j ai un virus Résolu/Fermé

Question

Bonjour,
y a t il quelqu un qui peux m aider j ai un probleme avec un virus,j ai deja commencer avec quelqu un mais plus de nouvelle mon premier sujet s intitule:"probleme avec un virus abebot".j ai fait pas mal de raport. merci d avance.

Utilisateur anonyme · Accepted Answer

Bonjour TLM,
Dis donc pat085, qu'est ce que c'est que cette histoire ?

Boulepate s'occupait de toi ic:i 
http://www.commentcamarche.net/forum/affich 5898236 probleme avec virus abebot
et il ne t'a pas laissé tombé, c'est toi qui l'as laissé tombé ! Il a juste aussi une vie en dehors de CCM.

Ensuite, tu prends contact avec moi sur un topique qui ne te concerne pas alors que tu as créer une deuxième discussion et que Tera s'occupait de toi !

Finis la discussion avec Boulepate s'il est encore d'accord : il sait très bien s'y prendre et c'est lui qui a commencer avec toi.

A semer à tout vent tu ne vas pas faire avancer plus vite ton problème car on te demande de refaire les mêmes choses et plus personne ne sait où il en est.....

La vraie discussion se trouve donc ici : http://www.commentcamarche.net/forum/affich 5898236 probleme avec virus abebot

A+++

tera · Answer

Salut :-)

Si tu pouvais me poster un rapport Hijackthis, je pourrais peut-être t'aider :-)

Tiens-moi au courant :-)

tera · Answer

Désactive toutes les protections résidentes avant de faire les manips suivantes :

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Tiens-moi au courant :-)

pat085 · Answer

merci pour ta patience voila le raport.
ComboFix 08-04-12.1 - patrick 2008-04-12 23:37:36.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.171 [GMT 2:00]
Endroit: C:\Documents and Settings\patrick\Bureau\killBagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\patrick\Application Data\addon.dat
C:\Program Files\PC-Cleaner
C:\WINDOWS\system32\mlJYPiFX.dll
C:\WINDOWS\system32\XFiPYJlm.ini
C:\WINDOWS\system32\XFiPYJlm.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_poof

((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.

2008-04-12 17:01 . 2008-04-12 17:01 10,941,618 --a------ C:\upload_moi_PATRICK-8FD2895.tar.gz
2008-04-12 16:13 . 2008-04-12 16:13 <REP> d-------- C:\VundoFix Backups
2008-04-12 15:21 . 2008-04-12 15:21 <REP> d-------- C:\_OTMoveIt
2008-04-12 13:55 . 2008-04-12 13:55 <REP> d-------- C:\Program Files\Trend Micro
2008-04-11 17:22 . 2008-04-12 13:37 <REP> d-------- C:\Program Files\Everest Poker
2008-04-10 23:38 . 2008-04-10 23:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 23:38 . 2008-04-11 00:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 23:46 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:46 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 23:17 . 2008-04-03 23:17 <REP> dr-h----- C:\Documents and Settings\patrick\Application Data\SecuROM
2008-04-03 23:17 . 2008-04-03 23:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-04-03 23:07 . 2008-04-03 23:07 <REP> d-------- C:\Program Files\Electronic Arts
2008-03-30 15:23 . 2008-04-10 21:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-30 15:23 . 2008-03-30 15:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 22:28 . 2008-03-26 22:28 <REP> d-------- C:\Documents and Settings\patrick\Application Data\Grisoft
2008-03-26 22:28 . 2008-03-26 22:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-26 22:28 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-26 22:11 . 2008-03-26 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-03-26 09:14 . 2008-03-26 09:14 <REP> d--h----- C:\Program Files\UPDATE
2008-03-24 22:51 . 2008-03-28 00:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-03-23 00:27 . 2008-03-23 00:27 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-03-21 05:36 . 2008-03-30 17:44 <REP> d-------- C:\WINDOWS\85
2008-03-17 21:00 . 2008-03-21 14:56 230,424 --a------ C:\img2-001.raw
2008-03-16 03:20 . 2008-03-16 03:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-15 07:20 . 2008-03-15 07:21 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-03-14 23:21 . 2008-03-14 23:21 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-14 23:19 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-14 23:19 . 2004-08-04 00:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-03-14 23:19 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-14 23:19 . 2004-08-04 00:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-03-14 23:13 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-14 23:13 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 20:05 --------- d-----w C:\Program Files\Java
2008-04-12 20:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-03 20:27 --------- d-----w C:\Program Files\eMule
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-26 08:15 --------- d-----w C:\Program Files\Google
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 08:21 --------- d-----w C:\Program Files\MSIDVD
2008-03-09 10:47 --------- d-----w C:\Program Files\Shareaza
2008-03-09 10:47 --------- d-----w C:\Documents and Settings\patrick\Application Data\Shareaza
2008-03-08 22:33 --------- d-----w C:\Program Files\Windows Live
2008-03-06 12:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-06 12:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-06 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 02:36 --------- d-----w C:\Program Files\Winamp
2008-02-24 15:13 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-23 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-23 03:02 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 21:44 --------- d-----w C:\Program Files\Alwil Software
2008-02-22 19:48 --------- d-----w C:\Program Files\Free
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 21:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-14 02:20 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 19:40 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-30 19:40 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-30 19:40 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F10F9C8-4C77-47C1-8618-F84CBC0D30AA}]
C:\WINDOWS\system32\rqRKCtRK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2160CFB2-0F90-4EAC-B8F2-6C379B1FAAC7}]
C:\WINDOWS\system32\mlJYPiFX.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442D878E-3235-4DE4-B28E-FD08B9C8BFD0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49F7BB51-7D16-4A51-AC0B-DC3ED4D2EFB5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2470A0E-CA06-4AE1-8283-6E88244DDA34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
C:\pat\lost\BitDownload\TorrentManager.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711821-BE11-4011-BF5D-BFFCC082119F}]
C:\WINDOWS\system32\byXQKebA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 15:15 1359872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 22:49 68856]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"xbgwdphx"="C:\WINDOWS\system32\gpmxslad.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"lymghpco"="C:\WINDOWS\system32\ydklkfkn.exe" [ ]
"qhvydueq"="C:\WINDOWS\system32\doxmbivm.exe" [ ]
"eutyjclh"="C:\WINDOWS\system32\velmnspi.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB310"="command /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingD4184"="cmd /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingB5203"="command /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingD3749"="cmd /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingB1071"="command /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingD6397"="cmd /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingB2612"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingD7065"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingB345"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]
"SpybotDeletingD1994"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]
"SpybotDeletingB6233"="command /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" [ ]
"SpybotDeletingD7107"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg" [ ]
"SpybotDeletingB1248"="command /c del C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 118784 C:\WINDOWS\system32\ptipbmf.dll]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"WMC_AutoUpdate"="" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:25 57344]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-28 19:21 155648]
"Ulead AutoDetector"="C:\Photo Explorer\Monitor.exe" [ ]
"6079979f"="C:\WINDOWS\system32\xyvprxmx.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA6571"="command /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingC1139"="cmd /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingA5268"="command /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingC7600"="cmd /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingA327"="command /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingC5295"="cmd /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingA3714"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingC8821"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingA4595"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]
"SpybotDeletingC5634"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"RV68Eh3VMk"= C:\Documents and Settings\All Users\Application Data\qjyrmhyd\gjidotgb.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-28 19:21 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Ulead AutoDetector"=C:\Photo Explorer\Monitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\jeux\\Empire\\Empires_DMW.exe"=
"C:\\jeux\\Terre du Milieu II\\game.dat"=
"C:\\jeux\\Terre du Milieu II\\EP1\\game.dat"=
"C:\\jeux\\Empire Earth\\Empire Earth.exe"=
"C:\\jeux\\Age of Empire III\\age3x.exe"=
"C:\\jeux\\Age of Empire III\\age3y.exe"=
"C:\\Documents and Settings\\patrick\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe"=
"C:\\jeux\\Empire\\Empire Earth.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-23 00:32]
S3 bfastfao;bfastfao;C:\DOCUME~1\patrick\LOCALS~1\Temp\bfastfao.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC768178-AF2F-EC53-EDF9-CF30B78CC5E3}]
C:\Program Files\UPDATE\update.exe s
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 23:38:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-12 23:39:28
ComboFix-quarantined-files.txt 2008-04-12 21:39:15
Pre-Run: 11,029,721,088 octets libres
Post-Run: 11,019,366,400 octets libres
.
2008-04-12 19:30:07 --- E O F ---

Utilisateur anonyme · Answer

Bonsoir,
A la demande de pat085 je viens en aide...
ok,
alors tu as pas mal de problèmes....
>Ouvre ce lien (merci a S!RI pour ce fix) http://siri.urz.free.fr/Fix/SmitfraudFix.php et télécharge SmitfraudFix.exe.
- Regarde le tuto
- Exécute le programme et choisi l’option 1 (et uniquement).
Le programme va générer un rapport, copie/colle le sur le forum stp. 

Après on continue.

A+

pat085 · Answer

merci encore voila le raport:
SmitFraudFix v2.312

Rapport fait à  0:32:48,63, 13/04/2008
Executé à partir de C:\Documents and Settings\patrick\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\patrick


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\patrick\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\patrick\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E59AB05A-6FEF-4485-A8AC-49CBE2B4A1E9}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E59AB05A-6FEF-4485-A8AC-49CBE2B4A1E9}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E59AB05A-6FEF-4485-A8AC-49CBE2B4A1E9}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Utilisateur anonyme · Answer

Bon,
ok,
comboxfix est déjà passé....
> Télécharge MalwareByte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- Installe le programme puis lance le stp.
NB : S'il te manque COMCTL32.OCX alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour")
- Démarre en mode sans échec (image). Si problème : tuto ici
- Lance le MalwareByte's Anti-Malware puis clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin clique sur clique "supprimer" (Si des éléments très difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- Un rapport va être généré : sauvegarde le et poste le sur forum stp.

Ensuite,
poste un nouveau HiJAckT stp.

A+

pat085 · Answer

j ai etais un peu long mais j ai merdé et j ai du le faire deux fois. voila le raport
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 619

Type de recherche: Examen complet (C:\|)
Eléments examinés: 57098
Temps écoulé: 38 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{28E47B71-06C9-4871-8D0F-A997AB2A4ED3}\RP170\A0054517.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_152142\Documents and Settings\All Users\Application Data\qjyrmhyd\gjidotgb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_152142\WINDOWS\system32\doxmbivm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_152142\WINDOWS\system32\velmnspi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_152142\WINDOWS\system32\ydklkfkn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_223108\WINDOWS\System32\gpmxslad.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04122008_223108\WINDOWS\System32\jkkJcbXp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

voila le raport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:28:10, on 13/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\vVX1000.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0F10F9C8-4C77-47C1-8618-F84CBC0D30AA} - C:\WINDOWS\system32\rqRKCtRK.dll (file missing)
O2 - BHO: (no name) - {442D878E-3235-4DE4-B28E-FD08B9C8BFD0} - (no file)
O2 - BHO: (no name) - {49F7BB51-7D16-4A51-AC0B-DC3ED4D2EFB5} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {C2470A0E-CA06-4AE1-8283-6E88244DDA34} - (no file)
O2 - BHO: BitDownload BHO - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\pat\lost\BitDownload\TorrentManager.dll (file missing)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O2 - BHO: (no name) - {F6711821-BE11-4011-BF5D-BFFCC082119F} - C:\WINDOWS\system32\byXQKebA.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {273127BD-6681-45C8-A0FB-205BE4AEFBF8} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Photo Explorer\Monitor.exe
O4 - HKLM\..\Run: [6079979f] rundll32.exe "C:\WINDOWS\system32\xyvprxmx.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6571] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1139] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5268] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7600] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA327] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5295] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3714] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8821] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4595] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5634] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xbgwdphx] C:\WINDOWS\system32\gpmxslad.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [lymghpco] C:\WINDOWS\system32\ydklkfkn.exe
O4 - HKCU\..\Run: [qhvydueq] C:\WINDOWS\system32\doxmbivm.exe
O4 - HKCU\..\Run: [eutyjclh] C:\WINDOWS\system32\velmnspi.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB310] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4184] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5203] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3749] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1071] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6397] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2612] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7065] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB345] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1994] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6233] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7107] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1248] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\Policies\Explorer\Run: [RV68Eh3VMk] C:\Documents and Settings\All Users\Application Data\qjyrmhyd\gjidotgb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Utilisateur anonyme · Answer

Re,
ok,
très bien,
alors on continue..
Tu es bourré d'infections.. Mais pas de panique !

Alors,
> Télécharge et installe Ccleaner :
- Fais les mises à jour puis ferme le programme.
Si besoin est tu trouveras des Tutoriaux : ici, ici et là.

> Télécharge Clean (de Malekal Morte) (différent de Ccleaner)

> Télécharge SDFix (de AndyManchesta) sur ton bureau :
- Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix. Ferme ensuite le programme.

> Commence par faire un copier/coller de ce poste (cette manip.): (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec : (image). Si problème : tuto ici

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

> Pour Clean (encore en mode sans échec) :
- Double-clic sur clean.cmd
- Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt)
NB : Si besoin : Tuto

> Pour SDFix (toujours en mode sans échec) :
- Vas dans c:/SDFix et double-clique sur RunThis.bat
- Appuie sur < Y > puis < Entrée >....Le nettoyage commence....patience...
- Le programme va te demander de relancer le PC, frappe une touche...
- Le nettoyage se termine...un rapport apparait...
-Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

> Relance ton PC en mode normal

> Relance un combofix stp puis poste le rapport.

Ensuite,
> Relance Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie moi, par collier/coller, ton log Hijackthis stp,

Bon courage,

:)

NB : N'oublie pas de poster TOUS les rapports stp (Clean (différent de Ccleaner), SDFix, combofix puis HiJAckT).

A+

pat085 · Answer

bon voila le raport de combofix
ComboFix 08-04-12.1 - patrick 2008-04-13 3:58:13.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.165 [GMT 2:00]
Endroit: C:\Documents and Settings\patrick\Bureau\killBagle.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-03-13 to 2008-04-13 ))))))))))))))))))))))))))))))))))))
.

2008-04-13 03:31 . 2008-04-13 03:31 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-13 02:49 . 2008-04-13 02:49 <REP> d-------- C:\Program Files\clean
2008-04-13 00:45 . 2008-04-13 00:45 <REP> d-------- C:\Documents and Settings\patrick\Application Data\Malwarebytes
2008-04-13 00:45 . 2008-04-13 00:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-13 00:44 . 2008-04-13 00:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-13 00:32 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-13 00:32 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-13 00:32 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-13 00:32 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-13 00:32 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-13 00:32 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-13 00:32 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-13 00:32 . 2008-04-13 00:32 2,708 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-12 17:01 . 2008-04-12 17:01 10,941,618 --a------ C:\upload_moi_PATRICK-8FD2895.tar.gz
2008-04-12 16:13 . 2008-04-12 16:13 <REP> d-------- C:\VundoFix Backups
2008-04-12 15:21 . 2008-04-12 15:21 <REP> d-------- C:\_OTMoveIt
2008-04-12 13:55 . 2008-04-12 13:55 <REP> d-------- C:\Program Files\Trend Micro
2008-04-10 23:38 . 2008-04-10 23:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 23:38 . 2008-04-11 00:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-03 23:46 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 23:46 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-03 23:17 . 2008-04-03 23:17 <REP> dr-h----- C:\Documents and Settings\patrick\Application Data\SecuROM
2008-04-03 23:17 . 2008-04-03 23:17 98,304 --a------ C:\WINDOWS\system32CmdLineExt.dll
2008-04-03 23:07 . 2008-04-03 23:07 <REP> d-------- C:\Program Files\Electronic Arts
2008-03-30 15:23 . 2008-04-10 21:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-30 15:23 . 2008-03-30 15:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-26 22:28 . 2008-03-26 22:28 <REP> d-------- C:\Documents and Settings\patrick\Application Data\Grisoft
2008-03-26 22:28 . 2008-03-26 22:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-26 22:28 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-26 22:11 . 2008-03-26 22:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-03-26 09:14 . 2008-03-26 09:14 <REP> d--h----- C:\Program Files\UPDATE
2008-03-24 22:51 . 2008-03-28 00:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Frag great bend logo
2008-03-23 00:27 . 2008-03-23 00:27 39,424 --a------ C:\WINDOWS\zipinst.exe
2008-03-21 05:36 . 2008-03-30 17:44 <REP> d-------- C:\WINDOWS\85
2008-03-17 21:00 . 2008-03-21 14:56 230,424 --a------ C:\img2-001.raw
2008-03-16 03:20 . 2008-03-16 03:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-15 07:20 . 2008-03-15 07:21 <REP> d-------- C:\Program Files\Microsoft LifeCam
2008-03-14 23:21 . 2008-03-14 23:21 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
2008-03-14 23:19 . 2004-08-04 00:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2008-03-14 23:19 . 2004-08-04 00:10 85,376 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-03-14 23:19 . 2004-08-04 00:10 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2008-03-14 23:19 . 2004-08-04 00:10 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-03-14 23:13 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-14 23:13 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 20:05 --------- d-----w C:\Program Files\Java
2008-04-12 20:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-03 20:27 --------- d-----w C:\Program Files\eMule
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-26 08:15 --------- d-----w C:\Program Files\Google
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 08:21 --------- d-----w C:\Program Files\MSIDVD
2008-03-09 10:47 --------- d-----w C:\Program Files\Shareaza
2008-03-09 10:47 --------- d-----w C:\Documents and Settings\patrick\Application Data\Shareaza
2008-03-08 22:33 --------- d-----w C:\Program Files\Windows Live
2008-03-06 12:58 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-06 12:54 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-06 12:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-28 02:36 --------- d-----w C:\Program Files\Winamp
2008-02-24 15:13 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-02-23 12:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-02-23 03:02 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-22 21:44 --------- d-----w C:\Program Files\Alwil Software
2008-02-22 19:48 --------- d-----w C:\Program Files\Free
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-19 21:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-14 02:20 --------- d-----w C:\Program Files\Lexmark 1200 Series
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-30 19:40 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-30 19:40 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-30 19:40 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-12_23.39.05.86 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-13 01:37:17 7,221,248 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-13 01:37:17 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-12 17:16:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-13 01:31:20 7,221,248 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-04-13 01:31:20 172,032 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-04-13 01:44:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F10F9C8-4C77-47C1-8618-F84CBC0D30AA}]
C:\WINDOWS\system32\rqRKCtRK.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442D878E-3235-4DE4-B28E-FD08B9C8BFD0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{49F7BB51-7D16-4A51-AC0B-DC3ED4D2EFB5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2470A0E-CA06-4AE1-8283-6E88244DDA34}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D5792AA9-D373-4039-8670-2CDAB6A71F15}]
C:\pat\lost\BitDownload\TorrentManager.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711821-BE11-4011-BF5D-BFFCC082119F}]
C:\WINDOWS\system32\byXQKebA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 15:15 1359872]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-26 22:49 68856]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"xbgwdphx"="C:\WINDOWS\system32\gpmxslad.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"lymghpco"="C:\WINDOWS\system32\ydklkfkn.exe" [ ]
"qhvydueq"="C:\WINDOWS\system32\doxmbivm.exe" [ ]
"eutyjclh"="C:\WINDOWS\system32\velmnspi.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 09:06 118784 C:\WINDOWS\system32\ptipbmf.dll]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12 90112]
"WMC_AutoUpdate"="" []
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:25 57344]
"WinampAgent"="C:\Program Files\Winamp\Winampa.exe" [2003-04-02 04:20 12288]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 23:45 279912]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-28 19:21 155648]
"Ulead AutoDetector"="C:\Photo Explorer\Monitor.exe" [ ]
"6079979f"="C:\WINDOWS\system32\xyvprxmx.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA6571"="command /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingC1139"="cmd /c del C:\Program Files\Everest Poker\casino.exe" [ ]
"SpybotDeletingA5268"="command /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingC7600"="cmd /c del C:\Program Files\Everest Poker\gvcrt.dll" [ ]
"SpybotDeletingA327"="command /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingC5295"="cmd /c del C:\Program Files\Everest Poker\gvmain.exe" [ ]
"SpybotDeletingA3714"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingC8821"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt" [ ]
"SpybotDeletingA4595"="command /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]
"SpybotDeletingC5634"="cmd /c del C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-12-28 19:21 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Ulead AutoDetector"=C:\Photo Explorer\Monitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\jeux\\Empire\\Empires_DMW.exe"=
"C:\\jeux\\Terre du Milieu II\\game.dat"=
"C:\\jeux\\Terre du Milieu II\\EP1\\game.dat"=
"C:\\jeux\\Empire Earth\\Empire Earth.exe"=
"C:\\jeux\\Age of Empire III\\age3x.exe"=
"C:\\jeux\\Age of Empire III\\age3y.exe"=
"C:\\Documents and Settings\\patrick\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe"=
"C:\\jeux\\Empire\\Empire Earth.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 23:45]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 23:46]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-12-23 00:32]
S3 bfastfao;bfastfao;C:\DOCUME~1\patrick\LOCALS~1\Temp\bfastfao.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{FC768178-AF2F-EC53-EDF9-CF30B78CC5E3}]
C:\Program Files\UPDATE\update.exe s
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 03:59:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-13 4:00:16
ComboFix-quarantined-files.txt 2008-04-13 02:00:10
ComboFix2.txt 2008-04-12 21:39:29
Pre-Run: 10,940,772,352 octets libres
Post-Run: 10,929,254,400 octets libres
.
2008-04-12 19:30:07 --- E O F ---

le raport de clean
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 13/04/2008 a 3:24:37,17

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

le raport de SDFix

[b]SDFix: Version 1.170 [/b]
Run by patrick on 13/04/2008 at 03:39

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\patrick\Bureau\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

No Trojan Files Found

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 03:45:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,8b,7f,8f,2c,88,ae,09,50,77,a8,e5,00,71,c5,4a,e1,b3,..
"ljej40"=hex:49,d1,de,89,c8,f4,f3,74,76,99,5d,95,27,d8,8d,9a,85,9e,1f,59,c9,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
"ujdew"=hex:20,02,00,00,8b,7f,8f,2c,e8,58,52,fe,77,a8,e5,00,71,c5,4a,e1,b3,..
"ljej40"=hex:49,d1,de,89,c8,f4,f3,74,76,99,5d,95,27,d8,8d,9a,85,9e,1f,59,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg42]
"ujdew"=hex:20,02,00,00,cd,ff,51,18,65,5d,11,a5,64,6f,e1,b1,f7,6b,35,e2,5e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg43]
"ujdew"=hex:20,02,00,00,f3,fe,51,18,37,5c,f2,bc,9e,39,9c,cd,29,d1,82,d5,d8,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\jeux\\Empire\\Empires_DMW.exe"="C:\\jeux\\Empire\\Empires_DMW.exe:*:Disabled:Empires_DMW"
"C:\\jeux\\Terre du Milieu II\\game.dat"="C:\\jeux\\Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"
"C:\\jeux\\Terre du Milieu II\\EP1\\game.dat"="C:\\jeux\\Terre du Milieu II\\EP1\\game.dat:*:Enabled:LSDA, L'AvŠnement du Roi-sorcierT"
"C:\\jeux\\Empire Earth\\Empire Earth.exe"="C:\\jeux\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\jeux\\Age of Empire III\\age3x.exe"="C:\\jeux\\Age of Empire III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs"
"C:\\jeux\\Age of Empire III\\age3y.exe"="C:\\jeux\\Age of Empire III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties"
"C:\\Documents and Settings\\patrick\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe"="C:\\Documents and Settings\\patrick\\Local Settings\\Temp\\java_ee_sdk-5_01-windows.exe2\\package\\jre\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\jeux\\Empire\\Empire Earth.exe"="C:\\jeux\\Empire\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\patrick\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 27 May 2005 10,752 A..H. --- "C:\WINDOWS\hh.exe"
Thu 19 Aug 2004 70,656 A..H. --- "C:\WINDOWS\NOTEPAD.EXE"
Thu 19 Aug 2004 153,088 A..H. --- "C:\WINDOWS\regedit.exe"
Thu 19 Aug 2004 1,013,912 A..H. --- "C:\WINDOWS\SET3.tmp"
Thu 19 Aug 2004 1,086,058 A..H. --- "C:\WINDOWS\SET4.tmp"
Thu 19 Aug 2004 14,043 A..H. --- "C:\WINDOWS\SET8.tmp"
Thu 8 Jan 2004 65,536 A..H. --- "C:\WINDOWS\SOUNDMAN.EXE"
Fri 30 Aug 2002 15,872 A..H. --- "C:\WINDOWS\TASKMAN.EXE"
Fri 30 Aug 2002 94,864 A..H. --- "C:\WINDOWS\twain.dll"
Thu 19 Aug 2004 50,688 A..H. --- "C:\WINDOWS\twain_32.dll"
Fri 30 Aug 2002 49,680 A..H. --- "C:\WINDOWS\twunk_16.exe"
Fri 30 Aug 2002 25,600 A..H. --- "C:\WINDOWS\twunk_32.exe"
Fri 30 Aug 2002 18,944 A..H. --- "C:\WINDOWS\vmmreg32.dll"
Fri 30 Aug 2002 256,768 A..H. --- "C:\WINDOWS\winhelp.exe"
Thu 19 Aug 2004 288,256 A..H. --- "C:\WINDOWS\winhlp32.exe"
Fri 30 Aug 2002 707 A..H. --- "C:\WINDOWS\_default.pif"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 19 Aug 2004 1,852,416 A..H. --- "C:\WINDOWS\AppPatch\AcGenral.dll"
Thu 19 Aug 2004 450,048 A..H. --- "C:\WINDOWS\AppPatch\AcLayers.dll"
Thu 19 Aug 2004 137,728 A..H. --- "C:\WINDOWS\AppPatch\AcLua.dll"
Thu 19 Aug 2004 244,736 A..H. --- "C:\WINDOWS\AppPatch\AcSpecfc.dll"
Thu 19 Aug 2004 116,224 A..H. --- "C:\WINDOWS\AppPatch\AcXtrnal.dll"
Thu 19 Aug 2004 28,672 A..H. --- "C:\WINDOWS\ehome\custsat.dll"
Fri 30 Aug 2002 152,576 A..H. --- "C:\WINDOWS\Help\bnts.dll"
Thu 19 Aug 2004 34,816 A..H. --- "C:\WINDOWS\Help\sniffpol.dll"
Thu 19 Aug 2004 33,280 A..H. --- "C:\WINDOWS\Help\sstub.dll"
Thu 19 Aug 2004 279,040 A..H. --- "C:\WINDOWS\Help\tshoot.dll"
Thu 19 Aug 2004 220,160 A..H. --- "C:\WINDOWS\ime\mscandui.dll"
Thu 19 Aug 2004 130,048 A..H. --- "C:\WINDOWS\ime\SOFTKBD.DLL"
Thu 19 Aug 2004 62,976 A..H. --- "C:\WINDOWS\ime\SPGRMR.dll"
Thu 19 Aug 2004 272,384 A..H. --- "C:\WINDOWS\ime\SPTIP.dll"
Sun 24 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 14 Oct 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll"
Thu 14 Oct 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe"
Thu 14 Oct 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll"
Thu 14 Oct 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe"
Thu 14 Oct 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll"
Thu 14 Oct 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe"
Thu 14 Oct 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll"
Thu 14 Oct 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe"
Thu 14 Oct 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll"
Thu 14 Oct 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe"
Tue 30 Nov 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll"
Tue 30 Nov 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe"
Tue 30 Nov 2004 8,192 A..H. --- "C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll"
Tue 30 Nov 2004 172,032 A..H. --- "C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe"
Fri 25 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll"
Fri 25 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe"
Fri 25 Feb 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe"
Fri 25 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll"
Fri 25 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe"
Thu 24 Feb 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll"
Thu 24 Feb 2005 213,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB910437\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB912919\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB917422\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB921398\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB921398\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB922582\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB922616\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB922616\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB923694\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB923694\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB924191\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB924191\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB925454\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB925454\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB925486\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB925486\spuninst.exe"
Thu 13 Oct 2005 15,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll"
Thu 13 Oct 2005 216,800 A..H. --- "C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe"
Thu 14 Oct 2004 172,032 ...H. --- "C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe"
Fri 25 Feb 2005 213,216 ...H. --- "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Fri 25 Feb 2005 395,488 ...H. --- "C:\WINDOWS\$NtUninstallKB898461$\spuninst\updspapi.dll"
Wed 15 Feb 2006 142,464 ...H. --- "C:\WINDOWS\Driver Cache\i386\aec.sys"
Fri 17 Mar 2006 262,784 ...H. --- "C:\WINDOWS\Driver Cache\i386\http.sys"
Wed 14 Jun 2006 172,416 ...H. --- "C:\WINDOWS\Driver Cache\i386\kmixer.sys"
Fri 5 May 2006 453,120 ...H. --- "C:\WINDOWS\Driver Cache\i386\mrxsmb.sys"
Wed 28 Feb 2007 2,138,112 ...H. --- "C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe"
Wed 28 Feb 2007 2,059,648 ...H. --- "C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe"
Wed 28 Feb 2007 2,017,792 ...H. --- "C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe"
Wed 28 Feb 2007 2,182,400 ...H. --- "C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe"
Wed 14 Jun 2006 6,400 ...H. --- "C:\WINDOWS\Driver Cache\i386\splitter.sys"
Wed 14 Jun 2006 82,944 ...H. --- "C:\WINDOWS\Driver Cache\i386\wdmaud.sys"
Sun 23 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 17 Nov 2004 354,304 A..H. --- "C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll"
Thu 14 Oct 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll"
Thu 14 Oct 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB873339\update\update.exe"
Thu 28 Oct 2004 728,576 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll"
Thu 28 Oct 2004 448,128 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys"
Thu 28 Oct 2004 174,592 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys"
Thu 14 Oct 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll"
Thu 14 Oct 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB885835\update\update.exe"
Thu 14 Oct 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll"
Thu 14 Oct 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB885836\update\update.exe"
Thu 30 Sep 2004 134,912 A..H. --- "C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys"
Thu 14 Oct 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll"
Thu 14 Oct 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB886185\update\update.exe"
Wed 13 Oct 2004 1,694,208 A..H. --- "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
Thu 14 Oct 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll"
Thu 14 Oct 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB887472\update\update.exe"
Tue 7 Dec 2004 96,768 A..H. --- "C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll"
Tue 30 Nov 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll"
Tue 30 Nov 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB888302\update\update.exe"
Wed 2 Mar 2005 62,464 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll"
Wed 2 Mar 2005 2,137,600 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe"
Wed 2 Mar 2005 2,059,008 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe"
Wed 2 Mar 2005 2,017,280 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe"
Wed 2 Mar 2005 2,181,632 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe"
Wed 2 Mar 2005 578,048 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll"
Wed 2 Mar 2005 1,836,416 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys"
Wed 2 Mar 2005 291,840 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll"
Tue 30 Nov 2004 21,504 A..H. --- "C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll"
Tue 30 Nov 2004 666,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB891781\update\update.exe"
Fri 8 Jul 2005 249,344 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll"
Thu 7 Jul 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll"
Fri 27 May 2005 10,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe"
Fri 27 May 2005 41,472 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll"
Fri 27 May 2005 155,136 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll"
Fri 27 May 2005 137,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll"
Sat 11 Jun 2005 57,856 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe"
Wed 29 Jun 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll"
Thu 6 Oct 2005 280,064 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll"
Thu 6 Oct 2005 1,839,616 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys"
Wed 5 Oct 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB896424\update\updspapi.dll"
Wed 11 May 2005 78,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB896428\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll"
Fri 25 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll"
Fri 25 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB898461\update\update.exe"
Fri 25 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll"
Wed 15 Jun 2005 297,984 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll"
Wed 29 Jun 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll"
Fri 10 Jun 2005 139,528 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys"
Wed 29 Jun 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll"
Wed 15 Feb 2006 142,464 A..H. --- "C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB900485\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll"
Thu 1 Sep 2005 19,968 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll"
Fri 23 Sep 2005 8,508,928 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll"
Sat 3 Sep 2005 474,624 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll"
Tue 27 Sep 2005 23,552 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\spru040c.dll"
Thu 1 Sep 2005 292,352 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll"
Mon 26 Sep 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll"
Sat 10 Sep 2005 2,068,480 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll"
Fri 9 Sep 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll"
Wed 29 Jun 2005 254,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll"
Wed 29 Jun 2005 73,728 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll"
Tue 26 Jul 2005 225,792 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll"
Tue 26 Jul 2005 625,152 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll"
Tue 26 Jul 2005 110,080 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll"
Tue 26 Jul 2005 498,688 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll"
Tue 26 Jul 2005 60,416 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll"
Tue 26 Jul 2005 195,072 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll"
Tue 26 Jul 2005 97,792 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll"
Tue 26 Jul 2005 1,267,200 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll"
Tue 26 Jul 2005 540,160 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll"
Tue 26 Jul 2005 243,200 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll"
Tue 26 Jul 2005 8,704 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe"
Tue 26 Jul 2005 425,472 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll"
Tue 26 Jul 2005 945,152 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll"
Tue 26 Jul 2005 161,280 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll"
Tue 26 Jul 2005 66,560 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll"
Tue 26 Jul 2005 91,136 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll"
Tue 26 Jul 2005 1,285,632 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll"
Tue 26 Jul 2005 75,264 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll"
Tue 26 Jul 2005 37,376 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll"
Tue 26 Jul 2005 398,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll"
Tue 26 Jul 2005 101,376 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll"
Tue 26 Jul 2005 11,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll"
Mon 25 Jul 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll"
Tue 30 Aug 2005 1,293,824 A..H. --- "C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB904706\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll"
Mon 22 Aug 2005 197,632 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll"
Sat 20 Aug 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe"
Fri 25 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll"
Fri 25 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\update\update.exe"
Fri 25 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll"
Tue 23 Aug 2005 124,928 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll"
Mon 22 Aug 2005 30,720 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe"
Thu 24 Feb 2005 22,240 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll"
Thu 24 Feb 2005 730,336 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\update\update.exe"
Thu 24 Feb 2005 395,488 A..H. --- "C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll"
Mon 17 Oct 2005 80,896 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll"
Mon 17 Oct 2005 117,760 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll"
Fri 17 Mar 2006 8,510,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll"
Wed 22 Mar 2006 25,088 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\spru040c.dll"
Fri 17 Mar 2006 28,672 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll"
Fri 21 Oct 2005 1,097,728 A..H. --- "C:\WINDOWS\$hf_mig$\KB910437\SP2QFE\esent.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB910437\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB910437\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB910437\update\updspapi.dll"
Thu 22 Jun 2006 180,736 A..H. --- "C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB911280\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll"
Thu 23 Mar 2006 143,360 A..H. --- "C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB911562\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll"
Wed 4 Jan 2006 68,096 A..H. --- "C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB911927\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll"
Thu 29 Dec 2005 280,064 A..H. --- "C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB912919\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB912919\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB912919\update\updspapi.dll"
Wed 1 Mar 2006 426,496 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll"
Wed 1 Mar 2006 956,416 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll"
Wed 1 Mar 2006 161,280 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll"
Wed 1 Mar 2006 66,560 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll"
Wed 1 Mar 2006 91,136 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll"
Wed 1 Mar 2006 11,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll"
Fri 19 May 2006 112,640 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll"
Fri 19 May 2006 147,456 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll"
Fri 19 May 2006 95,744 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll"
Fri 5 May 2006 454,400 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys"
Fri 5 May 2006 174,592 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll"
Fri 17 Mar 2006 262,656 A..H. --- "C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB916595\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll"
Thu 18 May 2006 450,560 A..H. --- "C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB917344\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll"
Wed 5 Jul 2006 1,050,112 A..H. --- "C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB917422\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB917422\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB917422\update\updspapi.dll"
Thu 20 Apr 2006 360,576 A..H. --- "C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB917953\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll"
Thu 1 Jun 2006 163,840 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll"
Thu 1 Jun 2006 27,648 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll"
Thu 13 Jul 2006 202,496 A..H. --- "C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB919007\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll"
Thu 12 Oct 2006 42,496 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll"
Thu 12 Oct 2006 57,344 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll"
Thu 12 Oct 2006 256,512 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe"
Mon 16 Oct 2006 265,216 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\spru040c.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll"
Fri 21 Jul 2006 72,704 A..H. --- "C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB920670\update\update.exe"
Thu 13 Oct 2005 394,976 A..H. --- "C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll"
Mon 26 Jun 2006 147,456 A..H. --- "C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll"
Mon 26 Jun 2006 7,680 A..H. --- "C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll"
Thu 13 Oct 2005 22,752 A..H. --- "C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll"
Thu 13 Oct 2005 727,776 A..H. --- "C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

pat085 · Answer

je pense que tu as ete te coucher je te souhaite une bonne nuit et je regarderai ta reponse en fin de matinée.Salut et a tout a l heure.merci encore.

^^Marie^^ · Answer

**DOUBLON**
http://www.commentcamarche.net/forum/affich 5898236 probleme avec virus abebot

pat085 · Answer

Boulepate62, DllD et tera ,je tiens a m'excuser mais je ne savait pas que je ne pouvais pas avoir plusieur interlocuteur.Comme je vous les dit je suis un novice sur ce forum et en informatique.Je ne pensais pas mal ,je voulais juste essayer de regler mon probléme.Merci a vous trois de m avoir aider mais je ne sais pas si mon probéme est résolu.Je pense que j ai compris la leçon.Merci encore.

Utilisateur anonyme · Answer

C'est pas bien grave....
Reprends juste contact avec Boulepate et poste lui un nouveau rapport HiJackT pour qu'il sache ou vous en êtes.

Bon courage.

Salutation Tera ;)

pat085 · Answer

salut DllD tu ne serai pas ou je pourrai contacter Boulepate62.merci encore et excuse

J ai un virus

15 réponses

Discussions similaires

Newsletters