Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Pubs intempestives & sutout une pub spyware qui modifie mon fond d

Belladonna

Par Belladonna
dans Analyses et éradication malwares

 Partager

Messages recommandés

Belladonna Junior Member

Belladonna

Posté(e)
Posté(e)

Bonjour a tous ! Je suis nouvelle dans le monde de l'informatique mais j'essaye de me débrouiller. A chaque que je navigue, peu importe les sites que je visite, des pages de pubs pour casino, alice, CID, sites de rencontres, ect... s'affichent et me ralentisse considérablement ! De plus ne nouvelle pub viens ses temps ci "Safe Trip" un certain anti-spyware qui en même temps change mon fond d'écran pour inscrire "Warning you are in danger..."

 

J'ai fait un scan hijackthis et voila ce que j'ai obtenu.

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:08:54, on 04/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\WinMsg\SWARE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Active peak.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Axis1] C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - HKCU\..\Run: [safeStrip] C:\Program Files\SafeStrip\SafeStrip.exe

O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6251f33bb590477681317e69556d1538

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6251f33bb590477681317e69556d1538

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165081178328

O17 - HKLM\System\CCS\Services\Tcpip\..\{4898CB31-9F0B-49F9-A352-7A0A5D2CF9E7}: NameServer = 85.255.115.110,85.255.112.175

O17 - HKLM\System\CCS\Services\Tcpip\..\{7CAB8013-90F4-4650-B54D-A805CBADEA89}: NameServer = 85.255.115.110,85.255.112.175

O17 - HKLM\System\CCS\Services\Tcpip\..\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E}: NameServer = 85.255.115.110,85.255.112.175

O17 - HKLM\System\CCS\Services\Tcpip\..\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5}: NameServer = 85.255.115.110,85.255.112.175

O17 - HKLM\System\CCS\Services\Tcpip\..\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC}: NameServer = 85.255.115.110,85.255.112.175

O17 - HKLM\System\CCS\Services\Tcpip\..\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C}: NameServer = 85.255.115.110,85.255.112.175

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

 

--

End of file - 11007 bytes

 

 

Que dois-je faire ?

 

Merci !

wong Full Patch Member

wong

Posté(e)
Posté(e) (modifié)

RE Belladonna,

 

Je ne vois pas de Pare-feu sur ton PC. J'espère que tu utilises au moins celui de XP ?

 

1°) Télécharge LSPfix sur ton bureau : http://www.cexx.org/lspfix.htm

ou depuis ce lien : http://pchelpbordeaux.free.fr/logiciels.html

 

 

2°) Télécharge le FixWareout ( de LonnyRJones ) d'un de ces deux sites :

http://downloads.subratam.org/Fixwareout.exe

http://swandog46.geekstogo.com/Fixwareout.exe

 

Enregistre le fichier sur le Bureau.

 

Ferme toutes les fenêtres de programme.

  • Fais un double clic sur FixWareout.exe pour lancer le programme.
  • clique sur Next
  • clique sur Install
  • Assure toi que "Run fixit" est activé
  • Clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur : Fais le.

 

Ton système mettra un peu plus de temps au démarrage, c'est normal.

 

Quand ton système aura redémarré, suis les invites des messages.

  • Ensuite lance HijackThis.
  • Vérifie que HijackThis fera des sauvegardes: Dans Config, coche Make backups before fixing items" , puis clique sur le bouton Back
  • Clique sur Do a system scan only et Coche les lignes suivantes si présentes :
     
    O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4898CB31-9F0B-49F9-A352-7A0A5D2CF9E7}: NameServer = 85.255.115.110,85.255.112.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7CAB8013-90F4-4650-B54D-A805CBADEA89}: NameServer = 85.255.115.110,85.255.112.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E}: NameServer = 85.255.115.110,85.255.112.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5}: NameServer = 85.255.115.110,85.255.112.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC}: NameServer = 85.255.115.110,85.255.112.175
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C}: NameServer = 85.255.115.110,85.255.112.175
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.175
     
     
  • Clique sur Fix Checked.
  • Ferme HijackThis et clique sur OK pour continuer la procédure.
     
  • A la fin du fix, tu auras peut-être encore besoin de redémarrer le PC.

Au final, Poste le contenu de C:\fixwareout\report.txt avec un nouveau rapport HijackThis.

 

Attention, si ( et seulement si ) durant la procedure tu perds ta connexion utilise LSPfix comme cela :

  • Démarre LSPfix
  • Coche "I know what I'm doing"
  • Clique sur "Finish".
  • Redémarre ton pc

Cordialement.

Modifié par wong
Belladonna Junior Member

Belladonna

Posté(e)
  • Auteur
Posté(e) (modifié)

RE WONG

 

 

Voila ce que j'obtiens avec FIXWAREOUT: (Suite a la manip j'ai du redémarrer manuellement, car le reboot automatique a freezé, je le dit au cas ou...)

 

MERCI encore !

 

 

 

 

 

 

 

 

Username "georges" - 04/10/2007 16:08:55 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

"nameserver"="85.255.115.110 85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4898CB31-9F0B-49F9-A352-7A0A5D2CF9E7}

"nameserver"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CAB8013-90F4-4650-B54D-A805CBADEA89}

"nameserver"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E}

"nameserver"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5}

"nameserver"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC}

"nameserver"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C}

"nameserver"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3774021F-3895-45A2-9271-81A04B280A57}

"DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7CAB8013-90F4-4650-B54D-A805CBADEA89}

"DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{81008AD2-2FF0-4D21-BFFF-B1B5BAE5F42E}

"DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9D061BA2-F404-431C-9EFF-EF6C399F1CA5}

"DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED03C9C4-8DF3-4988-915A-AEEF59525BEC}

"DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F12B1162-C7EA-4AB4-83D8-1EA393D7730C}

"DhcpNameServer"="85.255.115.110,85.255.112.175" <Value cleared.

 

Cache de résolution DNS vidé.

 

 

PC crashed or was not allowed to reboot.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "System"=""

....

....

~~~~~ Misc files.

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE"

"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"EPSON Stylus CX3600 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P26 \"EPSON Stylus CX3600 Series\" /O5 \"LPT1:\" /M \"Stylus CX3600\""

"BDSwitchAgent"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdswitch.exe\""

"EPSON Stylus CX3600 Series (Copie 1)"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATI9BE.EXE /P36 \"EPSON Stylus CX3600 Series (Copie 1)\" /O6 \"USB001\" /M \"Stylus CX3600\""

"One view global this"="C:\\Documents and Settings\\All Users\\Application Data\\MPEG ELSE ONE VIEW\\Active peak.exe"

"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"

"sware"="C:\\Program Files\\WinMsg\\SWARE.EXE"

"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"

"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

"Axis1"="C:\\DOCUME~1\\georges\\APPLIC~1\\BAGSMA~1\\BURN STORE LOGO.exe"

"AdobeUpdater"="C:\\Program Files\\Fichiers communs\\Adobe\\Updater5\\AdobeUpdater.exe"

"SafeStrip"="C:\\Program Files\\SafeStrip\\SafeStrip.exe"

"WINSOS VERIFY"="\"C:\\Program Files\\WINSOS\\WINSOS.EXE\" MINI"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

 

 

 

 

 

et avec HIJACKTHIS: (Bizarrement il n'y avait pas (ou plus) de ligne "O17")

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:37, on 04/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\WinMsg\SWARE.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Downloads\- Securité Best Tools\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://safe-strip-download.com/soft/in.cgi?3&group=sta

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll

O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll (file missing)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O5 "LPT1:" /M "Stylus CX3600"

O4 - HKLM\..\Run: [bDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"

O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P36 "EPSON Stylus CX3600 Series (Copie 1)" /O6 "USB001" /M "Stylus CX3600"

O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\Active peak.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sware] C:\Program Files\WinMsg\SWARE.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Axis1] C:\DOCUME~1\georges\APPLIC~1\BAGSMA~1\BURN STORE LOGO.exe

O4 - HKCU\..\Run: [safeStrip] C:\Program Files\SafeStrip\SafeStrip.exe

O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?6251f33bb590477681317e69556d1538

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?6251f33bb590477681317e69556d1538

O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165081178328

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

 

--

End of file - 9658 bytes

Modifié par Belladonna
wong Full Patch Member

wong

Posté(e)
Posté(e)

Bonjour Belladonna,

 

FixWareout a bien travaillé.

 

Comme tu as Antivir sur ton PC ( Antivirus puissant qui connait Lop et CID ) je souhaiterais que tu fasses un scan en mode sans échec.

 

 

1°) Fais la mise à jour d'Antivir

 

2°) Redémarre en mode sans échec

  • Clique sur Démarrer
  • Clique sur Arrêter l'ordinateur
  • Dans la fenêtre qui s'ouvre : clique sur " Redémarrer "
  • Appui sur la touche F8 ( ou F5 sur certains PC ) dès qu'un écran de texte apparaît ( puis disparaît ).
  • Utilise les touches de direction pour sélectionner le mode sans échec voulu ( " mode sans échec " seul )
  • Appui dur la touche " ENTRÉE "
  • Attend la fenêtre avec le choix des sessions ( noms d'administrateurs ).
  • Clique sur ta session normale : ton nom (Administrateur )
  • Une nouvelle fenêtre s'affiche " Bureau " : clique sur OUI

Lance le scan Antivir

 

3°) Redémarre en mode normal

 

Copie/Colle le rapport Antivir dans ta prochaine réponse

 

Cordialement.

Belladonna Junior Member

Belladonna

Posté(e)
  • Auteur
Posté(e)

Re WONG,

 

Apres avoir respecter tes consignes voila ce que j'obtiens:

 

(Pardon pour le delai de reponse, travail oblige ! Merci encore !)

 

 

 

 

 

 

 

 

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 5 octobre 2007 15:20

 

Scanning for 866476 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: georges

Computer name: GEORGES-ERIC

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55

ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 00:24:29

ANTIVIR3.VDF : 7.0.0.55 121344 Bytes 05/10/2007 12:33:32

AVEWIN32.DLL : 7.6.0.20 2753024 Bytes 05/10/2007 12:33:32

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 5 octobre 2007 15:20

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

12 processes with 12 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '35' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Disque local>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\alcrmv.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47693c1b.qua'!

C:\WINDOWS\alcupd.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c29c8c.qua'!

C:\WINDOWS\IsUninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '475b3c22.qua'!

C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c21.qua'!

C:\WINDOWS\$hf_mig$\KB886185\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c22.qua'!

C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47733c25.qua'!

C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c23.qua'!

C:\WINDOWS\$hf_mig$\KB893756\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c23.qua'!

C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c24.qua'!

C:\WINDOWS\$hf_mig$\KB894391\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c24.qua'!

C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c25.qua'!

C:\WINDOWS\$hf_mig$\KB896358\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c25.qua'!

C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c26.qua'!

C:\WINDOWS\$hf_mig$\KB896423\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c26.qua'!

C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c27.qua'!

C:\WINDOWS\$hf_mig$\KB896424\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c27.qua'!

C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69788.qua'!

C:\WINDOWS\$hf_mig$\KB896428\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c28.qua'!

C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c28.qua'!

C:\WINDOWS\$hf_mig$\KB898461\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d01.qua'!

C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c29.qua'!

C:\WINDOWS\$hf_mig$\KB899587\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c29.qua'!

C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c2a.qua'!

C:\WINDOWS\$hf_mig$\KB899591\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c2a.qua'!

C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c2b.qua'!

C:\WINDOWS\$hf_mig$\KB900485\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c2b.qua'!

C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6978c.qua'!

C:\WINDOWS\$hf_mig$\KB900725\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c2c.qua'!

C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c2c.qua'!

C:\WINDOWS\$hf_mig$\KB901017\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c2d.qua'!

C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c2d.qua'!

C:\WINDOWS\$hf_mig$\KB901214\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c2e.qua'!

C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c2e.qua'!

C:\WINDOWS\$hf_mig$\KB902400\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c2f.qua'!

C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c30.qua'!

C:\WINDOWS\$hf_mig$\KB904706\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c30.qua'!

C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69791.qua'!

C:\WINDOWS\$hf_mig$\KB905414\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c31.qua'!

C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c31.qua'!

C:\WINDOWS\$hf_mig$\KB905749\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c32.qua'!

C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c32.qua'!

C:\WINDOWS\$hf_mig$\KB908519\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c33.qua'!

C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c33.qua'!

C:\WINDOWS\$hf_mig$\KB908531\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c34.qua'!

C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c34.qua'!

C:\WINDOWS\$hf_mig$\KB910437\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d1d.qua'!

C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c35.qua'!

C:\WINDOWS\$hf_mig$\KB911280\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c35.qua'!

C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c36.qua'!

C:\WINDOWS\$hf_mig$\KB911562\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c36.qua'!

C:\WINDOWS\$hf_mig$\KB911567\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69797.qua'!

C:\WINDOWS\$hf_mig$\KB911567\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c37.qua'!

C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c38.qua'!

C:\WINDOWS\$hf_mig$\KB911927\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c38.qua'!

C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69799.qua'!

C:\WINDOWS\$hf_mig$\KB912919\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c39.qua'!

C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c39.qua'!

C:\WINDOWS\$hf_mig$\KB913580\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c3a.qua'!

C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c3a.qua'!

C:\WINDOWS\$hf_mig$\KB914388\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c3b.qua'!

C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c3b.qua'!

C:\WINDOWS\$hf_mig$\KB914389\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c3c.qua'!

C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c3c.qua'!

C:\WINDOWS\$hf_mig$\KB916595\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c3d.qua'!

C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c3d.qua'!

C:\WINDOWS\$hf_mig$\KB917344\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d16.qua'!

C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c3e.qua'!

C:\WINDOWS\$hf_mig$\KB917422\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c3e.qua'!

C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c3f.qua'!

C:\WINDOWS\$hf_mig$\KB917953\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c3f.qua'!

C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697e0.qua'!

C:\WINDOWS\$hf_mig$\KB918118\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c40.qua'!

C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c40.qua'!

C:\WINDOWS\$hf_mig$\KB918439\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c41.qua'!

C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c41.qua'!

C:\WINDOWS\$hf_mig$\KB919007\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c42.qua'!

C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c42.qua'!

C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476b3c39.qua'!

C:\WINDOWS\$hf_mig$\KB920213\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c43.qua'!

C:\WINDOWS\$hf_mig$\KB920214\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c43.qua'!

C:\WINDOWS\$hf_mig$\KB920214\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c44.qua'!

C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c44.qua'!

C:\WINDOWS\$hf_mig$\KB920670\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c45.qua'!

C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c45.qua'!

C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d6e.qua'!

C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c46.qua'!

C:\WINDOWS\$hf_mig$\KB920685\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c46.qua'!

C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c47.qua'!

C:\WINDOWS\$hf_mig$\KB920872\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c47.qua'!

C:\WINDOWS\$hf_mig$\KB921398\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c48.qua'!

C:\WINDOWS\$hf_mig$\KB921398\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c48.qua'!

C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c49.qua'!

C:\WINDOWS\$hf_mig$\KB922582\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c49.qua'!

C:\WINDOWS\$hf_mig$\KB922616\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c4a.qua'!

C:\WINDOWS\$hf_mig$\KB922616\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c4a.qua'!

C:\WINDOWS\$hf_mig$\KB922760\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c4b.qua'!

C:\WINDOWS\$hf_mig$\KB922760\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c4c.qua'!

C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c4c.qua'!

C:\WINDOWS\$hf_mig$\KB922819\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c4d.qua'!

C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c4d.qua'!

C:\WINDOWS\$hf_mig$\KB923414\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c4e.qua'!

C:\WINDOWS\$hf_mig$\KB923694\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c4e.qua'!

C:\WINDOWS\$hf_mig$\KB923694\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c4f.qua'!

C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c4f.qua'!

C:\WINDOWS\$hf_mig$\KB923980\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c50.qua'!

C:\WINDOWS\$hf_mig$\KB924191\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c50.qua'!

C:\WINDOWS\$hf_mig$\KB924191\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d79.qua'!

C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c51.qua'!

C:\WINDOWS\$hf_mig$\KB924270\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c51.qua'!

C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c52.qua'!

C:\WINDOWS\$hf_mig$\KB924496\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c52.qua'!

C:\WINDOWS\$hf_mig$\KB925454\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c53.qua'!

C:\WINDOWS\$hf_mig$\KB925454\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c54.qua'!

C:\WINDOWS\$hf_mig$\KB925486\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c54.qua'!

C:\WINDOWS\$hf_mig$\KB925486\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c55.qua'!

C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c55.qua'!

C:\WINDOWS\$hf_mig$\KB925902\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d7e.qua'!

C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c56.qua'!

C:\WINDOWS\$hf_mig$\KB926255\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c56.qua'!

C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c57.qua'!

C:\WINDOWS\$hf_mig$\KB926436\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c57.qua'!

C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c58.qua'!

C:\WINDOWS\$hf_mig$\KB927779\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c58.qua'!

C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c59.qua'!

C:\WINDOWS\$hf_mig$\KB927802\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c59.qua'!

C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c5a.qua'!

C:\WINDOWS\$hf_mig$\KB927891\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c5a.qua'!

C:\WINDOWS\$hf_mig$\KB928090\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c5b.qua'!

C:\WINDOWS\$hf_mig$\KB928090\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c5c.qua'!

C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c5c.qua'!

C:\WINDOWS\$hf_mig$\KB928255\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c5d.qua'!

C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c5d.qua'!

C:\WINDOWS\$hf_mig$\KB928843\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c5e.qua'!

C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c5e.qua'!

C:\WINDOWS\$hf_mig$\KB929123\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c5f.qua'!

C:\WINDOWS\$hf_mig$\KB929338\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c5f.qua'!

C:\WINDOWS\$hf_mig$\KB929338\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c60.qua'!

C:\WINDOWS\$hf_mig$\KB929969\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c60.qua'!

C:\WINDOWS\$hf_mig$\KB929969\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c61.qua'!

C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c61.qua'!

C:\WINDOWS\$hf_mig$\KB930178\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c62.qua'!

C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c62.qua'!

C:\WINDOWS\$hf_mig$\KB930916\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d4b.qua'!

C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c63.qua'!

C:\WINDOWS\$hf_mig$\KB931261\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c63.qua'!

C:\WINDOWS\$hf_mig$\KB931768\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c64.qua'!

C:\WINDOWS\$hf_mig$\KB931768\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c65.qua'!

C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c65.qua'!

C:\WINDOWS\$hf_mig$\KB931784\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c66.qua'!

C:\WINDOWS\$hf_mig$\KB931836\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c66.qua'!

C:\WINDOWS\$hf_mig$\KB931836\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c67.qua'!

C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c67.qua'!

C:\WINDOWS\$hf_mig$\KB932168\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c68.qua'!

C:\WINDOWS\$hf_mig$\KB933566\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c68.qua'!

C:\WINDOWS\$hf_mig$\KB933566\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c6a.qua'!

C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c6a.qua'!

C:\WINDOWS\$hf_mig$\KB935839\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3c6b.qua'!

C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c6b.qua'!

C:\WINDOWS\$hf_mig$\KB935840\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46c48d44.qua'!

C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c70.qua'!

C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d1.qua'!

C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c72.qua'!

C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c71.qua'!

C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d2.qua'!

C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47733c75.qua'!

C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d3.qua'!

C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c74.qua'!

C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c73.qua'!

C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d5.qua'!

C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c76.qua'!

C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d7.qua'!

C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c75.qua'!

C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d6.qua'!

C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c78.qua'!

C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d9.qua'!

C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c77.qua'!

C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697d8.qua'!

C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c7a.qua'!

C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697db.qua'!

C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c79.qua'!

C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697da.qua'!

C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c7b.qua'!

C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c7c.qua'!

C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697dc.qua'!

C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c7d.qua'!

C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697de.qua'!

C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697dd.qua'!

C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c7e.qua'!

C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c7f.qua'!

C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69720.qua'!

C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697df.qua'!

C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697e1.qua'!

C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d697e3.qua'!

C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c81.qua'!

C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69722.qua'!

C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c80.qua'!

C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69721.qua'!

C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c83.qua'!

C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69724.qua'!

C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c85.qua'!

C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c82.qua'!

C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69723.qua'!

C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69726.qua'!

C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c87.qua'!

C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c84.qua'!

C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69725.qua'!

C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476b3c7c.qua'!

C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69728.qua'!

C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c89.qua'!

C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c86.qua'!

C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69727.qua'!

C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c88.qua'!

C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6972a.qua'!

C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c8b.qua'!

C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69729.qua'!

C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c8a.qua'!

C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6972b.qua'!

C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c8c.qua'!

C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6972c.qua'!

C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c8d.qua'!

C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6972e.qua'!

C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6972d.qua'!

C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c8e.qua'!

C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c8f.qua'!

C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69730.qua'!

C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6972f.qua'!

C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c90.qua'!

C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c91.qua'!

C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69731.qua'!

C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c92.qua'!

C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69732.qua'!

C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c93.qua'!

C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69733.qua'!

C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c94.qua'!

C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69734.qua'!

C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c95.qua'!

C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69735.qua'!

C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69736.qua'!

C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c97.qua'!

C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c96.qua'!

C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69738.qua'!

C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c99.qua'!

C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c98.qua'!

C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d69739.qua'!

C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6973a.qua'!

C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c9a.qua'!

C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c9b.qua'!

C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c9c.qua'!

C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6973d.qua'!

C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3c9e.qua'!

C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46d6973f.qua'!

C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3ce0.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3d27.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\75b33b4a04c484cff6a32aee5a3eeba8\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3d28.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3d29.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3d29.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3d2a.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3d2a.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\spuninst.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '477b3d2b.qua'!

C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ee1608e4453bf012111368b651f3cf15\update\update.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3d2b.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '475b3d71.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMD9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '474c3d80.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMT9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '474c3d81.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBIN9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46fc81ba.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRE9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '474c3d82.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\EPUPDATE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '475b3d73.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FAMD9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '474c3d83.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FAMT9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46ec9f5c.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FBIN9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '474c3d84.qua'!

C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx360043de\E_FPRE9BE.EXE

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46ec9f5d.qua'!

Begin scan in 'D:\'

D:\TEJI\TEJI\mes images\wall\Virtual DJ 3.1 With All Effects, Skins, Samples & Dj Decks Plugin.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47783e36.qua'!

D:\TEJI\TEJI\wall\Virtual DJ 3.1 With All Effects, Skins, Samples & Dj Decks Plugin.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47783e5d.qua'!

D:\Zoxea\Logiciel\Audacity-win-1.2.3.rar

[0] Archive type: RAR

--> audacity-win-1.2.3.exe

[DETECTION] Contains code of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476a3e9c.qua'!

D:\Zoxea\Logiciel\Pilote_USB_2.0_Windows_XP_1.0.rar

[0] Archive type: RAR

--> Pilote_USB_2.0_Windows_XP_1.0.exe

[DETECTION] Contains code of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47723e95.qua'!

D:\Zoxea\Logiciel\PocketDivXEncoder_0.3.96.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47693e9b.qua'!

D:\Zoxea\Logiciel\PocketDivXEncoder_0.3.96.rar

[0] Archive type: RAR

--> PocketDivXEncoder_0.3.96.exe

[DETECTION] Contains code of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47693e9c.qua'!

D:\Zoxea\Logiciel\Wrar362fr.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47673ea2.qua'!

D:\Zoxea\Logiciel\Xtremsplit.exe

[DETECTION] Contains detection pattern of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '47783ea5.qua'!

D:\Zoxea\Logiciel\Xtremsplit.rar

[0] Archive type: RAR

--> Xtremsplit.exe

[DETECTION] Contains code of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '46e4b21e.qua'!

D:\Zoxea\Logiciel\FlashGet v.1.7.3\fgf173.rar

[0] Archive type: RAR

--> fgf173.exe

[DETECTION] Contains code of the Windows virus W32/Hidrag.a

[iNFO] The file was moved to '476c3e9a.qua'!

Begin scan in 'A:\'

Search path A:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: vendredi 5 octobre 2007 15:40

wong Full Patch Member

wong

Posté(e)
Posté(e)

Bonjour Belladonna,

 

Il manque la fin du rapport de Antivir, mais ce n'est pas grave.

 

Pour te faire une procédure pour supprimer Lop.com, j'ai besoin d'un rapport.

 

Fichier findlopjob

 

1°) Création du fichier findlopjob.bat

 

Faire un copier/coller de la ligne ci-dessous ( dans la zone "Code" ) dans le Bloc-note ( sans le mot Code ) :

 

dir %Windir%\tasks /a h > c:\filelopjob.txt

Note: Dans le Bloc-notes, vérifie dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.

 

Enregistrer le fichier sur le Bureau sous le nom de findlopjob.bat

 

Attention: l'extension doit être .bat, choisir "Tous les fichiers" dans la liste déroulante de "Type" lors du "Enregistrer sous.."

Si l'extension est .bat.txt, renommer le fichier en .bat

 

 

2°) Utilisation du fichier findlopjob.bat

 

Faire un double clic sur findlopjob.bat ( une petite fenêtre à fond noir va apparaître puis disparaître très rapidement ).

 

 

3°) Résultat

 

Copie/Colle le contenu du fichier C:\filelopjob.txt dans ta prochaine réponse.

 

Cordialement.

Belladonna Junior Member

Belladonna

Posté(e)
  • Auteur
Posté(e)

Voila :

 

 

 

Le volume dans le lecteur C s'appelle Disque local

Le num‚ro de s‚rie du volume est 08DD-1CAB

 

R‚pertoire de C:\WINDOWS\tasks

 

04/10/2007 02:48 <REP> .

04/10/2007 02:48 <REP> ..

05/10/2007 17:00 270 AA7B7A209188EEFC.job

07/09/2002 01:00 65 desktop.ini

05/10/2007 15:00 412 Norton Security Scan.job

05/10/2007 15:51 6 SA.DAT

05/10/2007 16:15 258 V‚rifier les mises … jour de Windows Live Toolbar.job

5 fichier(s) 1ÿ011 octets

 

R‚pertoire de C:\Downloads

wong Full Patch Member

wong

Posté(e)
Posté(e)

RE Belladonna,

 

Parfait, la tâche planifiée a été trouvée.

 

J'essaye de te faire la procédure pour ce soir, sinon demain.

 

Cordialement.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...