12:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
    - 2005-10-13 00:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
    + 2005-10-12 23:12:30 716,000 ------w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
    - 2005-10-13 00:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
    + 2005-10-12 23:12:34 371,424 ------w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
    - 2006-08-21 13:26:44 16,896 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltlib.dll
    + 2006-08-21 12:26:44 16,896 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltlib.dll
    - 2006-08-21 10:43:32 23,040 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
    + 2006-08-21 09:43:32 23,040 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
    - 2006-08-21 10:43:32 128,768 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys
    + 2006-08-21 09:43:32 128,768 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolles hijakthis et surtout dis tes problemes
    0
  14. MiSSZ24 Messages postés 43 Statut Membre
     
    Mon ordi colle, je pers le bureau et la barre des taches et tout revient. Quand je suis sur internet, ya toujours une fenêtre qui souvre m'offrant a downloader un anti-virus bizarre ...

    Je recolle le rapport Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:37:11, on 2008-08-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\VMSnap3.EXE
    C:\WINDOWS\Domino.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\acc\acc.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Owner\Desktop\sanner.exe..exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BOOTSKIN.EXE" /StartupJobs
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [acc] C:\PROGRA~1\acc\acc.exe
    O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{51882884-9552-439B-99FF-2F81B62E8B2E}: NameServer = 142.169.1.16 199.84.242.22
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colles un rapport avec antivir que tu as
    0
  16. MiSSZ24 Messages postés 43 Statut Membre
     
    Voici:

    Avira AntiVir Personal
    Report file date: Monday, August 11, 2008 19:35

    Scanning for 1547103 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: ACER-1424F82190

    Version information:
    BUILD.DAT : 8.1.0.326 16933 Bytes 2008-07-11 12:57:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-07-25 15:17:08
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-07-25 15:17:08
    LUKE.DLL : 8.1.4.5 164097 Bytes 2008-07-25 15:17:08
    LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-07-25 15:17:08
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 19:27:16
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 00:45:24
    ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 2008-08-04 22:15:26
    ANTIVIR3.VDF : 7.0.5.240 229376 Bytes 2008-08-11 19:24:16
    Engineversion : 8.1.1.19
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-16 00:01:22
    AESCRIPT.DLL : 8.1.0.63 311673 Bytes 2008-08-06 22:15:22
    AESCN.DLL : 8.1.0.23 119156 Bytes 2008-07-15 21:25:00
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-28 12:20:20
    AEPACK.DLL : 8.1.2.1 364917 Bytes 2008-07-15 21:24:58
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 2008-07-25 15:17:10
    AEHEUR.DLL : 8.1.0.47 1368437 Bytes 2008-08-06 22:15:20
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-05-29 23:33:30
    AEGEN.DLL : 8.1.0.35 315764 Bytes 2008-08-06 22:15:14
    AEEMU.DLL : 8.1.0.7 430452 Bytes 2008-08-01 20:22:38
    AECORE.DLL : 8.1.1.8 172406 Bytes 2008-08-01 20:22:36
    AEBB.DLL : 8.1.0.1 53617 Bytes 2008-07-25 15:17:10
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-25 15:17:08
    AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-07-25 15:17:08
    AVREP.DLL : 8.0.0.2 98344 Bytes 2008-08-01 20:22:36
    AVREG.DLL : 8.0.0.1 33537 Bytes 2008-07-25 15:17:08
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-16 00:01:20
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-07-25 15:17:08
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-16 00:01:22
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-07-25 15:17:08
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-16 00:01:22
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-07-25 15:16:58
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-07-25 15:16:58

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, F:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: Monday, August 11, 2008 19:35

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.EXE' - '1' Module(s) have been scanned
    Scan process 'CLI.EXE' - '1' Module(s) have been scanned
    Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
    Scan process 'acc.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'WeatherEye.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned
    Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
    Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
    Scan process 'BJMyPrt.exe' - '1' Module(s) have been scanned
    Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
    Scan process 'EHMSAS.EXE' - '1' Module(s) have been scanned
    Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
    Scan process 'Domino.EXE' - '1' Module(s) have been scanned
    Scan process 'VMSnap3.EXE' - '1' Module(s) have been scanned
    Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
    Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
    Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
    Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
    Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
    Scan process 'ePresentation.exe' - '1' Module(s) have been scanned
    Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
    Scan process 'CLI.EXE' - '1' Module(s) have been scanned
    Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
    Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned
    Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
    Scan process 'ALG.EXE' - '1' Module(s) have been scanned
    Scan process 'DLLHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'eLockServ.exe' - '1' Module(s) have been scanned
    Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
    Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
    Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
    Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    67 processes with 67 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '80' files ).

    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <ACERDATA>
    Begin scan in 'F:\' <Cynthia Disc Externe>

    End of the scan: Monday, August 11, 2008 20:12
    Used time: 37:19 Minute(s)

    The scan has been done completely.

    8130 Scanning directories
    318898 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    318896 Files not concerned
    9685 Archives were scanned
    2 Warnings
    0 Notes
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour ad aware il est dépassé vire le (si tu y tiens vraiment mais au moins la version 2008)

    et mets a la place malwarebyte's antimalware et colle un rapport et vires ce qui est trouvé

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ______________
    mets a jour internet explorer ici:

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ______________

    analyse ces fichiers sur virus total et si inféctés tu les vires avec otmovit comme tu l'as déjà fait

    C:\WINDOWS\VMSnap3.EXE
    C:\WINDOWS\Domino.EXE
    C:\PROGRA~1\acc\acc.exe

    _______________

    recolles un rapport hijackthis et dis tes soucis actuels
    0
  18. MiSSZ24 Messages postés 43 Statut Membre
     
    Merci mille fois ! Je fais tout cela et je te revient avec les rapports ! Merci encore !
    0
  19. MiSSZ24 Messages postés 43 Statut Membre
     
    Malwarebytes' Anti-Malware 1.24
    Version de la base de données: 1045
    Windows 5.1.2600 Service Pack 2

    16:25:22 2008-08-12
    mbam-log-8-12-2008 (16-25-22).txt

    Type de recherche: Examen complet (C:\|D:\|F:\|)
    Eléments examinés: 131538
    Temps écoulé: 40 minute(s), 59 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 7

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP123\A0023909.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP183\A0033285.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP183\A0033286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\qoobox\Quarantine\C\WINDOWS\system32\xingiuix.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\qoobox\Quarantine\C\WINDOWS\system32\hjdzaa.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
    F:\System Volume Information\_restore{840F8D40-D2B2-4CA1-A56C-AE9B7E3B083F}\RP180\A0033115.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\n.bat (Malware.Trace) -> Quarantined and deleted successfully.

    Fichier analysé avec Virus Total:

    Fichier VMSnap3.EXE reçu le 2008.08.13 00:31:54 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/36 (0%)

    Fichier Domino.EXE reçu le 2008.08.13 00:34:58 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 1/36 (2.78%) Worm.Win32.Anilogo.i

    Fichier acc.exe reçu le 2008.08.13 06:15:54 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/35 (0%)

    RAPPORT HIJACKTHIS:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:19:52, on 2008-08-13
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\VMSnap3.EXE
    C:\WINDOWS\Domino.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\Desktop\sanner.exe..exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.us.acer.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
    O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\BOOTSKIN.EXE" /StartupJobs
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/fr/win/QuickTimeInstaller.exe
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - C:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing)
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    désactive ta resauration systeme puis redemarre ton ordi puis réactive là
    http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

    ________________

    encore des soucis???
    0
  21. pimpon
     
    il suffit de télécharger chez microsoft WindowsDefender c'est gratuit Un premier scan puis arret complte de la bécanne puis de nouveau relancer le programme en ayant soin de télécharger les mises à jour enfin supprimer le virus c'est tous simple bon courage
    0
  • 1
  • 2