

Belladonna
Membres-
Compteur de contenus
9 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Belladonna
-
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
A l'aide Wong mon passé a sauté depuis l'autrefois et il bug moin depuis ce soir, je ne pouvais même plus me connecter, s'il vous plait aidez moi, ma vitesse internet a été divisé, mon pc s'allume une fois sur 10 !!! -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
Bonjour, Voila mister WONG (Merci beaucoup !): Lors du pemier scan hijack il n'y avait pas ces ligne: O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Active peak.exe O4 - HKCU\..\Run: [Axis1] C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe Je n'ai pas compris ou trouver les dernières données a supprimer manuellement car le dossier C:\DOCUME~1 n'existait pas ni BAGSMA~1 d'ailleur : C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe <== ce fichier en rouge C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1 <== ce dossier en rouge J'ai été (au cas ou) dans C:\Documents and Settings\georges\Application Data\BagsMapiTitle\ Et je n'est trouver que ces fichiers: date64drive.exe & un fichier système "0" que je n'ai pas effacer. Voici le dernier scan : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:12:53, on 09/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\MsiExec.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\georges\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600" O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Active peak.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Axis1] C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe O4 - HKCU\..\Run: [safeStrip] C:\Program Files\SafeStrip\SafeStrip.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6251f33bb590477681317e69556d1538 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6251f33bb590477681317e69556d1538 O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165081178328 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 9597 bytes -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
Pardonne moi WONG met tu ne m'as pas developpé cette partie et je ne sait pas comment commencer : 1°) Désactive le TeaTimer de Spybot-S&D Merci encore pour ta pécision et ta rapidité. -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
Merci Beaucoup ! -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
Voila : Le volume dans le lecteur C s'appelle Disque local Le num‚ro de s‚rie du volume est 08DD-1CAB R‚pertoire de C:\WINDOWS\tasks 04/10/2007 02:48 <REP> . 04/10/2007 02:48 <REP> .. 05/10/2007 17:00 270 AA7B7A209188EEFC.job 07/09/2002 01:00 65 desktop.ini 05/10/2007 15:00 412 Norton Security Scan.job 05/10/2007 15:51 6 SA.DAT 05/10/2007 16:15 258 V‚rifier les mises … jour de Windows Live Toolbar.job 5 fichier(s) 1ÿ011 octets R‚pertoire de C:\Downloads -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
Re WONG, Apres avoir respecter tes consignes voila ce que j'obtiens: (Pardon pour le delai de reponse, travail oblige ! Merci encore !) AntiVir PersonalEdition Classic Report file date: vendredi 5 octobre 2007 15:20 Scanning for 866476 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: georges Computer name: GEORGES-ERIC Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 00:24:29 ANTIVIR3.VDF : 7.0.0.55 121344 Bytes 05/10/2007 12:33:32 AVEWIN32.DLL : 7.6.0.20 2753024 Bytes 05/10/2007 12:33:32 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 5 octobre 2007 15:20 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '35' files ). Starting the file scan: Begin scan in 'C:\' <Disque local> C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\alcrmv.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47693c1b.qua'! C:\WINDOWS\alcupd.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c29c8c.qua'! C:\WINDOWS\IsUninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '475b3c22.qua'! C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c21.qua'! C:\WINDOWS\$hf_mig$\KB886185\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c22.qua'! C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47733c25.qua'! C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c23.qua'! C:\WINDOWS\$hf_mig$\KB893756\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c23.qua'! C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c24.qua'! C:\WINDOWS\$hf_mig$\KB894391\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c24.qua'! C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c25.qua'! C:\WINDOWS\$hf_mig$\KB896358\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c25.qua'! C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c26.qua'! C:\WINDOWS\$hf_mig$\KB896423\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c26.qua'! C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c27.qua'! C:\WINDOWS\$hf_mig$\KB896424\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c27.qua'! C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69788.qua'! C:\WINDOWS\$hf_mig$\KB896428\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c28.qua'! C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c28.qua'! C:\WINDOWS\$hf_mig$\KB898461\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d01.qua'! C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c29.qua'! C:\WINDOWS\$hf_mig$\KB899587\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c29.qua'! C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c2a.qua'! C:\WINDOWS\$hf_mig$\KB899591\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c2a.qua'! C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c2b.qua'! C:\WINDOWS\$hf_mig$\KB900485\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c2b.qua'! C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6978c.qua'! C:\WINDOWS\$hf_mig$\KB900725\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c2c.qua'! C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c2c.qua'! C:\WINDOWS\$hf_mig$\KB901017\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c2d.qua'! C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c2d.qua'! C:\WINDOWS\$hf_mig$\KB901214\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c2e.qua'! C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c2e.qua'! C:\WINDOWS\$hf_mig$\KB902400\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c2f.qua'! C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c30.qua'! C:\WINDOWS\$hf_mig$\KB904706\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c30.qua'! C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69791.qua'! C:\WINDOWS\$hf_mig$\KB905414\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c31.qua'! C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c31.qua'! C:\WINDOWS\$hf_mig$\KB905749\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c32.qua'! C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c32.qua'! C:\WINDOWS\$hf_mig$\KB908519\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c33.qua'! C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c33.qua'! C:\WINDOWS\$hf_mig$\KB908531\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c34.qua'! C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c34.qua'! C:\WINDOWS\$hf_mig$\KB910437\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d1d.qua'! C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c35.qua'! C:\WINDOWS\$hf_mig$\KB911280\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c35.qua'! C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c36.qua'! C:\WINDOWS\$hf_mig$\KB911562\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c36.qua'! C:\WINDOWS\$hf_mig$\KB911567\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69797.qua'! C:\WINDOWS\$hf_mig$\KB911567\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c37.qua'! C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c38.qua'! C:\WINDOWS\$hf_mig$\KB911927\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c38.qua'! C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69799.qua'! C:\WINDOWS\$hf_mig$\KB912919\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c39.qua'! C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c39.qua'! C:\WINDOWS\$hf_mig$\KB913580\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c3a.qua'! C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c3a.qua'! C:\WINDOWS\$hf_mig$\KB914388\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c3b.qua'! C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c3b.qua'! C:\WINDOWS\$hf_mig$\KB914389\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c3c.qua'! C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c3c.qua'! C:\WINDOWS\$hf_mig$\KB916595\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c3d.qua'! C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c3d.qua'! C:\WINDOWS\$hf_mig$\KB917344\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d16.qua'! C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c3e.qua'! C:\WINDOWS\$hf_mig$\KB917422\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c3e.qua'! C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c3f.qua'! C:\WINDOWS\$hf_mig$\KB917953\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c3f.qua'! C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697e0.qua'! C:\WINDOWS\$hf_mig$\KB918118\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c40.qua'! C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c40.qua'! C:\WINDOWS\$hf_mig$\KB918439\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c41.qua'! C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c41.qua'! C:\WINDOWS\$hf_mig$\KB919007\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c42.qua'! C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c42.qua'! C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476b3c39.qua'! C:\WINDOWS\$hf_mig$\KB920213\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c43.qua'! C:\WINDOWS\$hf_mig$\KB920214\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c43.qua'! C:\WINDOWS\$hf_mig$\KB920214\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c44.qua'! C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c44.qua'! C:\WINDOWS\$hf_mig$\KB920670\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c45.qua'! C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c45.qua'! C:\WINDOWS\$hf_mig$\KB920683\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d6e.qua'! C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c46.qua'! C:\WINDOWS\$hf_mig$\KB920685\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c46.qua'! C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c47.qua'! C:\WINDOWS\$hf_mig$\KB920872\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c47.qua'! C:\WINDOWS\$hf_mig$\KB921398\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c48.qua'! C:\WINDOWS\$hf_mig$\KB921398\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c48.qua'! C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c49.qua'! C:\WINDOWS\$hf_mig$\KB922582\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c49.qua'! C:\WINDOWS\$hf_mig$\KB922616\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c4a.qua'! C:\WINDOWS\$hf_mig$\KB922616\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c4a.qua'! C:\WINDOWS\$hf_mig$\KB922760\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c4b.qua'! C:\WINDOWS\$hf_mig$\KB922760\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c4c.qua'! C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c4c.qua'! C:\WINDOWS\$hf_mig$\KB922819\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c4d.qua'! C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c4d.qua'! C:\WINDOWS\$hf_mig$\KB923414\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c4e.qua'! C:\WINDOWS\$hf_mig$\KB923694\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c4e.qua'! C:\WINDOWS\$hf_mig$\KB923694\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c4f.qua'! C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c4f.qua'! C:\WINDOWS\$hf_mig$\KB923980\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c50.qua'! C:\WINDOWS\$hf_mig$\KB924191\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c50.qua'! C:\WINDOWS\$hf_mig$\KB924191\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d79.qua'! C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c51.qua'! C:\WINDOWS\$hf_mig$\KB924270\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c51.qua'! C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c52.qua'! C:\WINDOWS\$hf_mig$\KB924496\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c52.qua'! C:\WINDOWS\$hf_mig$\KB925454\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c53.qua'! C:\WINDOWS\$hf_mig$\KB925454\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c54.qua'! C:\WINDOWS\$hf_mig$\KB925486\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c54.qua'! C:\WINDOWS\$hf_mig$\KB925486\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c55.qua'! C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c55.qua'! C:\WINDOWS\$hf_mig$\KB925902\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d7e.qua'! C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c56.qua'! C:\WINDOWS\$hf_mig$\KB926255\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c56.qua'! C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c57.qua'! C:\WINDOWS\$hf_mig$\KB926436\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c57.qua'! C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c58.qua'! C:\WINDOWS\$hf_mig$\KB927779\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c58.qua'! C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c59.qua'! C:\WINDOWS\$hf_mig$\KB927802\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c59.qua'! C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c5a.qua'! C:\WINDOWS\$hf_mig$\KB927891\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c5a.qua'! C:\WINDOWS\$hf_mig$\KB928090\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c5b.qua'! C:\WINDOWS\$hf_mig$\KB928090\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c5c.qua'! C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c5c.qua'! C:\WINDOWS\$hf_mig$\KB928255\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c5d.qua'! C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c5d.qua'! C:\WINDOWS\$hf_mig$\KB928843\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c5e.qua'! C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c5e.qua'! C:\WINDOWS\$hf_mig$\KB929123\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c5f.qua'! C:\WINDOWS\$hf_mig$\KB929338\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c5f.qua'! C:\WINDOWS\$hf_mig$\KB929338\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c60.qua'! C:\WINDOWS\$hf_mig$\KB929969\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c60.qua'! C:\WINDOWS\$hf_mig$\KB929969\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c61.qua'! C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c61.qua'! C:\WINDOWS\$hf_mig$\KB930178\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c62.qua'! C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c62.qua'! C:\WINDOWS\$hf_mig$\KB930916\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d4b.qua'! C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c63.qua'! C:\WINDOWS\$hf_mig$\KB931261\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c63.qua'! C:\WINDOWS\$hf_mig$\KB931768\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c64.qua'! C:\WINDOWS\$hf_mig$\KB931768\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c65.qua'! C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c65.qua'! C:\WINDOWS\$hf_mig$\KB931784\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c66.qua'! C:\WINDOWS\$hf_mig$\KB931836\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c66.qua'! C:\WINDOWS\$hf_mig$\KB931836\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c67.qua'! C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c67.qua'! C:\WINDOWS\$hf_mig$\KB932168\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c68.qua'! C:\WINDOWS\$hf_mig$\KB933566\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c68.qua'! C:\WINDOWS\$hf_mig$\KB933566\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c6a.qua'! C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c6a.qua'! C:\WINDOWS\$hf_mig$\KB935839\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3c6b.qua'! C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c6b.qua'! C:\WINDOWS\$hf_mig$\KB935840\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46c48d44.qua'! C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c70.qua'! C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d1.qua'! C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c72.qua'! C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c71.qua'! C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d2.qua'! C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47733c75.qua'! C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d3.qua'! C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c74.qua'! C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c73.qua'! C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d5.qua'! C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c76.qua'! C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d7.qua'! C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c75.qua'! C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d6.qua'! C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c78.qua'! C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d9.qua'! C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c77.qua'! C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697d8.qua'! C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c7a.qua'! C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697db.qua'! C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c79.qua'! C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697da.qua'! C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c7b.qua'! C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c7c.qua'! C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697dc.qua'! C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c7d.qua'! C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697de.qua'! C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697dd.qua'! C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c7e.qua'! C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c7f.qua'! C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69720.qua'! C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697df.qua'! C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697e1.qua'! C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d697e3.qua'! C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c81.qua'! C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69722.qua'! C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c80.qua'! C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69721.qua'! C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c83.qua'! C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69724.qua'! C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c85.qua'! C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c82.qua'! C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69723.qua'! C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69726.qua'! C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c87.qua'! C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c84.qua'! C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69725.qua'! C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476b3c7c.qua'! C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69728.qua'! C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c89.qua'! C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c86.qua'! C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69727.qua'! C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c88.qua'! C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6972a.qua'! C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c8b.qua'! C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69729.qua'! C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c8a.qua'! C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6972b.qua'! C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c8c.qua'! C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6972c.qua'! C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c8d.qua'! C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6972e.qua'! C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6972d.qua'! C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c8e.qua'! C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c8f.qua'! C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69730.qua'! C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6972f.qua'! C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c90.qua'! C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c91.qua'! C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69731.qua'! C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c92.qua'! C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69732.qua'! C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c93.qua'! C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69733.qua'! C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c94.qua'! C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69734.qua'! C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c95.qua'! C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69735.qua'! C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69736.qua'! C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c97.qua'! C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c96.qua'! C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69738.qua'! C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c99.qua'! C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c98.qua'! C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d69739.qua'! C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6973a.qua'! C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c9a.qua'! C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c9b.qua'! C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c9c.qua'! C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6973d.qua'! C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3c9e.qua'! C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46d6973f.qua'! C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3ce0.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3d27.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3d28.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3d29.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3d29.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3d2a.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3d2a.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\spuninst.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '477b3d2b.qua'! C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\update\update.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3d2b.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '475b3d71.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMD9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '474c3d80.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMT9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '474c3d81.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBIN9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46fc81ba.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRE9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '474c3d82.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\EPUPDATE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '475b3d73.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FAMD9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '474c3d83.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FAMT9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46ec9f5c.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FBIN9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '474c3d84.qua'! C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FPRE9BE.EXE [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46ec9f5d.qua'! Begin scan in 'D:\' D:\TEJI\TEJI\mes images\wall\Virtual DJ 3.1 With All Effects, Skins, Samples & Dj Decks Plugin.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47783e36.qua'! D:\TEJI\TEJI\wall\Virtual DJ 3.1 With All Effects, Skins, Samples & Dj Decks Plugin.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47783e5d.qua'! D:\Zoxea\Logiciel\Audacity-win-1.2.3.rar [0] Archive type: RAR --> audacity-win-1.2.3.exe [DETECTION] Contains code of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476a3e9c.qua'! D:\Zoxea\Logiciel\Pilote_USB_2.0_Windows_XP_1.0.rar [0] Archive type: RAR --> Pilote_USB_2.0_Windows_XP_1.0.exe [DETECTION] Contains code of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47723e95.qua'! D:\Zoxea\Logiciel\PocketDivXEncoder_0.3.96.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47693e9b.qua'! D:\Zoxea\Logiciel\PocketDivXEncoder_0.3.96.rar [0] Archive type: RAR --> PocketDivXEncoder_0.3.96.exe [DETECTION] Contains code of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47693e9c.qua'! D:\Zoxea\Logiciel\Wrar362fr.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47673ea2.qua'! D:\Zoxea\Logiciel\Xtremsplit.exe [DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '47783ea5.qua'! D:\Zoxea\Logiciel\Xtremsplit.rar [0] Archive type: RAR --> Xtremsplit.exe [DETECTION] Contains code of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '46e4b21e.qua'! D:\Zoxea\Logiciel\FlashGet v.1.7.3\fgf173.rar [0] Archive type: RAR --> fgf173.exe [DETECTION] Contains code of the Windows virus W32/Hidrag.a [iNFO] The file was moved to '476c3e9a.qua'! Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: vendredi 5 octobre 2007 15:40 -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
RE WONG Voila ce que j'obtiens avec FIXWAREOUT: (Suite a la manip j'ai du redémarrer manuellement, car le reboot automatique a freezé, je le dit au cas ou...) MERCI encore ! Username "georges" - 04/10/2007 16:08:55 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.115.110 85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4898CB31-9F0B-49F9-A352-7A0A5D2CF9E7} "nameserver"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CAB8013-90F4-4650-B54D-A805CBADEA89} "nameserver"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E} "nameserver"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5} "nameserver"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC} "nameserver"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C} "nameserver"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3774021F-3895-45A2-9271-81A04B280A57} "DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CAB8013-90F4-4650-B54D-A805CBADEA89} "DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E} "DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5} "DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC} "DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C} "DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared. Cache de résolution DNS vidé. PC crashed or was not allowed to reboot. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /O5 \"LPT1:\" /M \"Stylus CX3600\"" "BDSwitchAgent"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\"" "EPSON Stylus CX3600 Series (Copie 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P36 \"EPSON Stylus CX3600 Series (Copie 1)\" /O6 \"USB001\" /M \"Stylus CX3600\"" "One view global this"="C:\\Documents and Settings\\All Users\\Application Data\\MPEG ELSE ONE VIEW\\Active peak.exe" "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" "sware"="C:\\Program Files\\WinMsg\\SWARE.EXE" "avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "Axis1"="C:\\DOCUME~1\\georges\\APPLIC~1\\BAGSMA~1\\BURN STORE LOGO.exe" "AdobeUpdater"="C:\\Program Files\\Fichiers communs\\Adobe\\Updater5\\AdobeUpdater.exe" "SafeStrip"="C:\\Program Files\\SafeStrip\\SafeStrip.exe" "WINSOS VERIFY"="\"C:\\Program Files\\WINSOS\\WINSOS.EXE\" MINI" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ et avec HIJACKTHIS: (Bizarrement il n'y avait pas (ou plus) de ligne "O17") Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:17:37, on 04/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\WinMsg\SWARE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Downloads\- Securité Best Tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600" O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Active peak.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Axis1] C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe O4 - HKCU\..\Run: [safeStrip] C:\Program Files\SafeStrip\SafeStrip.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6251f33bb590477681317e69556d1538 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6251f33bb590477681317e69556d1538 O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165081178328 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 9658 bytes -
Pubs intempestives & sutout une pub spyware qui modifie mon fond d
Belladonna a répondu à un(e) sujet de Belladonna dans Analyses et éradication malwares
Merci beaucoup WONG pour ta reponse mais surtout pour ta rapidité ! -
Bonjour a tous ! Je suis nouvelle dans le monde de l'informatique mais j'essaye de me débrouiller. A chaque que je navigue, peu importe les sites que je visite, des pages de pubs pour casino, alice, CID, sites de rencontres, ect... s'affichent et me ralentisse considérablement ! De plus ne nouvelle pub viens ses temps ci "Safe Trip" un certain anti-spyware qui en même temps change mon fond d'écran pour inscrire "Warning you are in danger..." J'ai fait un scan hijackthis et voila ce que j'ai obtenu. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:08:54, on 04/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\WinMsg\SWARE.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\MsiExec.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600" O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe" O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600" O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Active peak.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Axis1] C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [safeStrip] C:\Program Files\SafeStrip\SafeStrip.exe O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ? O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6251f33bb590477681317e69556d1538 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6251f33bb590477681317e69556d1538 O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165081178328 O17 - HKLM\System\CCS\Services\Tcpip\..\{4898CB31-9F0B-49F9-A352-7A0A5D2CF9E7}: NameServer = 85.255.115.110,85.255.112.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{7CAB8013-90F4-4650-B54D-A805CBADEA89}: NameServer = 85.255.115.110,85.255.112.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E}: NameServer = 85.255.115.110,85.255.112.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5}: NameServer = 85.255.115.110,85.255.112.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC}: NameServer = 85.255.115.110,85.255.112.175 O17 - HKLM\System\CCS\Services\Tcpip\..\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C}: NameServer = 85.255.115.110,85.255.112.175 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing) O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe -- End of file - 11007 bytes Que dois-je faire ? Merci !