Se connecter / S'enregistrer
Votre question

[résolu] virus AVIRA ne suffit plus

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Octobre 2008 19:56:47

:hello:  pourriez vous m'aider siouplait ?
je suis infecté par une popup dans le systray qui me dit :
"Your computer is infected! et qui me propose de télécharger un spyware" :fou: 
bien sur je n'ai pas clické sur cette popup de peur d'en prendre pour plus cher encore... :D 

Je crois que pour m'aider il faut que je vous montre le rapport hijackthis, mais ou puis je le récupérer ?

merci d'avance a celui qui m'aide.

Autres pages sur : resolu virus avira suffit

20 Octobre 2008 20:34:56

j'ai trouvé et réussi à télécharger un hijack v1.9. Tous les 2.0.2 que j'ai trouvé (même sur ce site) sont soit mauvais (impossible de les désompresser) soit le site de téléchargement me claque dans les doigts.

bon voici le rapport si cela peut suffire. Sinon ou pourrais je récupérer un hijack V2.0.2 qui fonctionne ?

Logfile of HijackThis v1.99.1
Scan saved at 20:31:14, on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\dev\xampplite\apache\bin\apache.exe
C:\dev\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\dev\xampplite\apache\bin\apache.exe
C:\Documents and Settings\christine\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x....
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_35.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apache2.2 - Unknown owner - C:\dev\xampplite\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: mysql - Unknown owner - C:\dev\xampplite\mysql\bin\mysqld-nt.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\dev\xampplite\service.exe

merci d'avance pour l'aide
20 Octobre 2008 20:46:52

Bonsoir

~Télécharge SmitfraudFix

http://siri.urz.free.fr/Fix/SmitfraudFix.exe


Recherche:
~Double clique sur SmitfraudFix.exe
~Sélectionne 1 et presse Entrée dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt
~Poste ce rapport.
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Contenus similaires
20 Octobre 2008 20:57:15

Sham_Rock, que la paix soit avec toi :

SmitFraudFix v2.365

Rapport fait à 20:54:49,62, 20/10/2008
Executé à partir de C:\Documents and Settings\christine\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\dev\xampplite\apache\bin\apache.exe
C:\dev\xampplite\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\dev\xampplite\apache\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\christine\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\brastk.exe PRESENT !
C:\WINDOWS\system32\drivers\svchost.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christine


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christine\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.30.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

20 Octobre 2008 21:00:17

re
on vérifie juste un truc avant de passer à la suppression :) 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
    20 Octobre 2008 21:06:59

    j'ao lancé RSIT mais la fenetre dos ouverte semble bloquée... j'attends encore.
    20 Octobre 2008 21:10:46

    il ne m'a jamais demandé de "continue" et j'ai bien l'impression qu'il pédale dans la choucroute. en tout cas il se passe rien.
    20 Octobre 2008 21:18:23

    re
    on continue, on verra après... :) 

    1

    ~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
    Aide

    ~Double clique sur SmitfraudFix.cmd
    ~Sélectionne 2 et presse Entrée dans le menu pour supprimer les fichiers responsables de l'infection.
    ~Réponds Oui (o) à toutes les questions.
    Un redémarrage sera peut être nécessaire pour terminer la procédure de nettoyage.
    ~Poste le nouveau rapport.

    2
    ajoute un nouveau log hijackthis stp
    20 Octobre 2008 21:33:08

    (J'ai toujours la f... popup : your computer is infected!)
    Rapport SmitfraudFix :
    --------------------------------------------------------------------------------------------
    SmitFraudFix v2.365

    Rapport fait à 21:23:31,03, 20/10/2008
    Executé à partir de C:\Documents and Settings\christine\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    127.0.0.1 123topsearch.com
    127.0.0.1 www.132.com
    127.0.0.1 132.com
    127.0.0.1 www.136136.net
    127.0.0.1 136136.net
    127.0.0.1 www.139mm.com
    127.0.0.1 139mm.com
    127.0.0.1 www.163ns.com
    127.0.0.1 163ns.com
    127.0.0.1 171203.com
    127.0.0.1 17-plus.com
    127.0.0.1 www.1800searchonline.com
    127.0.0.1 1800searchonline.com
    127.0.0.1 www.180searchassistant.com
    127.0.0.1 180searchassistant.com
    127.0.0.1 www.180solutions.com
    127.0.0.1 180solutions.com
    127.0.0.1 www.181.365soft.info
    127.0.0.1 181.365soft.info
    127.0.0.1 www.1987324.com
    127.0.0.1 1987324.com
    127.0.0.1 www.1-domains-registrations.com
    127.0.0.1 1-domains-registrations.com
    127.0.0.1 www.1-extreme.biz
    127.0.0.1 1-extreme.biz
    127.0.0.1 www.1sexparty.com
    127.0.0.1 1sexparty.com
    127.0.0.1 www.1stantivirus.com
    127.0.0.1 1stantivirus.com
    127.0.0.1 www.1stpagehere.com
    127.0.0.1 1stpagehere.com
    127.0.0.1 www.1stsearchportal.com
    127.0.0.1 1stsearchportal.com
    127.0.0.1 2.82211.net
    127.0.0.1 www.2006ooo.com
    127.0.0.1 2006ooo.com
    127.0.0.1 www.2007-download.com
    127.0.0.1 2007-download.com
    127.0.0.1 www.2020search.com
    127.0.0.1 2020search.com
    127.0.0.1 20x2p.com
    127.0.0.1 www.24.365soft.info
    127.0.0.1 24.365soft.info
    127.0.0.1 www.24-7pharmacy.info
    127.0.0.1 24-7pharmacy.info
    127.0.0.1 www.24-7searching-and-more.com
    127.0.0.1 24-7searching-and-more.com
    127.0.0.1 www.24teen.com
    127.0.0.1 24teen.com
    127.0.0.1 www.2every.net
    127.0.0.1 2every.net
    127.0.0.1 2ndpower.com
    127.0.0.1 www.2search.com
    127.0.0.1 2search.com
    127.0.0.1 www.2search.org
    127.0.0.1 2search.org
    127.0.0.1 www.2squared.com
    127.0.0.1 2squared.com
    127.0.0.1 www.3322.org
    127.0.0.1 3322.org
    127.0.0.1 365soft.info
    127.0.0.1 www.36site.com
    127.0.0.1 36site.com
    127.0.0.1 3721.com
    127.0.0.1 39-93.com
    127.0.0.1 www.3abetterinternet.com
    127.0.0.1 3abetterinternet.com
    127.0.0.1 www.3bay.it
    127.0.0.1 3bay.it
    127.0.0.1 www.3ebay.it
    127.0.0.1 3ebay.it
    127.0.0.1 www.3xclipsonline.com
    127.0.0.1 3xclipsonline.com
    127.0.0.1 www.3xcurves.com
    127.0.0.1 3xcurves.com
    127.0.0.1 www.3xfestival.com
    127.0.0.1 3xfestival.com
    127.0.0.1 www.3x-festival.com
    127.0.0.1 3x-festival.com
    127.0.0.1 www.3x-galls.com
    127.0.0.1 3x-galls.com
    127.0.0.1 www.3xmiracle.com
    127.0.0.1 3xmiracle.com
    127.0.0.1 www.3xmoviesblog.com
    127.0.0.1 3xmoviesblog.com
    127.0.0.1 www.404dns.com
    127.0.0.1 404dns.com
    127.0.0.1 www.4199.com
    127.0.0.1 4199.com
    127.0.0.1 www.4corn.net
    127.0.0.1 4corn.net
    127.0.0.1 www.4ebay.it
    127.0.0.1 4ebay.it
    127.0.0.1 4klm.com
    127.0.0.1 www.4mpg.com
    127.0.0.1 4mpg.com
    127.0.0.1 www.4repubblica.it
    127.0.0.1 4repubblica.it
    127.0.0.1 www.4softget.com
    127.0.0.1 4softget.com
    127.0.0.1 www.59cn.cn
    127.0.0.1 59cn.cn
    127.0.0.1 www.5iscali.it
    127.0.0.1 5iscali.it
    127.0.0.1 www.5repubblica.it
    127.0.0.1 5repubblica.it
    127.0.0.1 www.5starvideos.com
    127.0.0.1 5starvideos.com
    127.0.0.1 www.5tiscali.it
    127.0.0.1 5tiscali.it
    127.0.0.1 www.5zgmu7o20kt5d8yq.com
    127.0.0.1 5zgmu7o20kt5d8yq.com
    127.0.0.1 www.680180.net
    127.0.0.1 680180.net
    127.0.0.1 www.6iscali.it
    127.0.0.1 6iscali.it
    127.0.0.1 www.6njaga.com
    127.0.0.1 6njaga.com
    127.0.0.1 www.6sek.com
    127.0.0.1 6sek.com
    127.0.0.1 www.6tiscali.it
    127.0.0.1 6tiscali.it
    127.0.0.1 www.70-music.com
    127.0.0.1 70-music.com
    127.0.0.1 www.7322.com
    127.0.0.1 7322.com
    127.0.0.1 www.745970.com
    127.0.0.1 745970.com
    127.0.0.1 75tz.com
    127.0.0.1 www.777search.com
    127.0.0.1 777search.com
    127.0.0.1 www.777top.com
    127.0.0.1 777top.com
    127.0.0.1 www.7939.com
    127.0.0.1 7939.com
    127.0.0.1 www.7search.com
    127.0.0.1 7search.com
    127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
    127.0.0.1 www.80-music.com
    127.0.0.1 80-music.com
    127.0.0.1 82211.net
    127.0.0.1 8866.org
    127.0.0.1 www.88vcd.com
    127.0.0.1 88vcd.com
    127.0.0.1 www.8ad.com
    127.0.0.1 8ad.com
    127.0.0.1 www.90-music.com
    127.0.0.1 90-music.com
    127.0.0.1 www.9505.com
    127.0.0.1 9505.com
    127.0.0.1 www.971searchbox.com
    127.0.0.1 971searchbox.com
    127.0.0.1 9mmporn.com
    127.0.0.1 a.bestmanage.org
    127.0.0.1 www.aaabesthomepage.com
    127.0.0.1 aaabesthomepage.com
    127.0.0.1 aaasexypics.com
    127.0.0.1 www.aaawebfinder.com
    127.0.0.1 aaawebfinder.com
    127.0.0.1 www.aaqadarsztriv.com
    127.0.0.1 aaqadarsztriv.com
    127.0.0.1 www.aaqada-rsztriv.com
    127.0.0.1 aaqada-rsztriv.com
    127.0.0.1 www.aaqadaueorn.com
    127.0.0.1 aaqadaueorn.com
    127.0.0.1 www.aaqada-ueorn.com
    127.0.0.1 aaqada-ueorn.com
    127.0.0.1 www.aaqada-ygco.com
    127.0.0.1 aaqada-ygco.com
    127.0.0.1 www.aaqada-ymct.com
    127.0.0.1 aaqada-ymct.com
    127.0.0.1 aavc.com
    127.0.0.1 www.abccodec.com
    127.0.0.1 abccodec.com
    127.0.0.1 www.abcdperformance.com
    127.0.0.1 abcdperformance.com
    127.0.0.1 www.abc-find.info
    127.0.0.1 abc-find.info
    127.0.0.1 www.abcsearch.com
    127.0.0.1 abcsearch.com
    127.0.0.1 www.abetterinternet.com
    127.0.0.1 abetterinternet.com
    127.0.0.1 www.abnetsoft.info
    127.0.0.1 abnetsoft.info
    127.0.0.1 www.about-adult.net
    127.0.0.1 about-adult.net
    127.0.0.1 www.aboutclicker.com
    127.0.0.1 aboutclicker.com
    127.0.0.1 www.abrp.net
    127.0.0.1 abrp.net
    127.0.0.1 www.absolutee.com
    127.0.0.1 absolutee.com
    127.0.0.1 www.abyssmedia.com
    127.0.0.1 abyssmedia.com
    127.0.0.1 www.ac66.cn
    127.0.0.1 ac66.cn
    127.0.0.1 access.navinetwork.com
    127.0.0.1 access.rapid-pass.net
    127.0.0.1 www.accessactivexvideo.com
    127.0.0.1 accessactivexvideo.com
    127.0.0.1 www.accessclips.com
    127.0.0.1 accessclips.com
    127.0.0.1 www.access-dvd.com
    127.0.0.1 access-dvd.com
    127.0.0.1 www.accesskeygenerator.com
    127.0.0.1 accesskeygenerator.com
    127.0.0.1 www.accessthefuture.net
    127.0.0.1 accessthefuture.net
    127.0.0.1 www.accessvid.net
    127.0.0.1 accessvid.net
    127.0.0.1 www.acemedic.com
    127.0.0.1 acemedic.com
    127.0.0.1 www.ace-webmaster.com
    127.0.0.1 ace-webmaster.com
    127.0.0.1 acjp.com
    127.0.0.1 www.acrobat-2007.com
    127.0.0.1 acrobat-2007.com
    127.0.0.1 www.acrobat-8.com
    127.0.0.1 acrobat-8.com
    127.0.0.1 www.acrobat-center.com
    127.0.0.1 acrobat-center.com
    127.0.0.1 www.acrobat-hq.com
    127.0.0.1 acrobat-hq.com
    127.0.0.1 www.acrobatreader-8.com
    127.0.0.1 acrobatreader-8.com
    127.0.0.1 www.acrobat-reader-8.de
    127.0.0.1 acrobat-reader-8.de
    127.0.0.1 www.acrobat-stop.com
    127.0.0.1 acrobat-stop.com
    127.0.0.1 www.actionbreastcancer.org
    127.0.0.1 actionbreastcancer.org
    127.0.0.1 www.activesearcher.info
    127.0.0.1 activesearcher.info
    127.0.0.1 www.activexaccessobject.com
    127.0.0.1 activexaccessobject.com
    127.0.0.1 www.activexaccessvideo.com
    127.0.0.1 activexaccessvideo.com
    127.0.0.1 www.activexemedia.com
    127.0.0.1 activexemedia.com
    127.0.0.1 www.activexmediaobject.com
    127.0.0.1 activexmediaobject.com
    127.0.0.1 www.activexmediapro.com
    127.0.0.1 activexmediapro.com
    127.0.0.1 www.activexmediasite.com
    127.0.0.1 activexmediasite.com
    127.0.0.1 www.activexmediasoftware.com
    127.0.0.1 activexmediasoftware.com
    127.0.0.1 www.activexmediasource.com
    127.0.0.1 activexmediasource.com
    127.0.0.1 www.activexmediatool.com
    127.0.0.1 activexmediatool.com
    127.0.0.1 www.activexmediatour.com
    127.0.0.1 activexmediatour.com
    127.0.0.1 www.activexsoftwares.com
    127.0.0.1 activexsoftwares.com
    127.0.0.1 www.activexsource.com
    127.0.0.1 activexsource.com
    127.0.0.1 www.activexupdate.com
    127.0.0.1 activexupdate.com
    127.0.0.1 www.activexvideo.com
    127.0.0.1 activexvideo.com
    127.0.0.1 www.activexvideotool.com
    127.0.0.1 activexvideotool.com
    127.0.0.1 www.ad.marketingsector.com
    127.0.0.1 ad.marketingsector.com
    127.0.0.1 www.ad.mokead.com
    127.0.0.1 ad.mokead.com
    127.0.0.1 ad.oinadserver.com
    127.0.0.1 ad.outerinfoads.com
    127.0.0.1 www.ad25.com
    127.0.0.1 ad25.com
    127.0.0.1 www.ad45.com
    127.0.0.1 ad45.com
    127.0.0.1 www.ad77.com
    127.0.0.1 ad77.com
    127.0.0.1 www.ad86.com
    127.0.0.1 ad86.com
    127.0.0.1 www.adamsupportgroup.org
    127.0.0.1 adamsupportgroup.org
    127.0.0.1 www.adarmor.com
    127.0.0.1 adarmor.com
    127.0.0.1 www.adasearch.com
    127.0.0.1 adasearch.com
    127.0.0.1 adaware.cc
    127.0.0.1 www.adawarenow.com
    127.0.0.1 adawarenow.com
    127.0.0.1 adchannel.contextplus.net
    127.0.0.1 www.addetect.com
    127.0.0.1 addetect.com
    127.0.0.1 www.add-hhh.info
    127.0.0.1 add-hhh.info
    127.0.0.1 www.addictivetechnologies.com
    127.0.0.1 addictivetechnologies.com
    127.0.0.1 www.addictivetechnologies.net
    127.0.0.1 addictivetechnologies.net
    127.0.0.1 www.addioerrori.com
    127.0.0.1 addioerrori.com
    127.0.0.1 www.add-manager.com
    127.0.0.1 add-manager.com
    127.0.0.1 www.adgate.info
    127.0.0.1 adgate.info
    127.0.0.1 www.adintelligence.net
    127.0.0.1 adintelligence.net
    127.0.0.1 www.adioserrores.com
    127.0.0.1 adioserrores.com
    127.0.0.1 www.adipics.com
    127.0.0.1 adipics.com
    127.0.0.1 www.adlogix.com
    127.0.0.1 adlogix.com
    127.0.0.1 www.admin2cash.biz
    127.0.0.1 admin2cash.biz
    127.0.0.1 adnet-plus.com
    127.0.0.1 www.adnetserver.com
    127.0.0.1 adnetserver.com
    127.0.0.1 adobe-download-now.com
    127.0.0.1 www.adobe-downloads.com
    127.0.0.1 adobe-downloads.com
    127.0.0.1 www.adobe-reader-8.fr
    127.0.0.1 adobe-reader-8.fr
    127.0.0.1 www.adprotect.com
    127.0.0.1 adprotect.com
    127.0.0.1 ads.centralmedia.ws
    127.0.0.1 ads.k8l.info
    127.0.0.1 ads.kmpads.com
    127.0.0.1 ads.kw.revenue.net
    127.0.0.1 ads.marketingsector.com
    127.0.0.1 ads.searchingbooth.com
    127.0.0.1 ads.z-quest.com
    127.0.0.1 ads1.revenue.net
    127.0.0.1 www.ads183.com
    127.0.0.1 ads183.com
    127.0.0.1 www.adscontex.com
    127.0.0.1 adscontex.com
    127.0.0.1 www.adservices1.enhance.com
    127.0.0.1 adservices1.enhance.com
    127.0.0.1 adservs.com
    127.0.0.1 www.adsextend.net
    127.0.0.1 adsextend.net
    127.0.0.1 www.adshttp.com
    127.0.0.1 adshttp.com
    127.0.0.1 www.adsniffer.com
    127.0.0.1 adsniffer.com
    127.0.0.1 www.adsonwww.com
    127.0.0.1 adsonwww.com
    127.0.0.1 www.adspics.com
    127.0.0.1 adspics.com
    127.0.0.1 www.adsrevenue.net
    127.0.0.1 adsrevenue.net
    127.0.0.1 www.adtrak.net
    127.0.0.1 adtrak.net
    127.0.0.1 adtrgt.com
    127.0.0.1 www.adult18codec.com
    127.0.0.1 adult18codec.com
    127.0.0.1 www.adult777search.info
    127.0.0.1 adult777search.info
    127.0.0.1 www.adultan.com
    127.0.0.1 adultan.com
    127.0.0.1 www.adultcodec-2008.com
    127.0.0.1 adultcodec-2008.com
    127.0.0.1 www.adultcodecstars.com
    127.0.0.1 adultcodecstars.com
    127.0.0.1 www.adult-engine-search.com
    127.0.0.1 adult-engine-search.com
    127.0.0.1 www.adult-erotic-guide.net
    127.0.0.1 adult-erotic-guide.net
    127.0.0.1 www.adultfilmsite.com
    127.0.0.1 adultfilmsite.com
    127.0.0.1 www.adult-friends-finder.net
    127.0.0.1 adult-friends-finder.net
    127.0.0.1 adultgambling.org
    127.0.0.1 adult-host.org
    127.0.0.1 www.adulthyperlinks.com
    127.0.0.1 adulthyperlinks.com
    127.0.0.1 www.adultmovieplus.com
    127.0.0.1 adultmovieplus.com
    127.0.0.1 www.adult-mpg.net
    127.0.0.1 adult-mpg.net
    127.0.0.1 adult-personal.us
    127.0.0.1 adultsgames.net
    127.0.0.1 www.adultsonlyvids.com
    127.0.0.1 adultsonlyvids.com
    127.0.0.1 www.adultsper.com
    127.0.0.1 adultsper.com
    127.0.0.1 www.adulttds.com
    127.0.0.1 adulttds.com
    127.0.0.1 www.adultzoneworld.com
    127.0.0.1 adultzoneworld.com
    127.0.0.1 www.advancedcleaner.com
    127.0.0.1 advancedcleaner.com
    127.0.0.1 www.advcash.biz
    127.0.0.1 advcash.biz
    127.0.0.1 advert.exaccess.ru
    127.0.0.1 www.advertisemoney.info
    127.0.0.1 advertisemoney.info
    127.0.0.1 advertising.paltalk.com
    127.0.0.1 www.advertising-money.info
    127.0.0.1 advertising-money.info
    127.0.0.1 ad-ware.cc
    127.0.0.1 www.ad-w-a-r-e.com
    127.0.0.1 ad-w-a-r-e.com
    127.0.0.1 www.a-d-w-a-r-e.com
    127.0.0.1 a-d-w-a-r-e.com
    127.0.0.1 www.adware.pro
    127.0.0.1 adware.pro
    127.0.0.1 www.adwarealert.com
    127.0.0.1 adwarealert.com
    127.0.0.1 www.ad-warealert.com
    127.0.0.1 ad-warealert.com
    127.0.0.1 www.adwarearrest.com
    127.0.0.1 adwarearrest.com
    127.0.0.1 www.adwarebazooka.com
    127.0.0.1 adwarebazooka.com
    127.0.0.1 www.adwarecommander.com
    127.0.0.1 adwarecommander.com
    127.0.0.1 www.adwarefinder.com
    127.0.0.1 adwarefinder.com
    127.0.0.1 www.adwaregold.com
    127.0.0.1 adwaregold.com
    127.0.0.1 www.adwarepatrol.com
    127.0.0.1 adwarepatrol.com
    127.0.0.1 www.adwareplatinum.com
    127.0.0.1 adwareplatinum.com
    127.0.0.1 www.adwareprotectionsite.com
    127.0.0.1 adwareprotectionsite.com
    127.0.0.1 www.adwarepunisher.com
    127.0.0.1 adwarepunisher.com
    127.0.0.1 www.adwareremover.ws
    127.0.0.1 adwareremover.ws
    127.0.0.1 www.adwaresafety.com
    127.0.0.1 adwaresafety.com
    127.0.0.1 www.adwarexp.com
    127.0.0.1 adwarexp.com
    127.0.0.1 affiliate.idownload.com
    127.0.0.1 www.aflgate.com
    127.0.0.1 aflgate.com
    127.0.0.1 africaspromise.org
    127.0.0.1 agava.com
    127.0.0.1 agava.ru
    127.0.0.1 agentstudio.com
    127.0.0.1 www.ageofconans.net
    127.0.0.1 ageofconans.net
    127.0.0.1 www.aginegialle.it
    127.0.0.1 aginegialle.it
    127.0.0.1 www.ahnenforschung.de
    127.0.0.1 ahnenforschung.de
    127.0.0.1 www.aifind.info
    127.0.0.1 aifind.info
    127.0.0.1 www.airtleworld.com
    127.0.0.1 airtleworld.com
    127.0.0.1 www.aitalia.it
    127.0.0.1 aitalia.it
    127.0.0.1 akamai.downloadv3.com
    127.0.0.1 www.aklitalia.it
    127.0.0.1 aklitalia.it
    127.0.0.1 akril.com
    127.0.0.1 alcatel.ws
    127.0.0.1 www.alertspy.com
    127.0.0.1 alertspy.com
    127.0.0.1 www.alfacleaner.com
    127.0.0.1 alfacleaner.com
    127.0.0.1 alfa-search.com
    127.0.0.1 www.alialia.it
    127.0.0.1 alialia.it
    127.0.0.1 www.aliotalia.it
    127.0.0.1 aliotalia.it
    127.0.0.1 www.alirtalia.it
    127.0.0.1 alirtalia.it
    127.0.0.1 www.alitaia.it
    127.0.0.1 alitaia.it
    127.0.0.1 www.alitaklia.it
    127.0.0.1 alitaklia.it
    127.0.0.1 www.alitala.it
    127.0.0.1 alitala.it
    127.0.0.1 www.alitali.it
    127.0.0.1 alitali.it
    127.0.0.1 www.alitaliaq.it
    127.0.0.1 alitaliaq.it
    127.0.0.1 www.alitalias.it
    127.0.0.1 alitalias.it
    127.0.0.1 www.alitaliaz.it
    127.0.0.1 alitaliaz.it
    127.0.0.1 www.alitalioa.it
    127.0.0.1 alitalioa.it
    127.0.0.1 www.alitalisa.it
    127.0.0.1 alitalisa.it
    127.0.0.1 www.alitaliua.it
    127.0.0.1 alitaliua.it
    127.0.0.1 www.alitalkia.it
    127.0.0.1 alitalkia.it
    127.0.0.1 www.alitaloia.it
    127.0.0.1 alitaloia.it
    127.0.0.1 www.alitaluia.it
    127.0.0.1 alitaluia.it
    127.0.0.1 www.alitaslia.it
    127.0.0.1 alitaslia.it
    127.0.0.1 www.alitlia.it
    127.0.0.1 alitlia.it
    127.0.0.1 www.alitralia.it
    127.0.0.1 alitralia.it
    127.0.0.1 www.alitsalia.it
    127.0.0.1 alitsalia.it
    127.0.0.1 www.aliutalia.it
    127.0.0.1 aliutalia.it
    127.0.0.1 www.all1count.net
    127.0.0.1 all1count.net
    127.0.0.1 www.all4internet.com
    127.0.0.1 all4internet.com
    127.0.0.1 allabtcars.com
    127.0.0.1 allabtjeeps.com
    127.0.0.1 www.all-bittorrent.com
    127.0.0.1 all-bittorrent.com
    127.0.0.1 www.allcollisions.com
    127.0.0.1 allcollisions.com
    127.0.0.1 www.allcybersearch.com
    127.0.0.1 allcybersearch.com
    127.0.0.1 www.alldnserrors.com
    127.0.0.1 alldnserrors.com
    127.0.0.1 www.all-downloads-now.com
    127.0.0.1 all-downloads-now.com
    127.0.0.1 www.all-edonkey.com
    127.0.0.1 all-edonkey.com
    127.0.0.1 www.allertaminacce.com
    127.0.0.1 allertaminacce.com
    127.0.0.1 allforadult.com
    127.0.0.1 allhyperlinks.com
    127.0.0.1 www.alliesecurity.com
    127.0.0.1 alliesecurity.com
    127.0.0.1 all-inet.com
    127.0.0.1 allinternetbusiness.com
    127.0.0.1 www.all-limewire.com
    127.0.0.1 all-limewire.com
    127.0.0.1 www.allmegabucks.com
    127.0.0.1 allmegabucks.com
    127.0.0.1 www.allprotections.com
    127.0.0.1 allprotections.com
    127.0.0.1 www.allresultz.net
    127.0.0.1 allresultz.net
    127.0.0.1 www.allsearch.us
    127.0.0.1 allsearch.us
    127.0.0.1 www.allsecuritynotes.com
    127.0.0.1 allsecuritynotes.com
    127.0.0.1 www.allsecuritysite.com
    127.0.0.1 allsecuritysite.com
    127.0.0.1 www.allstarsvideos.net
    127.0.0.1 allstarsvideos.net
    127.0.0.1 www.alltiettantivirus.com
    127.0.0.1 alltiettantivirus.com
    127.0.0.1 www.alltruesoftware.com
    127.0.0.1 alltruesoftware.com
    127.0.0.1 www.allvideoactivex.com
    127.0.0.1 allvideoactivex.com
    127.0.0.1 www.almanah.biz
    127.0.0.1 almanah.biz
    127.0.0.1 almarvideos.com
    127.0.0.1 www.aloitalia.it
    127.0.0.1 aloitalia.it
    127.0.0.1 www.aluitalia.it
    127.0.0.1 aluitalia.it
    127.0.0.1 www.amaena.com
    127.0.0.1 amaena.com
    127.0.0.1 amandamountains.com
    127.0.0.1 www.amateurliveshow.com
    127.0.0.1 amateurliveshow.com
    127.0.0.1 www.amediasoftware.com
    127.0.0.1 amediasoftware.com
    127.0.0.1 www.amediasource.com
    127.0.0.1 amediasource.com
    127.0.0.1 www.americanautobargains.com
    127.0.0.1 americanautobargains.com
    127.0.0.1 www.americancarbargains.com
    127.0.0.1 americancarbargains.com
    127.0.0.1 american-teens.net
    127.0.0.1 amigeek.com
    127.0.0.1 www.amigobore.com
    127.0.0.1 amigobore.com
    127.0.0.1 amisbusiness.com
    127.0.0.1 www.ampmsearch.com
    127.0.0.1 ampmsearch.com
    127.0.0.1 www.analcord.com
    127.0.0.1 analcord.com
    127.0.0.1 analmovi.com
    127.0.0.1 www.anarchylolita.com
    127.0.0.1 anarchylolita.com
    127.0.0.1 anarchyporn.com
    127.0.0.1 www.andromedical.com
    127.0.0.1 andromedical.com
    127.0.0.1 www.animepornmag.com
    127.0.0.1 animepornmag.com
    127.0.0.1 anin.org
    127.0.0.1 www.anjpn-avxiz.biz
    127.0.0.1 anjpn-avxiz.biz
    127.0.0.1 www.anjpnzqav.biz
    127.0.0.1 anjpnzqav.biz
    127.0.0.1 www.anjpn-zqav.biz
    127.0.0.1 anjpn-zqav.biz
    127.0.0.1 annaromeo.com
    127.0.0.1 www.antiddos.us
    127.0.0.1 antiddos.us
    127.0.0.1 www.antiespiadorado.com
    127.0.0.1 antiespiadorado.com
    127.0.0.1 www.antiespionspack.com
    127.0.0.1 antiespionspack.com
    127.0.0.1 www.antigusanos2008.com
    127.0.0.1 antigusanos2008.com
    127.0.0.1 www.antispamassistant.com
    127.0.0.1 antispamassistant.com
    127.0.0.1 www.antispamdeluxe.com
    127.0.0.1 antispamdeluxe.com
    127.0.0.1 www.antispionage.com
    127.0.0.1 antispionage.com
    127.0.0.1 www.antispionagepro.com
    127.0.0.1 antispionagepro.com
    127.0.0.1 www.antispyadvanced.com
    127.0.0.1 antispyadvanced.com
    127.0.0.1 www.antispydns.biz
    127.0.0.1 antispydns.biz
    127.0.0.1 www.antispykit.com
    127.0.0.1 antispykit.com
    127.0.0.1 www.antispylab.com
    127.0.0.1 antispylab.com
    127.0.0.1 www.antispyshield.com
    127.0.0.1 antispyshield.com
    127.0.0.1 www.antispysolutions.com
    127.0.0.1 antispysolutions.com
    127.0.0.1 www.antispyware.com
    127.0.0.1 antispyware.com
    127.0.0.1 www.antispywareboot.com
    127.0.0.1 antispywareboot.com
    127.0.0.1 www.antispywarebot.com
    127.0.0.1 antispywarebot.com
    127.0.0.1 www.antispywarebox.com
    127.0.0.1 antispywarebox.com
    127.0.0.1 www.antispywaredownloads.com
    127.0.0.1 antispywaredownloads.com
    127.0.0.1 www.antispywaresuite.com
    127.0.0.1 antispywaresuite.com
    127.0.0.1 www.antispywareupdates.net
    127.0.0.1 antispywareupdates.net
    127.0.0.1 www.antispywarexp.com
    127.0.0.1 antispywarexp.com
    127.0.0.1 www.antispyweb.net
    127.0.0.1 antispyweb.net
    127.0.0.1 www.antiver2008.com
    127.0.0.1 antiver2008.com
    127.0.0.1 www.antivermins.com
    127.0.0.1 antivermins.com
    127.0.0.1 www.anti-vermins.com
    127.0.0.1 anti-vermins.com
    127.0.0.1 www.antivir2007.com
    127.0.0.1 antivir2007.com
    127.0.0.1 www.antivirgear.com
    127.0.0.1 antivirgear.com
    127.0.0.1 www.antivirprotect.com
    127.0.0.1 antivirprotect.com
    127.0.0.1 www.antivirus.fastfreedownload.com
    127.0.0.1 antivirus.fastfreedownload.com
    127.0.0.1 www.antivirus2008pro.com
    127.0.0.1 antivirus2008pro.com
    127.0.0.1 www.antivirus-2008pro.com
    127.0.0.1 antivirus-2008pro.com
    127.0.0.1 www.antivirus-2008-pro.com
    127.0.0.1 antivirus-2008-pro.com
    127.0.0.1 www.antivirus2008pro.info
    127.0.0.1 antivirus2008pro.info
    127.0.0.1 www.antivirus-2008pro.info
    127.0.0.1 antivirus-2008pro.info
    127.0.0.1 www.antivirus-2008-pro.info
    127.0.0.1 antivirus-2008-pro.info
    127.0.0.1 www.antivirus2008pro.net
    127.0.0.1 antivirus2008pro.net
    127.0.0.1 www.antivirus-2008pro.net
    127.0.0.1 antivirus-2008pro.net
    127.0.0.1 www.antivirus-2008-pro.net
    127.0.0.1 antivirus-2008-pro.net
    127.0.0.1 www.antivirus2008pro.org
    127.0.0.1 antivirus2008pro.org
    127.0.0.1 www.antivirus-2008pro.org
    127.0.0.1 antivirus-2008pro.org
    127.0.0.1 www.antivirus-2008-pro.org
    127.0.0.1 antivirus-2008-pro.org
    127.0.0.1 www.antivirus2008x.com
    127.0.0.1 antivirus2008x.com
    127.0.0.1 www.antivirusadvance.com
    127.0.0.1 antivirusadvance.com
    127.0.0.1 www.antivirusaskeladd.com
    127.0.0.1 antivirusaskeladd.com
    127.0.0.1 www.antivirusgereedschap.com
    127.0.0.1 antivirusgereedschap.com
    127.0.0.1 www.antivirusgolden.com
    127.0.0.1 antivirusgolden.com
    127.0.0.1 www.antivirus-hq.net
    127.0.0.1 antivirus-hq.net
    127.0.0.1 www.antiviruspcsuite.com
    127.0.0.1 antiviruspcsuite.com
    127.0.0.1 www.antiviruspremium.com
    127.0.0.1 antiviruspremium.com
    127.0.0.1 www.anti-virus-pro.com
    127.0.0.1 anti-virus-pro.com
    127.0.0.1 www.antivirusprotector.com
    127.0.0.1 antivirusprotector.com
    127.0.0.1 www.antivirus-scanner.com
    127.0.0.1 antivirus-scanner.com
    127.0.0.1 www.antivirusscherm.com
    127.0.0.1 antivirusscherm.com
    127.0.0.1 www.antivirussecuritypro.com
    127.0.0.1 antivirussecuritypro.com
    127.0.0.1 www.antivirus-stop.com
    127.0.0.1 antivirus-stop.com
    127.0.0.1 www.antivirussuite.com
    127.0.0.1 antivirussuite.com
    127.0.0.1 www.antiworm2008.com
    127.0.0.1 antiworm2008.com
    127.0.0.1 www.antiwurm2008.com
    127.0.0.1 antiwurm2008.com
    127.0.0.1 antrocity.com
    127.0.0.1 www.anyofus.com
    127.0.0.1 anyofus.com
    127.0.0.1 www.anysn.seproger.com
    127.0.0.1 anysn.seproger.com
    127.0.0.1 anything4health.com
    127.0.0.1 www.apicpreview.com
    127.0.0.1 apicpreview.com
    127.0.0.1 www.appealcircuit.com
    127.0.0.1 appealcircuit.com
    127.0.0.1 www.approvedlinks.com
    127.0.0.1 approvedlinks.com
    127.0.0.1 apps.deskwizz.com
    127.0.0.1 apps.webservicehost.com
    127.0.0.1 www.aprotectedpage.com
    127.0.0.1 aprotectedpage.com
    127.0.0.1 apsua.com
    127.0.0.1 www.archivioadulti.com
    127.0.0.1 archivioadulti.com
    127.0.0.1 www.archiviosex.net
    127.0.0.1 archiviosex.net
    127.0.0.1 aregay.com
    127.0.0.1 www.ares.click-new-download.com
    127.0.0.1 ares.click-new-download.com
    127.0.0.1 www.ares-freebie.com
    127.0.0.1 ares-freebie.com
    127.0.0.1 www.arespro2007.com
    127.0.0.1 arespro2007.com
    127.0.0.1 www.aresultra.com
    127.0.0.1 aresultra.com
    127.0.0.1 www.ares-usa.com
    127.0.0.1 ares-usa.com
    127.0.0.1 arheo.com
    127.0.0.1 arizonaweb.org
    127.0.0.1 armitageinn.com
    127.0.0.1 www.arquivojpgs.smtp.ru
    127.0.0.1 arquivojpgs.smtp.ru
    127.0.0.1 artachnid.com
    127.0.0.1 art-func.com
    127.0.0.1 art-xxx.com
    127.0.0.1 www.asafebrowser.com
    127.0.0.1 asafebrowser.com
    127.0.0.1 www.asafetyalways.com
    127.0.0.1 asafetyalways.com
    127.0.0.1 www.asafetynote.com
    127.0.0.1 asafetynote.com
    127.0.0.1 www.asafetynotice.com
    127.0.0.1 asafetynotice.com
    127.0.0.1 www.asafetypage.com
    127.0.0.1 asafetypage.com
    127.0.0.1 www.asdbiz.biz
    127.0.0.1 asdbiz.biz
    127.0.0.1 www.asdeykuddq.com
    127.0.0.1 asdeykuddq.com
    127.0.0.1 www.asecurebar.com
    127.0.0.1 asecurebar.com
    127.0.0.1 www.asecureboard.com
    127.0.0.1 asecureboard.com
    127.0.0.1 www.asecurevalue.com
    127.0.0.1 asecurevalue.com
    127.0.0.1 www.asecurityissue.com
    127.0.0.1 asecurityissue.com
    127.0.0.1 www.asecuritynotice.com
    127.0.0.1 asecuritynotice.com
    127.0.0.1 www.asecuritypaper.com
    127.0.0.1 asecuritypaper.com
    127.0.0.1 www.asecuritystuff.com
    127.0.0.1 asecuritystuff.com
    127.0.0.1 www.asfadaptation.com
    127.0.0.1 asfadaptation.com
    127.0.0.1 asiankingkong.com
    127.0.0.1 www.asianpornmag.com
    127.0.0.1 asianpornmag.com
    127.0.0.1 www.asiantoolbar.com
    127.0.0.1 asiantoolbar.com
    127.0.0.1 www.asidseiupc.com
    127.0.0.1 asidseiupc.com
    127.0.0.1 www.aslitalia.it
    127.0.0.1 aslitalia.it
    127.0.0.1 ass-gals.com
    127.0.0.1 www.assureprotection.com
    127.0.0.1 assureprotection.com
    127.0.0.1 asta-killer.com
    127.0.0.1 www.astrologie-server.com
    127.0.0.1 astrologie-server.com
    127.0.0.1 www.asupereva.it
    127.0.0.1 asupereva.it
    127.0.0.1 www.ataprogram.com
    127.0.0.1 ataprogram.com
    127.0.0.1 athenrye.com
    127.0.0.1 www.atotalsafety.com
    127.0.0.1 atotalsafety.com
    127.0.0.1 www.atrueprotection.com
    127.0.0.1 atrueprotection.com
    127.0.0.1 www.atruesecurity.com
    127.0.0.1 atruesecurity.com
    127.0.0.1 www.attackware.com
    127.0.0.1 attackware.com
    127.0.0.1 www.attrezzi.biz
    127.0.0.1 attrezzi.biz
    127.0.0.1 www.aucunsvirus.com
    127.0.0.1 aucunsvirus.com
    127.0.0.1 www.aulde.net
    127.0.0.1 aulde.net
    127.0.0.1 www.aupereva.it
    127.0.0.1 aupereva.it
    127.0.0.1 www.autobargains.org
    127.0.0.1 autobargains.org
    127.0.0.1 www.autobargainsnetwork.com
    127.0.0.1 autobargainsnetwork.com
    127.0.0.1 www.autocontext.begun.ru
    127.0.0.1 autocontext.begun.ru
    127.0.0.1 autoescrowpay.com
    127.0.0.1 www.avadvance.com
    127.0.0.1 avadvance.com
    127.0.0.1 www.avast.free-software-center.com
    127.0.0.1 avast.free-software-center.com
    127.0.0.1 www.avast-2007.com
    127.0.0.1 avast-2007.com
    127.0.0.1 www.avast-downloads.com
    127.0.0.1 avast-downloads.com
    127.0.0.1 www.avast-hq.com
    127.0.0.1 avast-hq.com
    127.0.0.1 www.avforce.com
    127.0.0.1 avforce.com
    127.0.0.1 www.avg.grab-it-today.net
    127.0.0.1 avg.grab-it-today.net
    127.0.0.1 www.avg.softwarecenterz.com
    127.0.0.1 avg.softwarecenterz.com
    127.0.0.1 www.avg-secure.com
    127.0.0.1 avg-secure.com
    127.0.0.1 www.aviadaptation.com
    127.0.0.1 aviadaptation.com
    127.0.0.1 avian-ads.com
    127.0.0.1 www.avicoupler.com
    127.0.0.1 avicoupler.com
    127.0.0.1 www.avideoaxaccess.com
    127.0.0.1 avideoaxaccess.com
    127.0.0.1 www.avideosurfer.com
    127.0.0.1 avideosurfer.com
    127.0.0.1 www.avidirection.com
    127.0.0.1 avidirection.com
    127.0.0.1 www.aviewersoft.com
    127.0.0.1 aviewersoft.com
    127.0.0.1 www.aviexecution.com
    127.0.0.1 aviexecution.com
    127.0.0.1 www.avihelper.com
    127.0.0.1 avihelper.com
    127.0.0.1 www.aviinstrument.com
    127.0.0.1 aviinstrument.com
    127.0.0.1 www.avitool.com
    127.0.0.1 avitool.com
    127.0.0.1 www.avpcheckupdate.com
    127.0.0.1 avpcheckupdate.com
    127.0.0.1 www.avsmanufacture.com
    127.0.0.1 avsmanufacture.com
    127.0.0.1 www.avsystemcare.com
    127.0.0.1 avsystemcare.com
    127.0.0.1 www.avxizaaqada.biz
    127.0.0.1 avxizaaqada.biz
    127.0.0.1 www.avxiz-anjpn.biz
    127.0.0.1 avxiz-anjpn.biz
    127.0.0.1 www.avxizueorn.biz
    127.0.0.1 avxizueorn.biz
    127.0.0.1 www.avxiz-ueorn.biz
    127.0.0.1 avxiz-ueorn.biz
    127.0.0.1 www.avxiz-vtvcp.biz
    127.0.0.1 avxiz-vtvcp.biz
    127.0.0.1 www.avxiz-ygco.biz
    127.0.0.1 avxiz-ygco.biz
    127.0.0.1 www.avxiz-zqav.biz
    127.0.0.1 avxiz-zqav.biz
    127.0.0.1 www.awarenesstech.com
    127.0.0.1 awarenesstech.com
    127.0.0.1 www.awarninglist.com
    127.0.0.1 awarninglist.com
    127.0.0.1 awbeta.net-nucleus.com
    127.0.0.1 www.awesomehomepage.com
    127.0.0.1 awesomehomepage.com
    127.0.0.1 awmcash.biz
    127.0.0.1 awmdabest.com
    127.0.0.1 www.axemediasoftware.com
    127.0.0.1 axemediasoftware.com
    127.0.0.1 www.aximageobject.com
    127.0.0.1 aximageobject.com
    127.0.0.1 www.axmediaproject.com
    127.0.0.1 axmediaproject.com
    127.0.0.1 www.axmediasoftware.com
    127.0.0.1 axmediasoftware.com
    127.0.0.1 www.axmediasolutions.com
    127.0.0.1 axmediasolutions.com
    127.0.0.1 www.axobjectpage.com
    127.0.0.1 axobjectpage.com
    127.0.0.1 www.axobjectsource.com
    127.0.0.1 axobjectsource.com
    127.0.0.1 www.axsoftwaretool.com
    127.0.0.1 axsoftwaretool.com
    127.0.0.1 www.axvideoproject.com
    127.0.0.1 axvideoproject.com
    127.0.0.1 www.axvideosetup.com
    127.0.0.1 axvideosetup.com
    127.0.0.1 ayakawamura.com
    127.0.0.1 ayb.dns-look-up.com
    127.0.0.1 ayb.netbios-wait.com
    127.0.0.1 ayumitaniguchi.com
    127.0.0.1 azebar.com
    127.0.0.1 www.azureusclub.com
    127.0.0.1 azureusclub.com
    127.0.0.1 www.azureus-freebie.com
    127.0.0.1 azureus-freebie.com
    127.0.0.1 www.azzetta.it
    127.0.0.1 azzetta.it
    127.0.0.1 b.casalemedia.com
    127.0.0.1 b122.mcboo.com
    127.0.0.1 www.babe.k-lined.com
    127.0.0.1 babe.k-lined.com
    127.0.0.1 www.babe.the-killer.bz
    127.0.0.1 babe.the-killer.bz
    127.0.0.1 www.babenet.com
    127.0.0.1 babenet.com
    127.0.0.1 www.babespornmag.com
    127.0.0.1 babespornmag.com
    127.0.0.1 www.babeweb.de
    127.0.0.1 babeweb.de
    127.0.0.1 www.baccarat-other.info
    127.0.0.1 baccarat-other.info
    127.0.0.1 www.backstripgirls.com
    127.0.0.1 backstripgirls.com
    127.0.0.1 backup.mabou.org
    127.0.0.1 www.baiduqqsina.cn
    127.0.0.1 baiduqqsina.cn
    127.0.0.1 www.balotierra.com
    127.0.0.1 balotierra.com
    127.0.0.1 bannedhost.net
    127.0.0.1 barbudafarms.com
    127.0.0.1 www.bardownload.com
    127.0.0.1 bardownload.com
    127.0.0.1 barnandfence.com
    127.0.0.1 batsearch.com
    127.0.0.1 baygraphicsllc.com
    127.0.0.1 bb.wudiliuliang.com
    127.0.0.1 bbbsearch.com
    127.0.0.1 bb-search.com
    127.0.0.1 www.bcnproduction.com
    127.0.0.1 bcnproduction.com
    127.0.0.1 bdsmlibrary.net
    127.0.0.1 www.bdsmpornmag.com
    127.0.0.1 bdsmpornmag.com
    127.0.0.1 www.bealent.com
    127.0.0.1 bealent.com
    127.0.0.1 www.bearshare.click-new-download.com
    127.0.0.1 bearshare.click-new-download.com
    127.0.0.1 www.bearshare.download-me.info
    127.0.0.1 bearshare.download-me.info
    127.0.0.1 www.bearshare.mp3-muzic.com
    127.0.0.1 bearshare.mp3-muzic.com
    127.0.0.1 www.bearshare-download.org
    127.0.0.1 bearshare-download.org
    127.0.0.1 www.bearshare-downloads.net
    127.0.0.1 bearshare-downloads.net
    127.0.0.1 www.bearsharelive.co.uk
    127.0.0.1 bearsharelive.co.uk
    127.0.0.1 www.bearshare-music-downloads.com
    127.0.0.1 bearshare-music-downloads.com
    127.0.0.1 www.bearsharepro2007.com
    127.0.0.1 bearsharepro2007.com
    127.0.0.1 www.bearshare-usa.com
    127.0.0.1 bearshare-usa.com
    127.0.0.1 bedhome.com
    127.0.0.1 bediadance.com
    127.0.0.1 www.beebappyy.biz
    127.0.0.1 beebappyy.biz
    127.0.0.1 www.begin2search.com
    127.0.0.1 begin2search.com
    127.0.0.1 bellabasketsfl.com
    127.0.0.1 bernaolatwin.com
    127.0.0.1 www.berufe-jobs.de
    127.0.0.1 berufe-jobs.de
    127.0.0.1 www.berufe-server.de
    127.0.0.1 berufe-server.de
    127.0.0.1 www.berufe-welt.de
    127.0.0.1 berufe-welt.de
    127.0.0.1 www.berufs-wahl.de
    127.0.0.1 berufs-wahl.de
    127.0.0.1 www.beruijindegunhadesun.com
    127.0.0.1 beruijindegunhadesun.com
    127.0.0.1 www.best3xclips.com
    127.0.0.1 best3xclips.com
    127.0.0.1 www.bestadults.com
    127.0.0.1 bestadults.com
    127.0.0.1 best-counter.com
    127.0.0.1 bestcrawler.com
    127.0.0.1 www.bestdailyvids.com
    127.0.0.1 bestdailyvids.com
    127.0.0.1 bestfor.ru
    127.0.0.1 www.bestfuckvids.com
    127.0.0.1 bestfuckvids.com
    127.0.0.1 best-hardpics.com
    127.0.0.1 www.bestmanage.org
    127.0.0.1 bestmanage.org
    127.0.0.1 www.bestmanage0.org
    127.0.0.1 bestmanage0.org
    127.0.0.1 www.bestmanage1.org
    127.0.0.1 bestmanage1.org
    127.0.0.1 www.bestmanage2.org
    127.0.0.1 bestmanage2.org
    127.0.0.1 www.bestmanage3.org
    127.0.0.1 bestmanage3.org
    127.0.0.1 www.bestmanage4.org
    127.0.0.1 bestmanage4.org
    127.0.0.1 www.bestmanage5.org
    127.0.0.1 bestmanage5.org
    127.0.0.1 www.bestmanage6.org
    127.0.0.1 bestmanage6.org
    127.0.0.1 www.bestmanage7.org
    127.0.0.1 bestmanage7.org
    127.0.0.1 www.bestmanage8.org
    127.0.0.1 bestmanage8.org
    127.0.0.1 www.bestmanage9.org
    127.0.0.1 bestmanage9.org
    127.0.0.1 www.bestmovszone.com
    127.0.0.1 bestmovszone.com
    127.0.0.1 www.bestoffersnetworks.com
    127.0.0.1 bestoffersnetworks.com
    127.0.0.1 www.best-porncollection.com
    127.0.0.1 best-porncollection.com
    127.0.0.1 bestporngate.com
    127.0.0.1 www.bestsafetyguide.net
    127.0.0.1 bestsafetyguide.net
    127.0.0.1 www.bestsearch.cc
    127.0.0.1 bestsearch.cc
    127.0.0.1 www.bestsearchworld.info
    127.0.0.1 bestsearchworld.info
    127.0.0.1 www.best-spyware.info
    127.0.0.1 best-spyware.info
    127.0.0.1 www.best-targeted-traffic.com
    127.0.0.1 best-targeted-traffic.com
    127.0.0.1 www.best-voyeur.info
    127.0.0.1 best-voyeur.info
    127.0.0.1 bestweblinks.com
    127.0.0.1 best-winning-casino.com
    127.0.0.1 www.bestworldgirls-for-u.net
    127.0.0.1 bestworldgirls-for-u.net
    127.0.0.1 www.bestxclips.com
    127.0.0.1 bestxclips.com
    127.0.0.1 bestxporno.com
    127.0.0.1 www.bestxxxmpegs.com
    127.0.0.1 bestxxxmpegs.com
    127.0.0.1 www.bettersearch.biz
    127.0.0.1 bettersearch.biz
    127.0.0.1 www.bgazzetta.it
    127.0.0.1 bgazzetta.it
    127.0.0.1 www.bgoogle.it
    127.0.0.1 bgoogle.it
    127.0.0.1 www.bigcodecadult.com
    127.0.0.1 bigcodecadult.com
    127.0.0.1 www.bigcodecadult2008.com
    127.0.0.1 bigcodecadult2008.com
    127.0.0.1 www.bigcodecadult2008-17.com
    127.0.0.1 bigcodecadult2008-17.com
    127.0.0.1 www.bighot18adult2008.com
    127.0.0.1 bighot18adult2008.com
    127.0.0.1 www.bighot18-adult2008.com
    127.0.0.1 bighot18-adult2008.com
    127.0.0.1 www.bighot18codec2008.com
    127.0.0.1 bighot18codec2008.com
    127.0.0.1 www.bighot18-codec2008.com
    127.0.0.1 bighot18-codec2008.com
    127.0.0.1 www.bigtrafficnetwork.com
    127.0.0.1 bigtrafficnetwork.com
    127.0.0.1 www.bigwww.com
    127.0.0.1 bigwww.com
    127.0.0.1 www.bill.de
    127.0.0.1 bill.de
    127.0.0.1 bin.errorprotector.com
    127.0.0.1 bins.media-motor.net
    127.0.0.1 bins2.media-motor.net
    127.0.0.1 bis.180solutions.com
    127.0.0.1 bitchesonline.net
    127.0.0.1 www.bitcomet-freebie.com
    127.0.0.1 bitcomet-freebie.com
    127.0.0.1 www.bittorrent.click-new-download.com
    127.0.0.1 bittorrent.click-new-download.com
    127.0.0.1 biz.biz
    127.0.0.1 www.bkvcompany.com
    127.0.0.1 bkvcompany.com
    127.0.0.1 www.blackblues00.com
    127.0.0.1 blackblues00.com
    127.0.0.1 www.blackcodec.com
    127.0.0.1 blackcodec.com
    127.0.0.1 www.black-codec.com
    127.0.0.1 black-codec.com
    127.0.0.1 www.blackcodec.net
    127.0.0.1 blackcodec.net
    127.0.0.1 www.blackhats.tc
    127.0.0.1 blackhats.tc
    127.0.0.1 www.blackhawksoftware.com
    127.0.0.1 blackhawksoftware.com
    127.0.0.1 blackjack-free.net
    127.0.0.1 www.blacklegion.info
    127.0.0.1 blacklegion.info
    127.0.0.1 blazefind.com
    127.0.0.1 blender.xu.pl
    127.0.0.1 www.blockcheckercontrol.com
    127.0.0.1 blockcheckercontrol.com
    127.0.0.1 blondetgp.com
    127.0.0.1 www.blue-elefant.com
    127.0.0.1 blue-elefant.com
    127.0.0.1 www.bm.theaimonline.com
    127.0.0.1 bm.theaimonline.com
    127.0.0.1 www.bnmgate.com
    127.0.0.1 bnmgate.com
    127.0.0.1 bodaciousbabette.com
    127.0.0.1 www.bonzi.com
    127.0.0.1 bonzi.com
    127.0.0.1 boobdoll.com
    127.0.0.1 boobsandtits.com
    127.0.0.1 boobsclub.com
    127.0.0.1 www.bookedspace.com
    127.0.0.1 bookedspace.com
    127.0.0.1 www.boom.com.vn
    127.0.0.1 boom.com.vn
    127.0.0.1 www.boomgirltv.com
    127.0.0.1 boomgirltv.com
    127.0.0.1 boredlife.com
    127.0.0.1 bowlofogumbo.com
    127.0.0.1 www.bpfq02.com
    127.0.0.1 bpfq02.com
    127.0.0.1 www.bqgate.com
    127.0.0.1 bqgate.com
    127.0.0.1 br.errorsafe.com
    127.0.0.1 br.winantivirus.com
    127.0.0.1 br.winfixer.com
    127.0.0.1 bradcoem.org
    127.0.0.1 www.braincodec.com
    127.0.0.1 braincodec.com
    127.0.0.1 www.brakecodec.com
    127.0.0.1 brakecodec.com
    127.0.0.1 brandiyoung.com
    127.0.0.1 www.bravesentry.com
    127.0.0.1 bravesentry.com
    127.0.0.1 www.breenten.biz
    127.0.0.1 breenten.biz
    127.0.0.1 www.brodbfm.net
    127.0.0.1 brodbfm.net
    127.0.0.1 brookeburn.com
    127.0.0.1 www.browserwise.com
    127.0.0.1 browserwise.com
    127.0.0.1 bsa.safetydownload.com
    127.0.0.1 www.bsplaycodec.com
    127.0.0.1 bsplaycodec.com
    127.0.0.1 bucps.com
    127.0.0.1 buhartes.info
    127.0.0.1 buldog-stats.com
    127.0.0.1 www.bullseye-network.com
    127.0.0.1 bullseye-network.com
    127.0.0.1 burgerkingbigscreen.com
    127.0.0.1 www.burningsite.com
    127.0.0.1 burningsite.com
    127.0.0.1 www.burnsrecyclinginc.com
    127.0.0.1 burnsrecyclinginc.com
    127.0.0.1 buscards.net
    127.0.0.1 bustyrussell.com
    127.0.0.1 www.busysearch.net
    127.0.0.1 busysearch.net
    127.0.0.1 buttejazz.org
    127.0.0.1 www.buy-find.info
    127.0.0.1 buy-find.info
    127.0.0.1 buyselldomain.net
    127.0.0.1 www.buytraff.biz
    127.0.0.1 buytraff.biz
    127.0.0.1 buz.ru
    127.0.0.1 www.bvdtechinque.com
    127.0.0.1 bvdtechinque.com
    127.0.0.1 www.bvirgilio.it
    127.0.0.1 bvirgilio.it
    127.0.0.1 www.bye-spyware.com
    127.0.0.1 bye-spyware.com
    127.0.0.1 c.centralmedia.ws
    127.0.0.1 www.c.enhance.com
    127.0.0.1 c.enhance.com
    127.0.0.1 c.goclick.com
    127.0.0.1 www.c4tdownload.com
    127.0.0.1 c4tdownload.com
    127.0.0.1 www.c5.www4free.info
    127.0.0.1 c5.www4free.info
    127.0.0.1 www.cache.surfaccuracy.com
    127.0.0.1 cache.surfaccuracy.com
    127.0.0.1 cache.ysbweb.com
    127.0.0.1 www.cadesfinjeriokas.com
    127.0.0.1 cadesfinjeriokas.com
    127.0.0.1 calcioturris.com
    127.0.0.1 www.calendaralerts.net
    127.0.0.1 calendaralerts.net
    127.0.0.1 www.callinghome.biz
    127.0.0.1 callinghome.biz
    127.0.0.1 www.cameouk.co.uk
    127.0.0.1 cameouk.co.uk
    127.0.0.1 cameup.com
    127.0.0.1 www.camouflageclothingonline.net
    127.0.0.1 camouflageclothingonline.net
    127.0.0.1 campaigns.outerinfo.net
    127.0.0.1 camup.net
    127.0.0.1 canberracricketcoaching.com
    127.0.0.1 candycantaloupes.com
    127.0.0.1 www.canidetect.org
    127.0.0.1 canidetect.org
    127.0.0.1 www.cantfind.com
    127.0.0.1 cantfind.com
    127.0.0.1 careers.dulcineasystems.net
    127.0.0.1 carsands.com
    127.0.0.1 carsrentals.net
    127.0.0.1 cartoes.uol.com.br
    127.0.0.1 www.casalemedia.com
    127.0.0.1 casalemedia.com
    127.0.0.1 www.cashdeluxe.net
    127.0.0.1 cashdeluxe.net
    127.0.0.1 www.cashengines.com
    127.0.0.1 cashengines.com
    127.0.0.1 cashsearch.biz
    127.0.0.1 www.cashsurfers.com
    127.0.0.1 cashsurfers.com
    127.0.0.1 www.cashunlim.com
    127.0.0.1 cashunlim.com
    127.0.0.1 casino.com.free.game.pogo.gratisdownloads.nl
    127.0.0.1 casino2win.net
    127.0.0.1 casino-gambling-1.net
    127.0.0.1 casino-gambling-2.net
    127.0.0.1 casinomidas.net
    127.0.0.1 casinonline.net
    127.0.0.1 casino-onlines.net
    127.0.0.1 www.castingsamateur.com
    127.0.0.1 castingsamateur.com
    127.0.0.1 catallogue.com
    127.0.0.1 www.catch-dc.info
    127.0.0.1 catch-dc.info
    127.0.0.1 categories.mygeek.com
    127.0.0.1 catsss.da.ru
    127.0.0.1 caxa.ru
    127.0.0.1 cazygirls-world.com
    127.0.0.1 cc.panet.org
    127.0.0.1 www.ccecaedbebfcaf.com
    127.0.0.1 ccecaedbebfcaf.com
    127.0.0.1 cclebali.org
    127.0.0.1 www.ccorriere.it
    127.0.0.1 ccorriere.it
    127.0.0.1 www.cdcopysite.com
    127.0.0.1 cdcopysite.com
    127.0.0.1 www.cdegate.com
    127.0.0.1 cdegate.com
    127.0.0.1 cdn.drivecleaner.com
    127.0.0.1 cdn.errorsafe.com
    127.0.0.1 cdn.movies-etc.com
    127.0.0.1 cdn.winsoftware.com
    127.0.0.1 cdn2.movies-etc.com
    127.0.0.1 www.cdorriere.it
    127.0.0.1 cdorriere.it
    127.0.0.1 ceewawires.org
    127.0.0.1 centralmedia.ws
    127.0.0.1 certumgroup.com
    127.0.0.1 www.cforriere.it
    127.0.0.1 cforriere.it
    127.0.0.1 www.check.jupitersatellites.biz
    127.0.0.1 check.jupitersatellites.biz
    127.0.0.1 www.checkin100.com
    127.0.0.1 checkin100.com
    127.0.0.1 www.checkssecurity.com
    127.0.0.1 checkssecurity.com
    127.0.0.1 chelancatering.com
    127.0.0.1 www.chenshijituan.com
    127.0.0.1 chenshijituan.com
    127.0.0.1 childrenvilla.com
    127.0.0.1 www.chilly3xvids.com
    127.0.0.1 chilly3xvids.com
    127.0.0.1 www.chillymovs.com
    127.0.0.1 chillymovs.com
    127.0.0.1 chips-4-free.com
    127.0.0.1 chrisswasey.com
    127.0.0.1 chriswallace.net
    127.0.0.1 www.cia-trjn.myvnc.com
    127.0.0.1 cia-trjn.myvnc.com
    127.0.0.1 www.cinemadownload.com
    127.0.0.1 cinemadownload.com
    127.0.0.1 www.ciorriere.it
    127.0.0.1 ciorriere.it
    127.0.0.1 www.cirriere.it
    127.0.0.1 cirriere.it
    127.0.0.1 www.citycodec.com
    127.0.0.1 citycodec.com
    127.0.0.1 ckick4thumbs.com
    127.0.0.1 cl55.biz
    127.0.0.1 clackamasliteraryreview.com
    127.0.0.1 www.clckm.com
    127.0.0.1 clckm.com
    127.0.0.1 www.cleancodec.com
    127.0.0.1 cleancodec.com
    127.0.0.1 www.cleansoftwares.com
    127.0.0.1 cleansoftwares.com
    127.0.0.1 clearsearch.cc
    127.0.0.1 clearsearch.net
    127.0.0.1 clickaire.com
    127.0.0.1 www.click-codec.com
    127.0.0.1 click-codec.com
    127.0.0.1 www.clickhere4search.com
    127.0.0.1 clickhere4search.com
    127.0.0.1 www.click-new-download.com
    127.0.0.1 click-new-download.com
    127.0.0.1 click-now.net
    127.0.0.1 www.clickspring.net
    127.0.0.1 clickspring.net
    127.0.0.1 www.click-to-download.com
    127.0.0.1 click-to-download.com
    127.0.0.1 www.clicktomakeasearch.com
    127.0.0.1 clicktomakeasearch.com
    127.0.0.1 clickyestoenter.net
    127.0.0.1 client.exeupdate.com
    127.0.0.1 client.myadultexplorer.com
    127.0.0.1 www.cliks.org
    127.0.0.1 cliks.org
    127.0.0.1 www.clipsfestival.com
    127.0.0.1 clipsfestival.com
    127.0.0.1 www.clipsreality.com
    127.0.0.1 clipsreality.com
    127.0.0.1 www.clorriere.it
    127.0.0.1 clorriere.it
    127.0.0.1 clrsch.com
    127.0.0.1 www.clubxxxvideo.com
    127.0.0.1 clubxxxvideo.com
    127.0.0.1 clusif.free.fr
    127.0.0.1 cmtapestry.com
    127.0.0.1 www.cnetadd.com
    127.0.0.1 cnetadd.com
    127.0.0.1 www.cnomy.com
    127.0.0.1 cnomy.com
    127.0.0.1 www.cnzz.com
    127.0.0.1 cnzz.com
    127.0.0.1 www.cocktails-ideen.de
    127.0.0.1 cocktails-ideen.de
    127.0.0.1 code.ignphrases.com
    127.0.0.1 codec.ninoa.com
    127.0.0.1 www.codecadult18.com
    127.0.0.1 codecadult18.com
    127.0.0.1 www.codecbest.com
    127.0.0.1 codecbest.com
    127.0.0.1 www.codecbsplay.com
    127.0.0.1 codecbsplay.com
    127.0.0.1 www.codecdemo.com
    127.0.0.1 codecdemo.com
    127.0.0.1 www.codecdvd.net
    127.0.0.1 codecdvd.net
    127.0.0.1 www.codecdvi.com
    127.0.0.1 codecdvi.com
    127.0.0.1 www.codec-fun.com
    127.0.0.1 codec-fun.com
    127.0.0.1 www.codechard.com
    127.0.0.1 codechard.com
    127.0.0.1 www.codechot.net
    127.0.0.1 codechot.net
    127.0.0.1 www.codechq.net
    127.0.0.1 codechq.net
    127.0.0.1 www.codecmeg.net
    127.0.0.1 codecmeg.net
    127.0.0.1 www.codecmega.com
    127.0.0.1 codecmega.com
    127.0.0.1 www.codecmega.net
    127.0.0.1 codecmega.net
    127.0.0.1 www.codecmoon.com
    127.0.0.1 codecmoon.com
    127.0.0.1 www.codecmpg.com
    127.0.0.1 codecmpg.com
    127.0.0.1 www.codecnice.net
    127.0.0.1 codecnice.net
    127.0.0.1 www.codecnitro.com
    127.0.0.1 codecnitro.com
    127.0.0.1 www.codecops.net
    127.0.0.1 codecops.net
    127.0.0.1 www.codecplay.com
    127.0.0.1 codecplay.com
    127.0.0.1 www.codecpretty.net
    127.0.0.1 codecpretty.net
    127.0.0.1 www.codecpro.net
    127.0.0.1 codecpro.net
    127.0.0.1 www.codecred.net
    127.0.0.1 codecred.net
    127.0.0.1 www.codecsoft.net
    127.0.0.1 codecsoft.net
    127.0.0.1 www.codecthe.com
    127.0.0.1 codecthe.com
    127.0.0.1 www.codectime.com
    127.0.0.1 codectime.com
    127.0.0.1 www.codecultra.net
    127.0.0.1 codecultra.net
    127.0.0.1 www.codecvids.com
    127.0.0.1 codecvids.com
    127.0.0.1 www.codecvip.com
    127.0.0.1 codecvip.com
    127.0.0.1 www.codecviva.com
    127.0.0.1 codecviva.com
    127.0.0.1 www.codeczang.net
    127.0.0.1 codeczang.net
    127.0.0.1 www.codrriere.it
    127.0.0.1 codrriere.it
    127.0.0.1 www.coeriere.it
    127.0.0.1 coeriere.it
    127.0.0.1 www.coerriere.it
    127.0.0.1 coerriere.it
    127.0.0.1 www.cofrriere.it
    127.0.0.1 cofrriere.it
    127.0.0.1 www.cogrriere.it
    127.0.0.1 cogrriere.it
    127.0.0.1 www.coirriere.it
    127.0.0.1 coirriere.it
    127.0.0.1 command.adservs.com
    127.0.0.1 www.commonname.com
    127.0.0.1 commonname.com
    127.0.0.1 www.computerpcgames.net
    127.0.0.1 computerpcgames.net
    127.0.0.1 www.computerrecover.com
    127.0.0.1 computerrecover.com
    127.0.0.1 config.180solutions.com
    127.0.0.1 www.congtouzailai.net
    127.0.0.1 congtouzailai.net
    127.0.0.1 www.content.dollarrevenue.com
    127.0.0.1 content.dollarrevenue.com
    127.0.0.1 www.content.ireit.com
    127.0.0.1 content.ireit.com
    127.0.0.1 content.onerateld.com
    127.0.0.1 www.contentmatch.net
    127.0.0.1 contentmatch.net
    127.0.0.1 www.contextplus.net
    127.0.0.1 contextplus.net
    127.0.0.1 www.contra-virus.com
    127.0.0.1 contra-virus.com
    127.0.0.1 www.controlmeh.com
    127.0.0.1 controlmeh.com
    127.0.0.1 www.convenient-search.com
    127.0.0.1 convenient-search.com
    127.0.0.1 www.cookingluck.com
    127.0.0.1 cookingluck.com
    127.0.0.1 www.cooldeskalert.com
    127.0.0.1 cooldeskalert.com
    127.0.0.1 coolfetishsite.com
    127.0.0.1 coolfreehost.com
    127.0.0.1 coolfreepage.com
    127.0.0.1 coolfreepages.com
    127.0.0.1 cool-homepage.co
    127.0.0.1 cool-homepage.com
    127.0.0.1 coolmoneysearch.com
    127.0.0.1 www.coolonlinebusiness.com
    127.0.0.1 coolonlinebusiness.com
    127.0.0.1 coolpornsearch.com
    127.0.0.1 cool-search.net
    127.0.0.1 cool-search.netfartpost.com
    127.0.0.1 coolsearcher.info
    127.0.0.1 www.coolservecorp.net
    127.0.0.1 coolservecorp.net
    127.0.0.1 www.coolwebsearch.com
    127.0.0.1 coolwebsearch.com
    127.0.0.1 cool-web-search.com
    127.0.0.1 coolwebsearsh.com
    127.0.0.1 www.coolwwwsearch.com
    127.0.0.1 coolwwwsearch.com
    127.0.0.1 cool-xxx.net
    127.0.0.1 www.coorriere.it
    127.0.0.1 coorriere.it
    127.0.0.1 copmtraine.com
    127.0.0.1 www.coprriere.it
    127.0.0.1 coprriere.it
    127.0.0.1 www.core.psyche-evolution.com
    127.0.0.1 core.psyche-evolution.com
    127.0.0.1 www.coreiere.it
    127.0.0.1 coreiere.it
    127.0.0.1 www.coreriere.it
    127.0.0.1 coreriere.it
    127.0.0.1 www.corrdiere.it
    127.0.0.1 corrdiere.it
    127.0.0.1 www.correiere.it
    127.0.0.1 correiere.it
    127.0.0.1 www.corrfiere.it
    127.0.0.1 corrfiere.it
    127.0.0.1 www.corrgiere.it
    127.0.0.1 corrgiere.it
    127.0.0.1 www.corridere.it
    127.0.0.1 corridere.it
    127.0.0.1 www.corriedre.it
    127.0.0.1 corriedre.it
    127.0.0.1 www.corriee.it
    127.0.0.1 corriee.it
    127.0.0.1 www.corrieere.it
    127.0.0.1 corrieere.it
    127.0.0.1 www.corriefre.it
    127.0.0.1 corriefre.it
    127.0.0.1 www.corriegre.it
    127.0.0.1 corriegre.it
    127.0.0.1 www.corrierde.it
    127.0.0.1 corrierde.it
    127.0.0.1 www.corriered.it
    127.0.0.1 corriered.it
    127.0.0.1 www.corrieree.it
    127.0.0.1 corrieree.it
    127.0.0.1 www.corrieref.it
    127.0.0.1 corrieref.it
    127.0.0.1 www.corrierer.it
    127.0.0.1 corrierer.it
    127.0.0.1 www.corrieres.it
    127.0.0.1 corrieres.it
    127.0.0.1 www.corrierew.it
    127.0.0.1 corrierew.it
    127.0.0.1 www.corrierfe.it
    127.0.0.1 corrierfe.it
    127.0.0.1 www.corrierge.it
    127.0.0.1 corrierge.it
    127.0.0.1 www.corrierr.it
    127.0.0.1 corrierr.it
    127.0.0.1 www.corrierre.it
    127.0.0.1 corrierre.it
    127.0.0.1 www.corrierse.it
    127.0.0.1 corrierse.it
    127.0.0.1 www.corrierte.it
    127.0.0.1 corrierte.it
    127.0.0.1 www.corrierw.it
    127.0.0.1 corrierw.it
    127.0.0.1 www.corrierwe.it
    127.0.0.1 corrierwe.it
    127.0.0.1 www.corriesre.it
    127.0.0.1 corriesre.it
    127.0.0.1 www.corriete.it
    127.0.0.1 corriete.it
    127.0.0.1 www.corrietre.it
    127.0.0.1 corrietre.it
    127.0.0.1 www.corriewre.it
    127.0.0.1 corriewre.it
    127.0.0.1 www.corrifere.it
    127.0.0.1 corrifere.it
    127.0.0.1 www.corriiere.it
    127.0.0.1 corriiere.it
    127.0.0.1 www.corrilere.it
    127.0.0.1 corrilere.it
    127.0.0.1 www.corrioere.it
    127.0.0.1 corrioere.it
    127.0.0.1 www.corrire.it
    127.0.0.1 corrire.it
    127.0.0.1 www.corrirere.it
    127.0.0.1 corrirere.it
    127.0.0.1 www.corrirre.it
    127.0.0.1 corrirre.it
    127.0.0.1 www.corrisere.it
    127.0.0.1 corrisere.it
    127.0.0.1 www.corriuere.it
    127.0.0.1 corriuere.it
    127.0.0.1 www.corriwere.it
    127.0.0.1 corriwere.it
    127.0.0.1 www.corriwre.it
    127.0.0.1 corriwre.it
    127.0.0.1 www.corrliere.it
    127.0.0.1 corrliere.it
    127.0.0.1 www.corroere.it
    127.0.0.1 corroere.it
    127.0.0.1 www.corroiere.it
    127.0.0.1 corroiere.it
    127.0.0.1 www.corrriere.it
    127.0.0.1 corrriere.it
    127.0.0.1 www.corrtiere.it
    127.0.0.1 corrtiere.it
    127.0.0.1 www.corruere.it
    127.0.0.1 corruere.it
    127.0.0.1 www.corruiere.it
    127.0.0.1 corruiere.it
    127.0.0.1 www.cortiere.it
    127.0.0.1 cortiere.it
    127.0.0.1 www.cortriere.it
    127.0.0.1 cortriere.it
    127.0.0.1 www.costrike.com
    127.0.0.1 costrike.com
    127.0.0.1 www.cotriere.it
    127.0.0.1 cotriere.it
    127.0.0.1 www.cotrriere.it
    127.0.0.1 cotrriere.it
    127.0.0.1 couldnotfind.com
    127.0.0.1 count.cc
    127.0.0.1 count.hitscount.net
    127.0.0.1 count-all.com
    127.0.0.1 www.countdutycall.info
    127.0.0.1 countdutycall.info
    127.0.0.1 counter.sexmaniack.com
    127.0.0.1 www.courtrecordslookup.com
    127.0.0.1 courtrecordslookup.com
    127.0.0.1 www.cporriere.it
    127.0.0.1 cporriere.it
    127.0.0.1 www.cprriere.it
    127.0.0.1 cprriere.it
    127.0.0.1 cpvfeed.com
    127.0.0.1 cracks.me.uk
    127.0.0.1 www.cracks4all.com
    127.0.0.1 cracks4all.com
    127.0.0.1 www.crapsgold.info
    127.0.0.1 crapsgold.info
    127.0.0.1 www.crazygirls-world.com
    127.0.0.1 crazygirls-world.com
    127.0.0.1 www.crazywinnings.com
    127.0.0.1 crazywinnings.com
    127.0.0.1 creamedcutties.com
    127.0.0.1 www.createaccesskey.com
    127.0.0.1 createaccesskey.com
    127.0.0.1 www.creatonsoft.com
    127.0.0.1 creatonsoft.com
    127.0.0.1 creditsearchonline.com
    127.0.0.1 crestring.com
    127.0.0.1 crooder.com
    127.0.0.1 www.crriere.it
    127.0.0.1 crriere.it
    127.0.0.1 www.cryptdrive.com
    127.0.0.1 cryptdrive.com
    127.0.0.1 www.crystalysmedia.com
    127.0.0.1 crystalysmedia.com
    127.0.0.1 www.csx.adservs.com
    127.0.0.1 csx.adservs.com
    127.0.0.1 cts.180solutions.com
    127.0.0.1 www.cuisinartoven.com
    127.0.0.1 cuisinartoven.com
    127.0.0.1 www.curedc.info
    127.0.0.1 curedc.info
    127.0.0.1 www.curepcsolutions.com
    127.0.0.1 curepcsolutions.com
    127.0.0.1 curvedspaces.com
    127.0.0.1 www.cutadult.com
    127.0.0.1 cutadult.com
    127.0.0.1 www.cutoffspyware.com
    127.0.0.1 cutoffspyware.com
    127.0.0.1 www.cvirgilio.it
    127.0.0.1 cvirgilio.it
    127.0.0.1 www.cvorriere.it
    127.0.0.1 cvorriere.it
    127.0.0.1 cvs.jps.ru
    127.0.0.1 cvsymphony.com
    127.0.0.1 www.cxorriere.it
    127.0.0.1 cxorriere.it
    127.0.0.1 www.cyberrape.com
    127.0.0.1 cyberrape.com
    127.0.0.1 cydom.com
    127.0.0.1 www.cydoor.com
    127.0.0.1 cydoor.com
    127.0.0.1 d34s.qfdfqawd.cn
    127.0.0.1 www.daily3xlinks.com
    127.0.0.1 daily3xlinks.com
    127.0.0.1 www.dailybestclips.com
    127.0.0.1 dailybestclips.com
    127.0.0.1 daily-gals.com
    127.0.0.1 www.dailyhugemovs.com
    127.0.0.1 dailyhugemovs.com
    127.0.0.1 www.dailykeys.com
    127.0.0.1 dailykeys.com
    127.0.0.1 www.dailypornmag.com
    127.0.0.1 dailypornmag.com
    127.0.0.1 dailyteenspic.com
    127.0.0.1 www.dailytoolbar.com
    127.0.0.1 dailytoolbar.com
    127.0.0.1 www.dailyxvids.com
    127.0.0.1 dailyxvids.com
    127.0.0.1 dancingbabycd.com
    127.0.0.1 www.dapsol.com
    127.0.0.1 dapsol.com
    127.0.0.1 www.dapsolution.com
    127.0.0.1 dapsolution.com
    127.0.0.1 www.data-hoster.com
    127.0.0.1 data-hoster.com
    127.0.0.1 datanotary.com
    127.0.0.1 datareco.com
    127.0.0.1 www.dateanybabe.com
    127.0.0.1 dateanybabe.com
    127.0.0.1 www.dateanychick.com
    127.0.0.1 dateanychick.com
    127.0.0.1 www.datingdoctorsite.com
    127.0.0.1 datingdoctorsite.com
    127.0.0.1 www.dating-galaxy.info
    127.0.0.1 dating-galaxy.info
    127.0.0.1 dating-search.net
    127.0.0.1 davemarshall.org
    127.0.0.1 db105.com
    127.0.0.1 www.dbdecicated.com
    127.0.0.1 dbdecicated.com
    127.0.0.1 www.dbxcompany.com
    127.0.0.1 dbxcompany.com
    127.0.0.1 dcdl.dmcast.com
    127.0.0.1 dcfitusa.com
    127.0.0.1 www.dcorriere.it
    127.0.0.1 dcorriere.it
    127.0.0.1 www.dcurtis.com
    127.0.0.1 dcurtis.com
    127.0.0.1 dcww.dmcast.com
    127.0.0.1 de.ag
    127.0.0.1 de.drivecleaner.com
    127.0.0.1 de.errorsafe.com
    127.0.0.1 de.winantivirus.com
    127.0.0.1 de98.remsys.org
    127.0.0.1 www.debay.it
    127.0.0.1 debay.it
    127.0.0.1 www.decknews.com
    127.0.0.1 decknews.com
    127.0.0.1 dedmazay.3322.org
    127.0.0.1 www.dedsearch.com
    127.0.0.1 dedsearch.com
    127.0.0.1 defaultsearch.net
    127.0.0.1 www.defensaantimalware.com
    127.0.0.1 defensaantimalware.com
    127.0.0.1 www.deja-rue.com
    127.0.0.1 deja-rue.com
    127.0.0.1 www.delficodec.com
    127.0.0.1 delficodec.com
    127.0.0.1 www.democodec.com
    127.0.0.1 democodec.com
    127.0.0.1 www.derklaif.biz
    127.0.0.1 derklaif.biz
    127.0.0.1 www.derrari.it
    127.0.0.1 derrari.it
    127.0.0.1 desarrollocreativo.com
    127.0.0.1 www.deskbar.worldtostart.com
    127.0.0.1 deskbar.worldtostart.com
    127.0.0.1 www.deskwizz.com
    127.0.0.1 deskwizz.com
    127.0.0.1 www.destroy-spyware.net
    127.0.0.1 destroy-spyware.net
    127.0.0.1 www.destruktor.to.pl
    127.0.0.1 destruktor.to.pl
    127.0.0.1 www.detectivehound.com
    127.0.0.1 detectivehound.com
    127.0.0.1 www.detectivesearches.com
    127.0.0.1 detectivesearches.com
    127.0.0.1 dev.ntcor.com
    127.0.0.1 develip.com
    127.0.0.1 dewis.spb.ru
    127.0.0.1 dewis.us
    127.0.0.1 df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
    127.0.0.1 www.dgbusiness.com
    127.0.0.1 dgbusiness.com
    127.0.0.1 dialer2004.com
    127.0.0.1 www.dialerclub.com
    127.0.0.1 dialerclub.com
    127.0.0.1 www.dialer-shop.com
    127.0.0.1 dialer-shop.com
    127.0.0.1 www.dialoff.com
    127.0.0.1 dialoff.com
    127.0.0.1 www.did.i-used.cc
    127.0.0.1 did.i-used.cc
    127.0.0.1 dietpills4free.com
    127.0.0.1 dietpussy.com
    127.0.0.1 www.digikeygen.com
    127.0.0.1 digikeygen.com
    127.0.0.1 digistreamsa.com
    127.0.0.1 www.digitalcoders.net
    127.0.0.1 digitalcoders.net
    127.0.0.1 www.digitalfan.com
    127.0.0.1 digitalfan.com
    127.0.0.1 digital-pornography.com
    127.0.0.1 dionforvalleycouncil.org
    127.0.0.1 www.directdvdpro.com
    127.0.0.1 directdvdpro.com
    127.0.0.1 www.directnameservice.com
    127.0.0.1 directnameservice.com
    127.0.0.1 www.directporta.info
    127.0.0.1 directporta.info
    127.0.0.1 www.directsearchzone.com
    127.0.0.1 directsearchzone.com
    127.0.0.1 www.diskretter.com
    127.0.0.1 diskretter.com
    127.0.0.1 dist.checkin100.com
    127.0.0.1 dl.ad-ware.cc
    127.0.0.1 dl.malwarewipe.com
    127.0.0.1 dl.mcboo.com
    127.0.0.1 www.dl.targetsaver.com
    127.0.0.1 dl.targetsaver.com
    127.0.0.1 dl.web-nexus.net
    127.0.0.1 dl1.antivermins.com
    127.0.0.1 dl1.antivirgear.com
    127.0.0.1 dl1.spydawn.com
    127.0.0.1 dl1.virusprotectpro.com
    127.0.0.1 dl10.spyfalcon.com
    127.0.0.1 dl16.spyfalcon.com
    127.0.0.1 dl2.spyfalcon.com
    127.0.0.1 dl2.spyheal.com
    127.0.0.1 dl2.spywarestrike.com
    127.0.0.1 dl3.spyfalcon.com
    127.0.0.1 dl3.spyheal.com
    127.0.0.1 dl3.spywarestrike.com
    127.0.0.1 dl4.spyfalcon.com
    127.0.0.1 dl4.spywarestrike.com
    127.0.0.1 dl5.spyfalcon.com
    127.0.0.1 dl5.spywarestrike.com
    127.0.0.1 dl6.spywarestrike.com
    127.0.0.1 dl7.spywarestrike.com
    127.0.0.1 dl8.spyheal.com
    127.0.0.1 dl8.spywarestrike.com
    127.0.0.1 dl9.spyfalcon.com
    127.0.0.1 dload.contextplus.net
    127.0.0.1 www.dltsolution.com
    127.0.0.1 dltsolution.com
    127.0.0.1 www.dmcast.com
    127.0.0.1 dmcast.com
    127.0.0.1 www.dmqfirm.com
    127.0.0.1 dmqfirm.com
    127.0.0.1 www.dnaads.com
    127.0.0.1 dnaads.com
    127.0.0.1 dnl.mabou.org
    127.0.0.1 www.dns-look-up.com
    127.0.0.1 dns-look-up.com
    127.0.0.1 doctorwaldron.com
    127.0.0.1 document-not-found.pornpic.org
    127.0.0.1 doggyaction.com
    127.0.0.1 www.dogproblemswebsite.com
    127.0.0.1 dogproblemswebsite.com
    127.0.0.1 doktorxxx.com
    127.0.0.1 dollarrevenue.com
    127.0.0.1 www.domaincar.com
    127.0.0.1 domaincar.com
    127.0.0.1 domains2003.net
    127.0.0.1 domains-for-you-online.com
    127.0.0.1 domain-your-registration.com
    127.0.0.1 domkrat.com
    127.0.0.1 www.doofo.com
    127.0.0.1 doofo.com
    127.0.0.1 www.dota11.cn
    127.0.0.1 dota11.cn
    127.0.0.1 www.dotcomtoolbar.com
    127.0.0.1 dotcomtoolbar.com
    127.0.0.1 down.136136.net
    127.0.0.1 download.abetterinternet.com
    127.0.0.1 download.adintelligence.net
    127.0.0.1 www.download.antispywarebot.com
    127.0.0.1 download.antispywarebot.com
    127.0.0.1 www.download.bardownload.com
    127.0.0.1 download.bardownload.com
    127.0.0.1 www.download.bravesentry.com
    127.0.0.1 download.bravesentry.com
    127.0.0.1 download.cdn.drivecleaner.com
    127.0.0.1 download.cdn.errorsafe.com
    127.0.0.1 download.cdn.winsoftware.com
    127.0.0.1 download.contextplus.net
    127.0.0.1 download.errorsafe.com
    127.0.0.1 www.download.jupitersatellites.biz
    127.0.0.1 download.jupitersatellites.biz
    127.0.0.1 download.malwarealarm.com
    127.0.0.1 download.searchtabs.net
    127.0.0.1 www.download.secureyournet.biz
    127.0.0.1 download.secureyournet.biz
    127.0.0.1 download.spyonthis.net
    127.0.0.1 download.spy-shredder.com
    127.0.0.1 download.spywares-removal.info
    127.0.0.1 download.systemdoctor.com
    127.0.0.1 download.winantispyware.com
    127.0.0.1 download.winantivirus.com
    127.0.0.1 download.windrivecleaner.com
    127.0.0.1 download.winfixer.com
    127.0.0.1 download10.spywarequake.com
    127.0.0.1 download11.spywarequake.com
    127.0.0.1 download12.spywarequake.com
    127.0.0.1 download13.spywarequake.com
    127.0.0.1 download15.spywarequake.com
    127.0.0.1 download2.spywarequake.com
    127.0.0.1 www.download-2007.com
    127.0.0.1 download-2007.com
    127.0.0.1 download3.spyaxe.com
    127.0.0.1 download3.spywarequake.com
    127.0.0.1 www.download3xpics.com
    127.0.0.1 download3xpics.com
    127.0.0.1 download4.spyaxe.com
    127.0.0.1 download4.spywarequake.com
    127.0.0.1 download5.spyaxe.com
    127.0.0.1 download5.spywarequake.com
    127.0.0.1 download6.spyaxe.com
    127.0.0.1 download7.spywarequake.com
    127.0.0.1 download8.spywarequake.com
    127.0.0.1 download9.spywarequake.com
    127.0.0.1 www.downloadacceleratorsite.com
    127.0.0.1 downloadacceleratorsite.com
    127.0.0.1 www.download-ad-aware.com
    127.0.0.1 download-ad-aware.com
    127.0.0.1 www.download-all-4-free.com
    127.0.0.1 download-all-4-free.com
    127.0.0.1 www.download-all-area.com
    127.0.0.1 download-all-area.com
    127.0.0.1 www.download-antivir.com
    127.0.0.1 download-antivir.com
    127.0.0.1 www.downloadanysong.com
    127.0.0.1 downloadanysong.com
    127.0.0.1 www.downloadaresnow.com
    127.0.0.1 downloadaresnow.com
    127.0.0.1 www.download-avast.com
    127.0.0.1 download-avast.com
    127.0.0.1 www.downloadcorporation.com
    127.0.0.1 downloadcorporation.com
    127.0.0.1 www.download-dvdshrink.com
    127.0.0.1 download-dvdshrink.com
    127.0.0.1 www.download-for-free.net
    127.0.0.1 download-for-free.net
    127.0.0.1 www.downloadfreesoft.com
    127.0.0.1 downloadfreesoft.com
    127.0.0.1 www.downloadfreeway.com
    127.0.0.1 downloadfreeway.com
    127.0.0.1 www.downloadimesh.com
    127.0.0.1 downloadimesh.com
    127.0.0.1 www.download-itunes-now.com
    127.0.0.1 download-itunes-now.com
    127.0.0.1 www.download-limewire.org
    127.0.0.1 download-limewire.org
    127.0.0.1 www.downloadlost.tv
    127.0.0.1 downloadlost.tv
    127.0.0.1 www.downloadmax.net
    127.0.0.1 downloadmax.net
    127.0.0.1 www.download-mcafee.com
    127.0.0.1 download-mcafee.com
    127.0.0.1 download-me.info
    127.0.0.1 www.downloadmediaax.com
    127.0.0.1 downloadmediaax.com
    127.0.0.1 www.download-now.rmp1.info
    127.0.0.1 download-now.rmp1.info
    127.0.0.1 www.downloadpics.net
    127.0.0.1 downloadpics.net
    127.0.0.1 www.downloadprovider.net
    127.0.0.1 downloadprovider.net
    127.0.0.1 www.download-real-player.com
    127.0.0.1 download-real-player.com
    127.0.0.1 downloads.180solutions.com
    127.0.0.1 downloads.adaware.cc
    127.0.0.1 www.downloadservicearea.com
    127.0.0.1 downloadservicearea.com
    127.0.0.1 www.downloads-free.org
    127.0.0.1 downloads-free.org
    127.0.0.1 www.downloadsglobe.com
    127.0.0.1 downloadsglobe.com
    127.0.0.1 www.download-this.us
    127.0.0.1 download-this.us
    127.0.0.1 www.download-trillian.com
    127.0.0.1 download-trillian.com
    127.0.0.1 www.downloadv3.com
    127.0.0.1 downloadv3.com
    127.0.0.1 www.downloadvax.com
    127.0.0.1 downloadvax.com
    127.0.0.1 download-video.12w.net
    127.0.0.1 www.download-windvd.com
    127.0.0.1 download-windvd.com
    127.0.0.1 www.download-winrar.com
    127.0.0.1 download-winrar.com
    127.0.0.1 downloadwizard.com
    127.0.0.1 www.downloadxmoveis.com
    127.0.0.1 downloadxmoveis.com
    127.0.0.1 www.downloadxvids.com
    127.0.0.1 downloadxvids.com
    127.0.0.1 downloadzcenter.com
    127.0.0.1 downloadzcentral.com
    127.0.0.1 www.downloadzfree.com
    127.0.0.1 downloadzfree.com
    127.0.0.1 downloadznow.net
    127.0.0.1 www.download-zone-free.com
    127.0.0.1 download-zone-free.com
    127.0.0.1 www.download-zone-free.net
    127.0.0.1 download-zone-free.net
    127.0.0.1 dp-host.com
    127.0.0.1 dr.mcboo.com
    127.0.0.1 www.dr.webhancer.com
    127.0.0.1 dr.webhancer.com
    127.0.0.1 www.dr2.webhancer.com
    127.0.0.1 dr2.webhancer.com
    127.0.0.1 dr38.mcboo.com
    127.0.0.1 dr47.mcboo.com
    127.0.0.1 dragqueen.gay-clan.com
    127.0.0.1 www.drepubblica.it
    127.0.0.1 drepubblica.it
    127.0.0.1 www.drivecleaner.com
    127.0.0.1 drivecleaner.com
    127.0.0.1 www.drivecleanr.com
    127.0.0.1 drivecleanr.com
    127.0.0.1 drocherway.com
    127.0.0.1 www.dropspam.com
    127.0.0.1 dropspam.com
    127.0.0.1 drs54612.spywarebot.hop.clickbank.net
    127.0.0.1 drug-sources-exposed.com
    127.0.0.1 drvvv.com
    127.0.0.1 www.dsupereva.it
    127.0.0.1 dsupereva.it
    127.0.0.1 www.dtlproduct.com
    127.0.0.1 dtlproduct.com
    127.0.0.1 www.dudu.com
    127.0.0.1 dudu.com
    127.0.0.1 dulcineasystems.net
    127.0.0.1 dumpserv.com
    127.0.0.1 duolaimi.net
    127.0.0.1 dutch-sex.com
    127.0.0.1 www.dvdaccess.net
    127.0.0.1 dvdaccess.net
    127.0.0.1 dvdbank.org
    127.0.0.1 www.dvd-codec.com
    127.0.0.1 dvd-codec.com
    127.0.0.1 www.dvdcodec.net
    127.0.0.1 dvdcodec.net
    127.0.0.1 www.dvden.de
    127.0.0.1 dvden.de
    127.0.0.1 www.dvdsmovies.net
    127.0.0.1 dvdsmovies.net
    127.0.0.1 www.dvdsvideos.net
    127.0.0.1 dvdsvideos.net
    127.0.0.1 www.dvdtocdsite.com
    127.0.0.1 dvdtocdsite.com
    127.0.0.1 www.dvdxgold.com
    127.0.0.1 dvdxgold.com
    127.0.0.1 www.dvdxpremium.com
    127.0.0.1 dvdxpremium.com
    127.0.0.1 www.dvicodec.com
    127.0.0.1 dvicodec.com
    127.0.0.1 dynamique.drivecleaner.com
    127.0.0.1 www.e3bay.it
    127.0.0.1 e3bay.it
    127.0.0.1 www.e4bay.it
    127.0.0.1 e4bay.it
    127.0.0.1 eager-sex.com
    127.0.0.1 www.earthllnk.net
    127.0.0.1 earthllnk.net
    127.0.0.1 eases.net
    127.0.0.1 easyantispy.com
    127.0.0.1 www.easybestdeals.com
    127.0.0.1 easybestdeals.com
    127.0.0.1 easycategories.com
    127.0.0.1 www.easycdrip.com
    127.0.0.1 easycdrip.com
    127.0.0.1 www.easymovieplayer.com
    127.0.0.1 easymovieplayer.com
    127.0.0.1 www.easymp3musicnow.com
    127.0.0.1 easymp3musicnow.com
    127.0.0.1 www.easymus.cn
    127.0.0.1 easymus.cn
    127.0.0.1 www.easy-pharmacy.info
    127.0.0.1 easy-pharmacy.info
    127.0.0.1 www.easypspdownloads.com
    127.0.0.1 easypspdownloads.com
    127.0.0.1 easy-search.net
    127.0.0.1 www.easysearch4you.com
    127.0.0.1 easysearch4you.com
    127.0.0.1 easysearchingtips.com
    127.0.0.1 www.easyspyware.com
    127.0.0.1 easyspyware.com
    127.0.0.1 www.easywww.info
    127.0.0.1 easywww.info
    127.0.0.1 www.eazel.com
    127.0.0.1 eazel.com
    127.0.0.1 www.eba6y.it
    127.0.0.1 eba6y.it
    127.0.0.1 www.eba7y.it
    127.0.0.1 eba7y.it
    127.0.0.1 www.ebaay.it
    127.0.0.1 ebaay.it
    127.0.0.1 www.ebagy.it
    127.0.0.1 ebagy.it
    127.0.0.1 www.ebahy.it
    127.0.0.1 ebahy.it
    127.0.0.1 www.ebajy.it
    127.0.0.1 ebajy.it
    127.0.0.1 www.ebaqy.it
    127.0.0.1 ebaqy.it
    127.0.0.1 www.ebasy.it
    127.0.0.1 ebasy.it
    127.0.0.1 www.ebaty.it
    127.0.0.1 ebaty.it
    127.0.0.1 www.ebauy.it
    127.0.0.1 ebauy.it
    127.0.0.1 ebav.com
    127.0.0.1 ebaw.com
    127.0.0.1 www.ebawy.it
    127.0.0.1 ebawy.it
    127.0.0.1 www.ebaxy.it
    127.0.0.1 ebaxy.it
    127.0.0.1 www.ebay6.it
    127.0.0.1 ebay6.it
    127.0.0.1 www.ebay7.it
    127.0.0.1 ebay7.it
    127.0.0.1 www.ebayg.it
    127.0.0.1 ebayg.it
    127.0.0.1 www.ebayh.it
    127.0.0.1 ebayh.it
    127.0.0.1 www.ebayj.it
    127.0.0.1 ebayj.it
    127.0.0.1 www.ebayt.it
    127.0.0.1 ebayt.it
    127.0.0.1 www.ebayu.it
    127.0.0.1 ebayu.it
    127.0.0.1 www.ebazy.it
    127.0.0.1 ebazy.it
    127.0.0.1 ebch.com
    127.0.0.1 ebdv.com
    127.0.0.1 ebdw.com
    127.0.0.1 www.ebestfind.org
    127.0.0.1 ebestfind.org
    127.0.0.1 www.ebgay.it
    127.0.0.1 ebgay.it
    127.0.0.1 ebgo.com
    127.0.0.1 www.ebhay.it
    127.0.0.1 ebhay.it
    127.0.0.1 www.ebizentrepreneur.com
    127.0.0.1 ebizentrepreneur.com
    127.0.0.1 ebjp.com
    127.0.0.1 ebkb.com
    127.0.0.1 ebkn.com
    127.0.0.1 ebky.com
    127.0.0.1 eblv.com
    127.0.0.1 ebmu.com
    127.0.0.1 www.ebnay.it
    127.0.0.1 ebnay.it
    127.0.0.1 ebonypornmag.com
    127.0.0.1 www.ebonypornmag.com
    127.0.0.1 ebony-pornmag.com
    127.0.0.1 www.ebony-pornmag.com
    127.0.0.1 www.ebqay.it
    127.0.0.1 ebqay.it
    127.0.0.1 www.ebsay.it
    127.0.0.1 ebsay.it
    127.0.0.1 www.ebsy.it
    127.0.0.1 ebsy.it
    127.0.0.1 www.ebvay.it
    127.0.0.1 ebvay.it
    127.0.0.1 ebvr.com
    127.0.0.1 www.ebway.it
    127.0.0.1 ebway.it
    127.0.0.1 www.ebwmanufacture.com
    127.0.0.1 ebwmanufacture.com
    127.0.0.1 www.ebxay.it
    127.0.0.1 ebxay.it
    127.0.0.1 www.ebzay.it
    127.0.0.1 ebzay.it
    127.0.0.1 www.echterschutz.com
    127.0.0.1 echterschutz.com
    127.0.0.1 ecmh.com
    127.0.0.1 ecmp.com
    127.0.0.1 ecosrioplatenses.org
    127.0.0.1 ecpm.com
    127.0.0.1 ecstasyporn.net
    127.0.0.1 ecwz.com
    127.0.0.1 ecyb.com
    127.0.0.1 www.edbay.it
    127.0.0.1 edbay.it
    127.0.0.1 edhq.com
    127.0.0.1 www.edietprogram.com
    127.0.0.1 edietprogram.com
    127.0.0.1 edty.com
    127.0.0.1 eduy.com
    127.0.0.1 www.eebay.it
    127.0.0.1 eebay.it
    127.0.0.1 eeev.com
    127.0.0.1 www.eepubblica.it
    127.0.0.1 eepubblica.it
    127.0.0.1 www.efbay.it
    127.0.0.1 efbay.it
    127.0.0.1 www.efcsoftware.com
    127.0.0.1 efcsoftware.com
    127.0.0.1 www.egbay.it
    127.0.0.1 egbay.it
    127.0.0.1 www.ehbay.it
    127.0.0.1 ehbay.it
    127.0.0.1 eikokoike.com
    127.0.0.1 elite122.adalert.hop.clickbank.net
    127.0.0.1 www.elitecodec.com
    127.0.0.1 elitecodec.com
    127.0.0.1 www.elitemediagroup.net
    127.0.0.1 elitemediagroup.net
    127.0.0.1 www.eliteprotector.com
    127.0.0.1 eliteprotector.com
    127.0.0.1 www.elitespywareremoval.com
    127.0.0.1 elitespywareremoval.com
    127.0.0.1 e-localad.com
    127.0.0.1 www.elseif.biz
    127.0.0.1 elseif.biz
    127.0.0.1 www.emailicon.org
    127.0.0.1 emailicon.org
    127.0.0.1 emch.com
    127.0.0.1 www.emcodec.com
    127.0.0.1 emcodec.com
    127.0.0.1 www.emediacodec.com
    127.0.0.1 emediacodec.com
    127.0.0.1 www.e-mp3now.com
    127.0.0.1 e-mp3now.com
    127.0.0.1 www.emule.click-new-download.com
    127.0.0.1 emule.click-new-download.com
    127.0.0.1 www.emule.mp3-muzic.com
    127.0.0.1 emule.mp3-muzic.com
    127.0.0.1 www.emuledownloadhome.com
    127.0.0.1 emuledownloadhome.com
    127.0.0.1 www.emule-freebie.com
    127.0.0.1 emule-freebie.com
    127.0.0.1 www.enay.it
    127.0.0.1 enay.it
    127.0.0.1 www.enbay.it
    127.0.0.1 enbay.it
    127.0.0.1 www.encodeinstrument.com
    127.0.0.1 encodeinstrument.com
    127.0.0.1 www.endcodec.com
    127.0.0.1 endcodec.com
    127.0.0.1 www.energy-factor.com
    127.0.0.1 energy-fac
    20 Octobre 2008 21:34:55

    je reposte le rapport hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 21:31:47, on 20/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\brastk.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\dev\xampplite\apache\bin\apache.exe
    C:\dev\xampplite\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\dev\xampplite\apache\bin\apache.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\christine\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_35.cab
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Unknown owner - C:\dev\xampplite\apache\bin\apache.exe" -k runservice (file missing)
    O23 - Service: mysql - Unknown owner - C:\dev\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\dev\xampplite\service.exe

    20 Octobre 2008 21:41:23

    par contre internet remarche vite... ça c'est cool...
    20 Octobre 2008 21:51:14

    re

    tu peux me poster le rapport de smitfraudfix en enlevant les

    Citation :
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com

    car c'est trop long
    20 Octobre 2008 21:57:40

    bien sur:
    SmitFraudFix v2.365

    Rapport fait à 21:23:31,03, 20/10/2008
    Executé à partir de C:\Documents and Settings\christine\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est FAT32
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    *****les**************
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    ************************

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.
    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\brastk.exe supprimé
    C:\WINDOWS\system32\drivers\svchost.exe supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri



    »»»»»»»»»»»»»»»»»»»»»»»» RK


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{228B624C-E3B1-4EC2-8CD4-07010DB3E8B4}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{875C0570-2674-45FD-8A00-CC3B2DBC727D}: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.30.1 0.0.0.0


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    20 Octobre 2008 21:58:43

    re

    tu vas remonter deux fichiers au développeur de SmitFraudFix pour permettre une mise à jour de l'outil:

    rends toi à la page:
    http://siri.urz.free.fr/upload/

    Ensuite il faut copier-coller l'adresse du forum où il y a ton sujet :
    http://www.infos-du-net.com/forum/283013-11-virus-avira...


    Puis copie-colle dans la seconde ligne (à côté du bouton [Parcourir...]) le chemin du fichier à uploader :
    C:\WINDOWS\brastk.exe



    Enfin cliquer sur [Upload]

    même chose avec
    C:\WINDOWS\system32\drivers\svchost.exe <<<----- je pense que celui là n'y est plus, il ne doit rester que la clé :) 

    tu me dis quand c'est fait :) 
    20 Octobre 2008 22:02:27

    le premier est fait.
    par contre pour le second : C:\WINDOWS\system32\drivers\svchost.exe
    il n'existe pas !!!
    20 Octobre 2008 22:07:09

    merci ^^

    Citation :
    par contre pour le second : C:\WINDOWS\system32\drivers\svchost.exe
    il n'existe pas !!!

    il me semble que je te l'ai dit ;O)
    je voulais juste vérifier...

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM



    20 Octobre 2008 22:12:56

    Citation :

    par contre pour le second : C:\WINDOWS\system32\drivers\svchost.exe
    il n'existe pas !!!
    exact tu m'avais prévenu. :na: 

    le fichier récupéré "MalwareByte's Anti-Malware"
    ne semble pas fonctionner (fenetre dos ouverte qui ne fait rien)

    quand je clique sur le lien "MalwareByte's Anti-Malware" j'arrive a une page "not found"
    quand je fait bouton droit "enregistrer sous..." j'ai un exe qui ne répond pas ...
    20 Octobre 2008 22:17:32

    re
    On change... ;) 

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs :
    ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    ajoute un nouveau rapport Hijackthis.
    20 Octobre 2008 22:21:58

    oula la ca me fait peur : même problème
    j'ai réussi a télécharger ComboFix.exe mais la fenetre dos reste bloqué.
    20 Octobre 2008 22:23:43

    quand je dis meme probleme c'est :

    quand je clique sur le lien "ComboFix.exe" j'arrive a une page "not found"
    quand je fait bouton droit "enregistrer sous..." j'ai un exe qui ne répond pas ...
    21 Octobre 2008 10:36:01

    j'ai récupéré MalwareByte's Anti-Malware & combofix à mon boulot puisque je n'arrive définitivement pas à les récupérer depuis chez moi.

    Ce soir je commence par quelle activité à ton avis ?
    MalwareByte's Anti-Malware
    ou
    ComboFix ?

    je pensais faire MalwareByte's Anti-Malware...
    21 Octobre 2008 22:19:24

    bonsoir,
    j'ai passé MalwareByte's Anti-Malware,
    il a trouvé tout plein de trucs que j'ai supprimé.

    voici le rapport :
    Malwarebytes' Anti-Malware 1.29
    Version de la base de données: 1276
    Windows 5.1.2600 Service Pack 3

    21/10/2008 22:09:57
    mbam-log-2008-10-21 (22-09-57).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 172350
    Temps écoulé: 3 hour(s), 2 minute(s), 55 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Trojan.HumourCanine) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\Conduit\Community Alerts\Alert.dll (Trojan.HumourCanine) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\christine\Local Settings\Temp\TDSS5480.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\christine\Local Settings\Temp\TDSS5490.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSbrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    21 Octobre 2008 22:30:11

    Je reposte un Hijackthis. Est ce que tout semble normal docteur ? merci d'avance pour la réponse, et pour l'aide.
    ------------------------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:25:28, on 21/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\dev\xampplite\apache\bin\apache.exe
    C:\dev\xampplite\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\dev\xampplite\apache\bin\apache.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_35.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\dev\xampplite\apache\bin\apache.exe
    O23 - Service: mysql - Unknown owner - C:\dev\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\dev\xampplite\service.exe

    --
    End of file - 4278 bytes
    21 Octobre 2008 23:16:02

    Bonsoir
    bonnes inititiatives ;) 

    passe ComboFix maintenant et poste le rapport.
    22 Octobre 2008 21:03:29

    merci pour ta réponse.
    Ce qui me gène c'est le
    Hé voili voilou:
    ---------------------------------------------------------------------------
    ComboFix 08-10-21.05 - christine 2008-10-22 20:47:59.4 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.169 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\christine\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-21 22:25 . 2008-10-21 22:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 19:06 . 2008-10-21 19:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-10-21 18:59 . 2008-10-21 19:00 <REP> d-------- C:\Documents and Settings\christine\Application Data\Malwarebytes
    2008-10-21 18:59 . 2008-10-21 18:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-20 21:15 . 2008-10-20 21:15 <REP> d--h----- C:\WINDOWS\PIF
    2008-10-19 21:29 . 2008-10-19 21:29 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-14 20:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-14 20:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-14 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 18:22 11,532 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 17:31 --------- d-----w C:\Program Files\Photosynth
    2008-08-23 06:54 --------- d-----w C:\Program Files\UxTheme Multipatcher Fr
    2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-20 05:10 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-08-20 05:10 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-08-20 05:10 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-20 05:10 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-03-11 07:37 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
    2008-03-11 07:36 2,722 ---ha-w C:\Documents and Settings\christine\hpothb07.dat
    2005-07-03 18:58 560 ----a-w C:\Documents and Settings\christine\Application Data\ViewerApp.dat
    1996-08-02 13:09 80,486 ----a-w C:\Program Files\CITYST.MAP
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
    "nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= vdrcodec.dll
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmqlt.sys]
    @="driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-03 22:32 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-03 22:31 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --a------ 2004-03-11 00:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 18:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2005-12-08 20:18 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2002-02-05 14:05 46592 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "vsmon"=3 (0x3)
    "Pml Driver HPZ12"=3 (0x3)
    "NVSvc"=2 (0x2)
    "C-DillaCdaC11BA"=2 (0x2)
    "Tomcat5"=3 (0x3)
    "FreeProxy"=2 (0x2)
    "gusvc"=3 (0x3)
    "AVG Anti-Spyware Guard"=2 (0x2)
    "LBTServ"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\dev\\IntelliJ-IDEA-3.0.4\\bin\\idea.exe"=
    "C:\\Program Files\\Java\\jdk1.5.0_06\\bin\\java.exe"=
    "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
    "C:\\Program Files\\eMule\\EMULE.EXE"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18910:TCP"= 18910:TCP:BitComet 18910 TCP
    "18910:UDP"= 18910:UDP:BitComet 18910 UDP

    R1 Odptdi;Odptdi;C:\WINDOWS\system32\drivers\odptdi.sys [2006-08-03 31232]
    R2 Apache2.2;Apache2.2;C:\dev\xampplite\apache\bin\apache.exe [2008-06-14 17408]
    R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S2 XAMPP;XAMPP Service;C:\dev\xampplite\service.exe [2006-10-23 60928]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2001-02-07 34864]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    S3 USBFMC;SvcDesc=USB Flash Memory Controller Service;C:\WINDOWS\system32\Drivers\USBFMC.sys [2000-05-16 34612]
    S3 WN6201;Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\WN6201.sys [2005-06-17 457472]
    S4 FreeProxy;Free Proxy Service;C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe [2006-04-04 356352]
    S4 Tomcat5;Apache Tomcat;C:\Tomcat 5.5\bin\tomcat5.exe [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-16 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1060076188.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]

    2008-10-09 C:\WINDOWS\Tasks\WebReg 20081009140729.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2003-04-06 01:01]

    2008-10-10 C:\WINDOWS\Tasks\WebReg 20081010142840.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2003-04-06 01:01]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKU-Default-Run-brastk - C:\WINDOWS\system32\brastk.exe
    MSConfigStartUp-avast! - C:\PROGRA~1\Avast\ashDisp.exe
    MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
    MSConfigStartUp-Configuration de la C-BOX - C:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
    MSConfigStartUp-ExtraFilmHemmaAgent - C:\Program Files\WistitiSoft\Agent.exe
    MSConfigStartUp-gigabit - C:\WINDOWS\System32\gigabit.exe
    MSConfigStartUp-PC Connection Agent - C:\program files\viamichelin\WCESCOMM.EXE
    MSConfigStartUp-PCShield - C:\WINDOWS\System32\sfg_6806.dll
    MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    MSConfigStartUp-tcpipmon - tcpipmon.exe


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\christine\Application Data\Mozilla\Firefox\Profiles\zlgjhcyp.default\
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_10\bin\NPOJI610.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPPOKER.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPSNOOKER.dll
    FF -: plugin - C:\Program Files\Photosynth\npPhotosynthMozilla.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-22 20:54:14
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\DEV\XAMPPLITE\MYSQL\BIN\MYSQLD-NT.EXE
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-22 20:57:42 - La machine a redémarré
    ComboFix2.txt 2008-01-04 21:26:30
    ComboFix-quarantined-files.txt 2008-10-22 18:57:36

    Avant-CF: 12 950 798 336 octets libres
    Après-CF: 12,997,525,504 octets libres

    213 --- E O F --- 2008-10-14 18:49:35
    22 Octobre 2008 22:04:24

    re

    Etape 1

    supprime ta version de ComBofix
    Désinstalle combofix en suivant cette procédure:

  • Menu démarrer puis exécuter
  • Tape maintenant Combofix /u dans la fenêtre que apparaît puis valide par OK. Veille à bien laisser un espace entre le X et le /U, car cela est nécessaire ici.


    (on va travailler à partir d'une version plus récente)


    Etape 2

    retélécharge ComboFix et installe-le sur ton bureau:
    ComboFix.exe

    Etape 3

    Merci de visiter ce lien pour savoir comment installer et exécuter ComboFix :

    http://www.bleepingcomputer.com/combofix/fr/comment-uti...

    Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.

    Une fois la console de récupération installée, tu auras le choix au démarrage entre ton windows habituel et la console de récupération. Lance votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, ton OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal :) 

    Etape 4

    Copie (Ctrl+C) le texte ci-dessous :
    Rootkit::
    C:\WINDOWS\system32\TDSSosvd.dat

    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmqlt.sys]




    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture


  • Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
  • Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt




    Etape 5


    Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\WINDOWS\system32\drivers\odptdi.sys

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
    24 Octobre 2008 20:52:35

    Salut...
    Je n'arrive pas a glisser lâcher les icones sur ComboFix.exe.
    J'ai quand même réussi à lancer ComboFix avec le fichier txt que tu m'as fait créer grâce à "ouvrir avec".
    Par contre comme le fichier téléchargé pour l'installation de la console de réparation est un exe, on ne peut pas faire "ouvrir avec". Même en ligne de commande en tapant "ComboFix WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe", il ne prend pas l'argument.

    Sinon j'ai tout fait la suite et voila le rapport de l'analyse de odptdi.sys :
    -----------------------------------------------------------------------------------------

    Fichier odptdi.sys reçu le 2008.10.24 20:46:40 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.24.3 2008.10.24 -
    AntiVir 7.9.0.9 2008.10.24 -
    Authentium 5.1.0.4 2008.10.24 -
    Avast 4.8.1248.0 2008.10.24 -
    AVG 8.0.0.161 2008.10.24 -
    BitDefender 7.2 2008.10.24 -
    CAT-QuickHeal 9.50 2008.10.24 -
    ClamAV 0.93.1 2008.10.24 -
    DrWeb 4.44.0.09170 2008.10.24 -
    eSafe 7.0.17.0 2008.10.23 -
    eTrust-Vet 31.6.6167 2008.10.24 -
    Ewido 4.0 2008.10.24 -
    F-Prot 4.4.4.56 2008.10.24 -
    F-Secure 8.0.14332.0 2008.10.24 -
    Fortinet 3.113.0.0 2008.10.24 -
    GData 19 2008.10.24 -
    Ikarus T3.1.1.44.0 2008.10.24 -
    K7AntiVirus 7.10.506 2008.10.24 -
    Kaspersky 7.0.0.125 2008.10.24 -
    McAfee 5414 2008.10.24 -
    Microsoft 1.4005 2008.10.24 -
    NOD32 3552 2008.10.24 -
    Norman 5.80.02 2008.10.24 -
    Panda 9.0.0.4 2008.10.24 -
    PCTools 4.4.2.0 2008.10.24 -
    Prevx1 V2 2008.10.24 -
    Rising 21.00.42.00 2008.10.24 -
    SecureWeb-Gateway 6.7.6 2008.10.24 -
    Sophos 4.35.0 2008.10.24 -
    Sunbelt 3.1.1749.1 2008.10.23 -
    Symantec 10 2008.10.24 -
    TheHacker 6.3.1.0.126 2008.10.23 -
    TrendMicro 8.700.0.1004 2008.10.24 -
    VBA32 3.12.8.8 2008.10.22 -
    ViRobot 2008.10.24.1436 2008.10.24 -
    VirusBuster 4.5.11.0 2008.10.24 -
    Information additionnelle
    File size: 31232 bytes
    MD5...: 6d52da6a2e0ca4984c66d2e913603d48
    SHA1..: 820ba7c45f8c06df9ada06b1b49afd40860f47fa
    SHA256: afcd805321b03ceb5616771c35ff52a46daaa4586a613a1d4a3a07764eb0309b
    SHA512: 7ef8a69fa83e7b791d543474534a5f0c8aca0880d5ed2472fed4809656afb196<br>87d953175cec31cd0e6ee583db650a9f02e478e4e2bebb55b6446cb1a66dcec7
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (87.2%)<br>Win32 Executable Generic (8.6%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16400<br>timedatestamp.....: 0x44d2623d (Thu Aug 03 20:53:17 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x400 0x4dea 0x4e00 6.56 577776098bfcddb01e91781c64d18c58<br>.data 0x5200 0x3a0 0x400 2.65 beaa33ccfef141cf84c2a487d318ca1f<br>PAGE 0x5600 0xacb 0xc00 5.96 5a762e6808082ab1c1d38f44cbe24898<br>.edata 0x6200 0x33 0x200 0.42 286cc0e24cf8c5469fae8b97befcebcc<br>INIT 0x6400 0x6bc 0x800 4.99 04eb7fbc1f7a2d1ef34e2a66c0aa5be4<br>.rsrc 0x6c00 0x470 0x600 2.64 31e3f1ab4a614de098b85b584f0cd8c9<br>.reloc 0x7200 0x60e 0x800 4.06 a7ee250295551098db676e2f950a4c54<br><br>( 3 imports ) <br>> HAL.dll: KfReleaseSpinLock, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock<br>> ntoskrnl.exe: ExAllocatePoolWithTag, ExFreePoolWithTag, IoDeleteDevice, IoAttachDeviceToDeviceStack, ObfDereferenceObject, IoCreateDevice, IoGetDeviceObjectPointer, RtlInitUnicodeString, IofCompleteRequest, IoDeleteSymbolicLink, IoCreateSymbolicLink, MmIsAddressValid, MmMapLockedPagesSpecifyCache, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwClose, KeQuerySystemTime, KeInitializeMutex, ZwQueryInformationFile, ZwSetInformationFile, wcscpy, wcslen, ZwCreateFile, KeWaitForSingleObject, KeInitializeEvent, ZwWriteFile, ZwReadFile, _purecall, KeSetEvent, IofCallDriver, _vsnprintf, _snprintf, IoFreeMdl, MmUnlockPages, MmBuildMdlForNonPagedPool, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, wcschr, PsTerminateSystemThread, KeWaitForMultipleObjects, ObReferenceObjectByHandle, PsCreateSystemThread, KeReleaseMutex, IoFreeIrp, IoAllocateIrp, wcscmp, IoGetCurrentProcess, strncpy, PsGetCurrentProcessId, towlower, wcscat, wcsrchr, KeInitializeSpinLock<br>> TDI.SYS: TdiMapUserRequest<br><br>( 0 exports ) <br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.10.24.3 2008.10.24 -
    AntiVir 7.9.0.9 2008.10.24 -
    Authentium 5.1.0.4 2008.10.24 -
    Avast 4.8.1248.0 2008.10.24 -
    AVG 8.0.0.161 2008.10.24 -
    BitDefender 7.2 2008.10.24 -
    CAT-QuickHeal 9.50 2008.10.24 -
    ClamAV 0.93.1 2008.10.24 -
    DrWeb 4.44.0.09170 2008.10.24 -
    eSafe 7.0.17.0 2008.10.23 -
    eTrust-Vet 31.6.6167 2008.10.24 -
    Ewido 4.0 2008.10.24 -
    F-Prot 4.4.4.56 2008.10.24 -
    F-Secure 8.0.14332.0 2008.10.24 -
    Fortinet 3.113.0.0 2008.10.24 -
    GData 19 2008.10.24 -
    Ikarus T3.1.1.44.0 2008.10.24 -
    K7AntiVirus 7.10.506 2008.10.24 -
    Kaspersky 7.0.0.125 2008.10.24 -
    McAfee 5414 2008.10.24 -
    Microsoft 1.4005 2008.10.24 -
    NOD32 3552 2008.10.24 -
    Norman 5.80.02 2008.10.24 -
    Panda 9.0.0.4 2008.10.24 -
    PCTools 4.4.2.0 2008.10.24 -
    Prevx1 V2 2008.10.24 -
    Rising 21.00.42.00 2008.10.24 -
    SecureWeb-Gateway 6.7.6 2008.10.24 -
    Sophos 4.35.0 2008.10.24 -
    Sunbelt 3.1.1749.1 2008.10.23 -
    Symantec 10 2008.10.24 -
    TheHacker 6.3.1.0.126 2008.10.23 -
    TrendMicro 8.700.0.1004 2008.10.24 -
    VBA32 3.12.8.8 2008.10.22 -
    ViRobot 2008.10.24.1436 2008.10.24 -
    VirusBuster 4.5.11.0 2008.10.24 -

    Information additionnelle
    File size: 31232 bytes
    MD5...: 6d52da6a2e0ca4984c66d2e913603d48
    SHA1..: 820ba7c45f8c06df9ada06b1b49afd40860f47fa
    SHA256: afcd805321b03ceb5616771c35ff52a46daaa4586a613a1d4a3a07764eb0309b
    SHA512: 7ef8a69fa83e7b791d543474534a5f0c8aca0880d5ed2472fed4809656afb196<br>87d953175cec31cd0e6ee583db650a9f02e478e4e2bebb55b6446cb1a66dcec7
    PEiD..: -
    TrID..: File type identification<br>Win64 Executable Generic (87.2%)<br>Win32 Executable Generic (8.6%)<br>Generic Win/DOS Executable (2.0%)<br>DOS Executable Generic (2.0%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x16400<br>timedatestamp.....: 0x44d2623d (Thu Aug 03 20:53:17 2006)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x400 0x4dea 0x4e00 6.56 577776098bfcddb01e91781c64d18c58<br>.data 0x5200 0x3a0 0x400 2.65 beaa33ccfef141cf84c2a487d318ca1f<br>PAGE 0x5600 0xacb 0xc00 5.96 5a762e6808082ab1c1d38f44cbe24898<br>.edata 0x6200 0x33 0x200 0.42 286cc0e24cf8c5469fae8b97befcebcc<br>INIT 0x6400 0x6bc 0x800 4.99 04eb7fbc1f7a2d1ef34e2a66c0aa5be4<br>.rsrc 0x6c00 0x470 0x600 2.64 31e3f1ab4a614de098b85b584f0cd8c9<br>.reloc 0x7200 0x60e 0x800 4.06 a7ee250295551098db676e2f950a4c54<br><br>( 3 imports ) <br>> HAL.dll: KfReleaseSpinLock, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex, KfAcquireSpinLock<br>> ntoskrnl.exe: ExAllocatePoolWithTag, ExFreePoolWithTag, IoDeleteDevice, IoAttachDeviceToDeviceStack, ObfDereferenceObject, IoCreateDevice, IoGetDeviceObjectPointer, RtlInitUnicodeString, IofCompleteRequest, IoDeleteSymbolicLink, IoCreateSymbolicLink, MmIsAddressValid, MmMapLockedPagesSpecifyCache, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwClose, KeQuerySystemTime, KeInitializeMutex, ZwQueryInformationFile, ZwSetInformationFile, wcscpy, wcslen, ZwCreateFile, KeWaitForSingleObject, KeInitializeEvent, ZwWriteFile, ZwReadFile, _purecall, KeSetEvent, IofCallDriver, _vsnprintf, _snprintf, IoFreeMdl, MmUnlockPages, MmBuildMdlForNonPagedPool, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, wcschr, PsTerminateSystemThread, KeWaitForMultipleObjects, ObReferenceObjectByHandle, PsCreateSystemThread, KeReleaseMutex, IoFreeIrp, IoAllocateIrp, wcscmp, IoGetCurrentProcess, strncpy, PsGetCurrentProcessId, towlower, wcscat, wcsrchr, KeInitializeSpinLock<br>> TDI.SYS: TdiMapUserRequest<br><br>( 0 exports ) <br>
    25 Octobre 2008 00:55:52

    bonsoir

    Citation :
    Je n'arrive pas a glisser lâcher les icones sur ComboFix.exe.
    J'ai quand même réussi à lancer ComboFix avec le fichier txt que tu m'as fait créer grâce à "ouvrir avec".

    tu me postes le rapport?
    25 Octobre 2008 15:17:08

    bien sur pardon :
    --------------------------------------------------------------------------------------------
    ComboFix 08-10-24.01 - christine 2008-10-24 20:33:49.7 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.242 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\christine\Bureau\ComboFix.exe
    Commutateurs utilisés :: C:\Documents and Settings\christine\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-24 au 2008-10-24 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-24 13:00 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-21 22:25 . 2008-10-21 22:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 19:06 . 2008-10-21 19:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-10-21 18:59 . 2008-10-21 19:00 <REP> d-------- C:\Documents and Settings\christine\Application Data\Malwarebytes
    2008-10-21 18:59 . 2008-10-21 18:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-20 21:15 . 2008-10-20 21:15 <REP> d--h----- C:\WINDOWS\PIF
    2008-10-19 21:29 . 2008-10-19 21:29 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-14 20:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-14 20:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-14 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 18:22 11,532 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 17:31 --------- d-----w C:\Program Files\Photosynth
    2008-08-20 05:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-20 05:10 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-08-20 05:10 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-08-20 05:10 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-20 05:10 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-03-11 07:37 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
    2008-03-11 07:36 2,722 ---ha-w C:\Documents and Settings\christine\hpothb07.dat
    2005-07-03 18:58 560 ----a-w C:\Documents and Settings\christine\Application Data\ViewerApp.dat
    1996-08-02 13:09 80,486 ----a-w C:\Program Files\CITYST.MAP
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-22_20.57.05.45 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-14 02:33:34 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
    + 2008-10-15 16:35:44 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
    "nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-05-02 02:42 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= vdrcodec.dll
    "MSACM.CEGSM"= mobilev.acm
    "VIDC.MJPG"= Pvmjpg30.dll
    "VIDC.PIM1"= pclepim1.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\DOCUME~1\ALLUSE~1\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    --a------ 2004-08-03 22:32 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    --a------ 2004-08-03 22:31 59392 C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2006-10-22 12:22 7700480 C:\WINDOWS\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    --a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    --a------ 2004-08-03 22:32 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    --a------ 2008-02-26 03:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    --a------ 2004-03-11 00:26 406016 C:\WINDOWS\system32\PSDrvCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    --a------ 2006-07-07 18:45 1052672 C:\Program Files\SuperCopier2\SuperCopier2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2005-12-08 20:18 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    --a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2006-10-22 12:22 86016 C:\WINDOWS\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    -ra------ 2002-02-05 14:05 46592 C:\WINDOWS\SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "vsmon"=3 (0x3)
    "Pml Driver HPZ12"=3 (0x3)
    "NVSvc"=2 (0x2)
    "C-DillaCdaC11BA"=2 (0x2)
    "Tomcat5"=3 (0x3)
    "FreeProxy"=2 (0x2)
    "gusvc"=3 (0x3)
    "AVG Anti-Spyware Guard"=2 (0x2)
    "LBTServ"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\dev\\IntelliJ-IDEA-3.0.4\\bin\\idea.exe"=
    "C:\\Program Files\\Java\\jdk1.5.0_06\\bin\\java.exe"=
    "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
    "C:\\Program Files\\eMule\\EMULE.EXE"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "18910:TCP"= 18910:TCP:BitComet 18910 TCP
    "18910:UDP"= 18910:UDP:BitComet 18910 UDP

    R1 Odptdi;Odptdi;C:\WINDOWS\system32\drivers\odptdi.sys [2006-08-03 31232]
    R2 Apache2.2;Apache2.2;C:\dev\xampplite\apache\bin\apache.exe [2008-06-14 17408]
    R3 AEXPAM;Philips SmartManage Service;C:\WINDOWS\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
    S1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S2 XAMPP;XAMPP Service;C:\dev\xampplite\service.exe [2006-10-23 60928]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2001-02-07 34864]
    S3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
    S3 USBFMC;SvcDesc=USB Flash Memory Controller Service;C:\WINDOWS\system32\Drivers\USBFMC.sys [2000-05-16 34612]
    S3 WN6201;Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\WN6201.sys [2005-06-17 457472]
    S4 FreeProxy;Free Proxy Service;C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe [2006-04-04 356352]
    S4 Tomcat5;Apache Tomcat;C:\Tomcat 5.5\bin\tomcat5.exe [ ]
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-16 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1060076188.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]

    2008-10-09 C:\WINDOWS\Tasks\WebReg 20081009140729.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2003-04-06 01:01]

    2008-10-10 C:\WINDOWS\Tasks\WebReg 20081010142840.job
    - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2003-04-06 01:01]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-24 20:38:06
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme]
    "ImagePath"="\??\C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\catchme.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme]
    "ImagePath"="\??\C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\catchme.sys"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\nview.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\DEV\XAMPPLITE\MYSQL\BIN\MYSQLD-NT.EXE
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-10-24 20:42:01 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-10-24 18:41:56
    ComboFix4.txt 2008-10-22 18:57:44
    ComboFix3.txt 2008-10-24 18:26:40
    ComboFix5.txt 2008-10-24 18:32:34
    ComboFix2.txt 2008-10-24 18:31:50

    Avant-CF: 12 709 593 088 octets libres
    Après-CF: 12,728,991,744 octets libres

    184 --- E O F --- 2008-10-24 11:28:05
    25 Octobre 2008 15:19:06

    une idée pourquoi je ne peux pas créer la "la console de récupération windows" ?
    25 Octobre 2008 19:01:10

    Poste pour suivre ;) 
    25 Octobre 2008 21:34:57

    loiceb
    L'ami Egwene^^ suit ce topic car je m'absente jusqu'à mercredi.
    Il t'aidera en cas de souci. :) 
    25 Octobre 2008 22:50:11

    salut egwene... bonne vacance Sham

    Déjà, vois tu des bizzareries sur les 2 rapports que je t'ai envoyé ?
    En tout cas je n'ai plus de problème apparent de virus... Grand merci a toi Sham pour ça.

    Pour avoir la console de récupération windows :
    Le dernier lien que tu donnes c'est quand on a le CD de windows... Désolé mais je ne l'ai jamais eu :(  (non ce n'est pas piraté, c'est que j'ai acheté le PC avec Windows déjà installé et qu'il fallait envoyer un papier pour avoir le CD et je m'en suis rendu compte trop tard : plus de 2 ans après)....

    Bref j'ai essayé de suivre le tuto que tu m'as donné :
    http://www.bleepingcomputer.com/combofix/fr/comment-uti...
    J'ai donc récupéré le fameux fichier correspondant à mon windows et SP2 (puisque je suis SP3). et lorsque j'essaye de le glisserlâcher sur ComboFix.exe, celui-ci ne le prend pas en paramètre de lancement...
    C'est pour ca que je dit que je n'arrive pas a glisser lâcher.

    Pour le fichier texte CFScript.txt j'avais fait bouton droit et "ouvrir avec" pour que ComboFix le prenne en paramètre.
    J'ai essayé aussi dans une console dos de faire
    ComboFix.exe WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe", mais il ne prend pas l'argument.

    26 Octobre 2008 19:41:01

    :hello:  Bonsoir,

    Cherche le dossier suivant située sur C:\Qoobox

    Zippe-le et uploade-le ici : http://upload.malekal.com/

    Une fois cela fait, reviens me le dire.

    ;) 
    26 Octobre 2008 20:28:32

    Salut,
    c'est fait, je l'ai envoyé en tant que malware (j'avais le choix avec rapport, mais malware ca plus balaise...)
    26 Octobre 2008 20:52:29

    Re,

    Peux-tu me poster un nouveau rapport Combofix pour faire le point ?

    ;) 
    27 Octobre 2008 20:18:47

    bien sur... ben oui, c'st pas évident de prendre les choses en route ;) 

    ComboFix 08-10-27.01 - christine 2008-10-27 20:10:00.8 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.241 [GMT 1:00]
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-27 au 2008-10-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-10-24 13:00 . 2008-10-15 18:35 337,408 --------- C:\WINDOWS\system32\dllcache\netapi32.dll
    2008-10-21 22:25 . 2008-10-21 22:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-10-21 19:06 . 2008-10-21 19:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
    2008-10-21 18:59 . 2008-10-21 19:00 <REP> d-------- C:\Documents and Settings\christine\Application Data\Malwarebytes
    2008-10-21 18:59 . 2008-10-21 18:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-20 21:15 . 2008-10-20 21:15 <REP> d--h----- C:\WINDOWS\PIF
    2008-10-19 21:29 . 2008-10-19 21:29 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
    2008-10-14 20:44 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-14 20:44 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-14 20:44 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
    2008-10-14 20:44 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-15 19:22 11,532 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-09-15 16:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-09-08 11:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-09-01 18:31 --------- d-----w C:\Program Files\Photosynth
    2008-08-20 06:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-20 06:10 670,208 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2008-08-20 06:10 620,544 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2008-08-20 06:10 3,088,896 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-08-20 06:10 1,499,648 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2008-08-14 14:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 14:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-14 11:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
    2008-03-11 08:37 164 ---ha-w C:\Documents and Settings\All Users\hpothb07.dat
    2008-03-11 08:36 2,722 ---ha-w C:\Documents and Settings\christine\hpothb07.dat
    2005-07-03 19:58 560 ----a-w C:\Documents and Settings\christine\Application Data\ViewerApp.dat
    1996-08-02 14:09 80,486 ----a-w C:\Program Files\CITYST.MAP
    .

    ((((((((((((((((((((((((((((( snapshot@2008-10-22_20.57.05.45 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2004-11-17 16:41:20 354,304 ------w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
    + 2004-11-17 17:41:20 354,304 ------w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
    - 2004-10-14 08:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
    + 2004-10-14 09:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
    - 2004-10-14 08:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
    + 2004-10-14 09:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
    - 2004-10-14 08:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
    + 2004-10-14 09:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
    - 2004-10-14 08:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
    + 2004-10-14 09:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
    - 2004-10-28 00:29:48 728,576 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
    + 2004-10-28 01:29:48 728,576 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
    - 2004-10-28 00:15:16 448,128 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    + 2004-10-28 01:15:16 448,128 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    - 2004-10-28 00:14:56 174,592 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
    + 2004-10-28 01:14:56 174,592 ------w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
    - 2004-10-14 09:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
    + 2004-10-14 10:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
    - 2004-10-14 09:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
    + 2004-10-14 10:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
    - 2004-10-14 09:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
    + 2004-10-14 10:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
    - 2004-10-14 09:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
    + 2004-10-14 10:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
    - 2004-10-14 09:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
    + 2004-10-14 10:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
    - 2004-10-14 09:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
    + 2004-10-14 10:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
    - 2004-10-14 09:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
    + 2004-10-14 10:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
    - 2004-10-14 09:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
    + 2004-10-14 10:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
    - 2004-09-29 21:31:18 134,912 ------w C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys
    + 2004-09-29 22:31:18 134,912 ------w C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys
    - 2004-10-14 17:35:06 8,192 ------w C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll
    + 2004-10-14 18:35:06 8,192 ------w C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll
    - 2004-10-14 17:36:20 172,032 ------w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
    + 2004-10-14 18:36:20 172,032 ------w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
    - 2004-10-14 17:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll
    + 2004-10-14 18:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll
    - 2004-10-14 17:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
    + 2004-10-14 18:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
    - 2004-10-13 15:21:24 1,694,208 ------w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
    + 2004-10-13 16:21:24 1,694,208 ------w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
    - 2004-10-14 09:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
    + 2004-10-14 10:35:08 8,192 ------w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
    - 2004-10-14 09:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
    + 2004-10-14 10:36:22 172,032 ------w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
    - 2004-10-14 09:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
    + 2004-10-14 10:36:20 21,504 ------w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
    - 2004-10-14 09:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
    + 2004-10-14 10:35:12 666,624 ------w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
    - 2004-12-07 18:32:32 96,768 ------w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
    + 2004-12-07 19:32:32 96,768 ------w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll
    - 2004-11-30 12:46:52 8,192 ------w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
    + 2004-11-30 13:46:52 8,192 ------w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll
    - 2004-11-30 18:22:42 172,032 ------w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
    + 2004-11-30 19:22:42 172,032 ------w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
    - 2004-11-30 18:22:42 21,504 ------w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
    + 2004-11-30 19:22:42 21,504 ------w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll
    - 2004-11-30 12:46:52 666,624 ------w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
    + 2004-11-30 13:46:52 666,624 ------w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
    - 2005-03-02 17:20:32 62,464 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
    + 2005-03-02 18:20:32 62,464 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll
    - 2005-03-02 17:13:14 2,137,600 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
    + 2005-03-02 18:13:14 2,137,600 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
    - 2005-03-02 17:13:12 2,059,008 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    + 2005-03-02 18:13:12 2,059,008 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
    - 2005-03-02 17:13:16 2,017,280 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
    + 2005-03-02 18:13:16 2,017,280 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
    - 2005-03-02 17:13:24 2,181,632 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    + 2005-03-02 18:13:24 2,181,632 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
    - 2005-03-02 17:20:32 578,048 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    + 2005-03-02 18:20:32 578,048 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
    - 2005-03-02 17:13:08 1,836,416 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
    + 2005-03-02 18:13:08 1,836,416 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
    - 2005-03-02 17:20:32 291,840 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
    + 2005-03-02 18:20:32 291,840 ------w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll
    - 2005-02-24 17:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
    + 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
    - 2005-02-24 17:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
    + 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
    - 2005-02-24 17:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
    + 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
    - 2005-02-24 17:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
    + 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
    - 2005-02-24 17:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
    + 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
    - 2004-11-30 12:46:52 8,192 ------w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
    + 2004-11-30 13:46:52 8,192 ------w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll
    - 2004-11-30 18:22:42 172,032 ------w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
    + 2004-11-30 19:22:42 172,032 ------w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
    - 2004-11-30 18:22:42 21,504 ------w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
    + 2004-11-30 19:22:42 21,504 ------w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll
    - 2004-11-30 12:46:52 666,624 ------w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
    + 2004-11-30 13:46:52 666,624 ------w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
    - 2005-07-08 15:30:34 249,344 ------w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    + 2005-07-08 16:30:34 249,344 ------w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
    - 2005-07-07 17:27:08 30,720 ------w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
    + 2005-07-07 18:27:08 30,720 ------w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
    - 2005-04-28 18:36:10 1,286,144 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
    + 2005-04-28 19:36:10 1,286,144 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
    - 2005-04-28 18:36:10 75,264 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
    + 2005-04-28 19:36:10 75,264 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
    - 2005-04-28 18:36:10 37,376 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
    + 2005-04-28 19:36:10 37,376 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
    - 2005-04-28 18:36:10 396,288 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    + 2005-04-28 19:36:10 396,288 ------w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
    - 2005-05-26 22:26:50 10,752 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
    + 2005-05-26 23:26:50 10,752 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
    - 2005-05-27 01:11:04 41,472 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
    + 2005-05-27 02:11:04 41,472 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll
    - 2005-05-27 01:11:04 155,136 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
    + 2005-05-27 02:11:04 155,136 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll
    - 2005-05-27 01:11:04 137,216 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
    + 2005-05-27 02:11:04 137,216 ------w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
    - 2005-06-10 23:17:14 57,856 ------w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    + 2005-06-11 00:17:14 57,856 ------w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
    - 2005-06-29 14:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
    + 2005-06-29 15:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
    - 2005-10-06 02:19:52 280,064 ------w C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll
    + 2005-10-06 03:19:52 280,064 ------w C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\gdi32.dll
    - 2005-10-06 02:12:58 1,839,616 ------w C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys
    + 2005-10-06 03:12:58 1,839,616 ------w C:\WINDOWS\$hf_mig$\KB896424\SP2QFE\win32k.sys
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896424\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896424\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896424\spuninst.exe
    - 2005-10-05 14:39:46 30,720 ------w C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe
    + 2005-10-05 15:39:46 30,720 ------w C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896424\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896424\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896424\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896424\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896424\update\updspapi.dll
    - 2005-05-11 01:33:20 78,336 ------w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
    + 2005-05-11 02:33:20 78,336 ------w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
    - 2005-02-25 02:35:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
    + 2005-02-25 03:35:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB898461\spmsg.dll
    - 2005-02-25 02:35:24 213,216 ------w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
    + 2005-02-25 03:35:24 213,216 ------w C:\WINDOWS\$hf_mig$\KB898461\spuninst.exe
    - 2005-02-25 02:35:24 22,752 ------w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
    + 2005-02-25 03:35:24 22,752 ------w C:\WINDOWS\$hf_mig$\KB898461\spupdsvc.exe
    - 2005-02-25 02:35:24 22,240 ------w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
    + 2005-02-25 03:35:24 22,240 ------w C:\WINDOWS\$hf_mig$\KB898461\update\spcustom.dll
    - 2005-02-25 02:35:24 730,336 ------w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
    + 2005-02-25 03:35:24 730,336 ------w C:\WINDOWS\$hf_mig$\KB898461\update\update.exe
    - 2005-02-25 02:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
    + 2005-02-25 03:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB898461\update\updspapi.dll
    - 2005-06-15 16:48:50 297,984 ------w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
    + 2005-06-15 17:48:50 297,984 ------w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
    - 2005-06-29 14:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
    + 2005-06-29 15:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
    - 2005-06-10 03:06:02 139,528 ------w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
    + 2005-06-10 04:06:02 139,528 ------w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
    - 2005-06-29 14:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
    + 2005-06-29 15:54:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
    - 2006-02-14 23:30:08 142,464 ------w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
    + 2006-02-15 00:30:08 142,464 ------w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
    - 2005-09-01 00:46:30 19,968 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    + 2005-09-01 01:46:30 19,968 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
    - 2005-09-23 02:26:14 8,508,928 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
    + 2005-09-23 03:26:14 8,508,928 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll
    - 2005-09-02 23:08:22 474,624 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
    + 2005-09-03 00:08:22 474,624 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll
    - 2005-09-26 23:47:42 23,552 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\spru040c.dll
    + 2005-09-27 00:47:42 23,552 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\spru040c.dll
    - 2005-09-01 00:46:32 292,352 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
    + 2005-09-01 01:46:32 292,352 ------w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
    - 2005-09-26 15:36:24 30,720 ------w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
    + 2005-09-26 16:36:24 30,720 ------w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
    - 2005-09-10 00:53:06 2,068,480 ------w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
    + 2005-09-10 01:53:06 2,068,480 ------w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
    - 2005-09-09 14:26:26 30,720 ------w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
    + 2005-09-09 15:26:26 30,720 ------w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB901190\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB901190\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB901190\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB901190\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB901190\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB901190\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB901190\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB901190\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB901190\update\updspapi.dll
    - 2005-06-29 00:54:24 254,976 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
    + 2005-06-29 01:54:24 254,976 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll
    - 2005-06-29 00:54:24 73,728 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
    + 2005-06-29 01:54:24 73,728 ------w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
    - 2005-07-26 03:29:18 225,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
    + 2005-07-26 04:29:18 225,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
    - 2005-07-26 03:29:20 625,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
    + 2005-07-26 04:29:20 625,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
    - 2005-07-26 03:29:20 110,080 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
    + 2005-07-26 04:29:20 110,080 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
    - 2005-07-26 03:29:22 498,688 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
    + 2005-07-26 04:29:22 498,688 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
    - 2005-07-26 03:29:22 60,416 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
    + 2005-07-26 04:29:22 60,416 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
    - 2005-07-26 03:29:22 195,072 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
    + 2005-07-26 04:29:22 195,072 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
    - 2005-07-26 03:29:24 97,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
    + 2005-07-26 04:29:24 97,792 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
    - 2005-07-26 03:29:26 1,267,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
    + 2005-07-26 04:29:26 1,267,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
    - 2005-07-26 03:29:28 540,160 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
    + 2005-07-26 04:29:28 540,160 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
    - 2005-07-26 03:29:28 243,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
    + 2005-07-26 04:29:28 243,200 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
    - 2005-07-25 22:42:36 8,704 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
    + 2005-07-25 23:42:36 8,704 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
    - 2005-07-26 03:29:30 425,472 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
    + 2005-07-26 04:29:30 425,472 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
    - 2005-07-26 03:29:32 945,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
    + 2005-07-26 04:29:32 945,152 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
    - 2005-07-26 03:29:32 161,280 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
    + 2005-07-26 04:29:32 161,280 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
    - 2005-07-26 03:29:32 66,560 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
    + 2005-07-26 04:29:32 66,560 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
    - 2005-07-26 03:29:32 91,136 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
    + 2005-07-26 04:29:32 91,136 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
    - 2005-07-26 03:29:38 1,285,632 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
    + 2005-07-26 04:29:38 1,285,632 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
    - 2005-07-26 03:29:38 75,264 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
    + 2005-07-26 04:29:38 75,264 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
    - 2005-07-26 03:29:38 37,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
    + 2005-07-26 04:29:38 37,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
    - 2005-07-26 03:29:40 398,336 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    + 2005-07-26 04:29:40 398,336 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    - 2005-07-26 03:29:40 101,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
    + 2005-07-26 04:29:40 101,376 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
    - 2005-07-26 03:29:40 11,776 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
    + 2005-07-26 04:29:40 11,776 ------w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
    - 2005-07-25 17:21:18 30,720 ------w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
    + 2005-07-25 18:21:18 30,720 ------w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
    - 2005-08-30 03:16:04 1,293,824 ------w C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll
    + 2005-08-30 04:16:04 1,293,824 ------w C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll
    - 2005-08-22 17:26:28 197,632 ------w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
    + 2005-08-22 18:26:28 197,632 ------w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
    - 2005-02-25 02:35:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
    + 2005-02-25 03:35:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll
    - 2005-02-25 02:35:24 213,216 ------w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
    + 2005-02-25 03:35:24 213,216 ------w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe
    - 2005-08-19 22:50:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
    + 2005-08-19 23:50:32 30,720 ------w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
    - 2005-02-25 02:35:24 22,240 ------w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
    + 2005-02-25 03:35:24 22,240 ------w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll
    - 2005-02-25 02:35:24 730,336 ------w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
    + 2005-02-25 03:35:24 730,336 ------w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe
    - 2005-02-25 02:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
    + 2005-02-25 03:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll
    - 2005-08-23 02:41:24 124,928 ------w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
    + 2005-08-23 03:41:24 124,928 ------w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll
    - 2005-02-24 18:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
    + 2005-02-24 19:35:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
    - 2005-02-24 18:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
    + 2005-02-24 19:35:26 213,216 ------w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
    - 2005-08-22 16:01:30 30,720 ------w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
    + 2005-08-22 17:01:30 30,720 ------w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
    - 2005-02-24 18:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
    + 2005-02-24 19:35:26 22,240 ------w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
    - 2005-02-24 18:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
    + 2005-02-24 19:35:26 730,336 ------w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
    - 2005-02-24 18:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
    + 2005-02-24 19:35:26 395,488 ------w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
    - 2005-10-17 20:26:30 80,896 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
    + 2005-10-17 21:26:30 80,896 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
    - 2005-10-17 20:26:30 117,760 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
    + 2005-10-17 21:26:30 117,760 ------w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
    - 2006-03-17 03:49:26 8,510,976 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
    + 2006-03-17 04:49:26 8,510,976 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll
    - 2006-03-22 00:51:44 25,088 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\spru040c.dll
    + 2006-03-22 01:51:44 25,088 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\spru040c.dll
    - 2006-03-17 00:05:36 28,672 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
    + 2006-03-17 01:05:36 28,672 ------w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll
    - 2005-10-20 21:32:18 1,097,728 ------w C:\WINDOWS\$hf_mig$\KB910437\SP2QFE\esent.dll
    + 2005-10-20 22:32:18 1,097,728 ------w C:\WINDOWS\$hf_mig$\KB910437\SP2QFE\esent.dll
    - 2005-10-12 22:15:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB910437\spmsg.dll
    + 2005-10-12 23:15:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB910437\spmsg.dll
    - 2005-10-12 22:15:24 216,800 ------w C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe
    + 2005-10-12 23:15:24 216,800 ------w C:\WINDOWS\$hf_mig$\KB910437\spuninst.exe
    - 2005-10-12 22:15:24 22,752 ------w C:\WINDOWS\$hf_mig$\KB910437\update\spcustom.dll
    + 2005-10-12 23:15:24 22,752 ------w C:\WINDOWS\$hf_mig$\KB910437\update\spcustom.dll
    - 2005-10-12 22:15:26 727,776 ------w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
    + 2005-10-12 23:15:26 727,776 ------w C:\WINDOWS\$hf_mig$\KB910437\update\update.exe
    - 2005-10-12 22:15:44 394,976 ------w C:\WINDOWS\$hf_mig$\KB910437\update\updspapi.dll
    + 2005-10-12 23:15:44 394,976 ------w C:\WINDOWS\$hf_mig$\KB910437\update\updspapi.dll
    - 2006-06-22 09:38:26 180,736 ------w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
    + 2006-06-22 10:38:26 180,736 ------w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
    - 2006-03-23 04:53:24 143,360 ------w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
    + 2006-03-23 05:53:24 143,360 ------w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
    - 2006-01-04 03:19:20 68,096 ------w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
    + 2006-01-04 04:19:20 68,096 ------w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
    - 2005-12-29 02:08:44 280,064 ------w C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll
    + 2005-12-29 03:08:44 280,064 ------w C:\WINDOWS\$hf_mig$\KB912919\SP2QFE\gdi32.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB912919\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB912919\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB912919\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB912919\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB912919\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB912919\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB912919\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB912919\update\updspapi.dll
    - 2006-03-01 18:42:12 426,496 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
    + 2006-03-01 19:42:12 426,496 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll
    - 2006-03-01 18:42:12 956,416 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
    + 2006-03-01 19:42:12 956,416 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll
    - 2006-03-01 18:42:12 161,280 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
    + 2006-03-01 19:42:12 161,280 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll
    - 2006-03-01 18:42:12 66,560 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
    + 2006-03-01 19:42:12 66,560 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll
    - 2006-03-01 18:42:12 91,136 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
    + 2006-03-01 19:42:12 91,136 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll
    - 2006-03-01 18:42:12 11,776 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
    + 2006-03-01 19:42:12 11,776 ------w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll
    - 2006-05-19 13:16:50 112,640 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
    + 2006-05-19 14:16:50 112,640 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll
    - 2006-05-19 13:16:52 147,456 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
    + 2006-05-19 14:16:52 147,456 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll
    - 2006-05-19 13:16:52 95,744 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
    + 2006-05-19 14:16:52 95,744 ------w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll
    - 2006-05-05 09:16:40 454,400 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    + 2006-05-05 10:16:40 454,400 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    - 2006-05-05 09:22:52 174,592 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
    + 2006-05-05 10:22:52 174,592 ------w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
    - 2006-03-17 00:08:10 262,656 ------w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
    + 2006-03-17 01:08:10 262,656 ------w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
    - 2005-10-12 22:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
    + 2005-10-12 23:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
    - 2005-10-12 22:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
    + 2005-10-12 23:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
    - 2005-10-12 22:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
    + 2005-10-12 23:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
    - 2005-10-12 22:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
    + 2005-10-12 23:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
    - 2005-10-12 22:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
    + 2005-10-12 23:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
    - 2006-05-18 04:49:56 450,560 ------w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
    + 2006-05-18 05:49:56 450,560 ------w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll
    - 2005-10-12 22:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll
    + 2005-10-12 23:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll
    - 2005-10-12 22:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe
    + 2005-10-12 23:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe
    - 2005-10-12 22:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll
    + 2005-10-12 23:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll
    - 2005-10-12 22:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
    + 2005-10-12 23:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe
    - 2005-10-12 22:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll
    + 2005-10-12 23:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll
    - 2006-07-05 09:58:14 1,050,112 ------w C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    + 2006-07-05 10:58:14 1,050,112 ------w C:\WINDOWS\$hf_mig$\KB917422\SP2QFE\kernel32.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB917422\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB917422\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB917422\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB917422\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB917422\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB917422\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB917422\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB917422\update\updspapi.dll
    - 2006-04-20 11:18:36 360,576 ------w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    + 2006-04-20 12:18:36 360,576 ------w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll
    - 2006-11-27 14:18:34 539,136 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
    + 2006-11-27 15:18:34 539,136 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
    - 2006-11-27 14:18:34 433,664 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
    + 2006-11-27 15:18:34 433,664 ------w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
    - 2006-06-01 18:46:26 163,840 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
    + 2006-06-01 19:46:26 163,840 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll
    - 2006-06-01 18:46:26 27,648 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
    + 2006-06-01 19:46:26 27,648 ------w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll
    - 2006-07-13 10:43:08 202,496 ------w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
    + 2006-07-13 11:43:08 202,496 ------w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll
    - 2006-10-12 12:55:58 42,496 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
    + 2006-10-12 13:55:58 42,496 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
    - 2006-10-12 12:55:58 57,344 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
    + 2006-10-12 13:55:58 57,344 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
    - 2006-10-12 10:54:08 256,512 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
    + 2006-10-12 11:54:08 256,512 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
    - 2006-10-16 10:19:10 265,216 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\spru040c.dll
    + 2006-10-16 11:19:10 265,216 ------w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\spru040c.dll
    - 2005-10-12 22:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
    + 2005-10-12 23:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
    - 2005-10-12 22:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
    + 2005-10-12 23:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
    - 2005-10-12 22:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
    + 2005-10-12 23:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
    - 2005-10-12 22:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
    + 2005-10-12 23:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
    - 2005-10-12 22:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
    + 2005-10-12 23:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
    - 2006-07-21 07:29:04 72,704 ------w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
    + 2006-07-21 08:29:04 72,704 ------w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll
    - 2005-10-12 22:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
    + 2005-10-12 23:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll
    - 2005-10-12 22:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
    + 2005-10-12 23:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe
    - 2005-10-12 22:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
    + 2005-10-12 23:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll
    - 2005-10-12 22:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
    + 2005-10-12 23:18:46 727,776 ------w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe
    - 2005-10-12 22:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
    + 2005-10-12 23:18:50 394,976 ------w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll
    - 2006-06-26 16:47:08 147,456 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
    + 2006-06-26 17:47:08 147,456 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
    - 2006-06-26 16:47:08 7,680 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
    + 2006-06-26 17:47:08 7,680 ------w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
    - 2006-06-22 04:22:12 69,120 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
    + 2006-06-22 05:22:12 69,120 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
    - 2006-06-22 04:22:12 1,440,768 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
    + 2006-06-22 05:22:12 1,440,768 ------w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
    - 2006-06-14 07:50:20 172,416 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
    + 2006-06-14 08:50:20 172,416 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
    - 2006-06-14 07:50:20 6,272 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
    + 2006-06-14 08:50:20 6,272 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
    - 2006-06-14 08:17:04 82,944 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
    + 2006-06-14 09:17:04 82,944 ------w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
    - 2005-10-12 22:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
    + 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
    - 2005-10-12 22:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
    + 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
    - 2005-10-12 22:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
    + 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
    - 2005-10-12 22:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
    + 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
    - 2005-10-12 22:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
    + 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
    - 2007-05-17 11:27:46 549,888 ------w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
    + 2007-05-17 12:27:46 549,888 ------w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
    - 2005-10-12 23:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
    + 2005-10-13 00:15:26 15,072 ------w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
    - 2005-10-12 23:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
    + 2005-10-13 00:15:26 216,800 ------w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
    - 2005-10-12 23:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
    + 2005-10-13 00:15:26 22,752 ------w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
    - 2005-10-12 23:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
    + 2005-10-13 00:15:28 727,776 ------w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
    - 2005-10-12 23:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
    + 2005-10-13 00:15:46 394,976 ------w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
    - 2006-08-21 11:29:04 16,896 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltlib.dll
    + 2006-08-21 12:29:04 16,896 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltlib.dll
    - 2006-08-21 08:43:32 23,040 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
    + 2006-08-21 09:43:32 23,040 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
    - 2006-08-21 08:43:32 128,768 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys
    + 2006-08-21 09:43:32 128,768 ------w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys
    - 2005-10-12 22:15:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB922582\spmsg.dll
    + 2005-10-12 23:15:24 15,072 ------w C:\WINDOWS\$hf_mig$\KB922582\spmsg.dll
    - 2005-10-12 22:15:24 216,800 ------w C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe
    + 2005-10-12 23:15:24 216,800 ------w C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe
    - 2005-10-12 22:15:24 22,752 ------w C:\WINDOWS\$hf_mig$\KB922582\update\spcustom.dll
    + 2005-10-12 23:15:24 22,752 ------w C:\WINDOWS\$hf_mig$\KB922582\update\spcustom.dll
    - 2005-10-12 22:15:26 727,776 ------w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
    + 2005-10-12 23:15:26 727,776 ------w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
    - 2005-10-12 22:15:44 394,976 ------w C:\WINDOWS\$hf_mig$\KB922582\update\updspapi.dll
    + 2005-10-12 23:15:44 394,976 ------w C:\WINDOWS\$hf_mig$\KB922582\update\updspapi.dll
    - 2006-08-16 11:13:24 100,352 ------w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
    + 2006-08-16 12:13:24 100,352 ------w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
    - 2006-08-16 09:13:40 225,664 ------w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
    + 2006-08-16 10:13:40 225,664 ------w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
    - 2005-10-12 22:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
    + 2005-10-12 23:18:46 15,072 ------w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
    - 2005-10-12 22:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
    + 2005-10-12 23:18:46 216,800 ------w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
    - 2005-10-12 22:18:46 22,752 ------w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
    + 2005-10-12 23:18:46 22,7
    27 Octobre 2008 20:25:26

    le rapport est trop long... comment faire.
    28 Octobre 2008 22:02:36

    Bonsoir
    on va changer d'outil, car le fichier est toujours présent sur ton pc...

    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    Files to delete:
    C:\WINDOWS\system32\TDSSosvd.dat


    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sur ton Bureau sous le nom de remove.txt.
    Enregistre le sous sur ton Bureau sous le nom de Remove.txt

    Télécharge The Avenger ([#ff0000]Swandog46[/#f]).

  • Dézippe-le sur ton Bureau.
  • Double clique sur avenger.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Sélectionne Load Script from File (1) et choisis ensuite ton fichier remove.txt.



  • Coche les cases Scan for rootkits et Automatically disable any rootkits found (2).
  • Clique ensuite sur le bouton Execute (3).

  • Après le redémarrage, poste le rapport The Avenger (C:\avenger.txt*).
    * le nom de la partition peut changer
    1 Novembre 2008 22:23:35

    Salut,
    Voici le rapport avenger:
    -----------------------------------------------------------------------------------
    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "C:\WINDOWS\system32\TDSSosvd.dat" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    5 Novembre 2008 20:59:03

    Salut
    désolé du retard, j'ai pété mon pc en installant mandriva :/ 

    Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • NB : Les rapports sont sauvegardés dans le dossier C:\rsit
  • Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.


    6 Novembre 2008 22:06:49

    Salut Sham_Rock
    voici le rapport log.txt :
    Logfile of random's system information tool 1.04 (written by random/random)
    Run by christine at 2008-11-06 22:05:19
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 6 GB (10%) free of 57 GB
    Total RAM: 511 MB (17% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:05:40, on 06/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\dev\xampplite\apache\bin\apache.exe
    C:\dev\xampplite\mysql\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\dev\xampplite\apache\bin\apache.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\christine\Bureau\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\christine.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x....
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://parici.sopragroup.com/postauthI/epi.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
    O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_35.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\dev\xampplite\apache\bin\apache.exe
    O23 - Service: mysql - Unknown owner - C:\dev\xampplite\mysql\bin\mysqld-nt.exe
    O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\dev\xampplite\service.exe

    --
    End of file - 4480 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1060076188.job
    C:\WINDOWS\tasks\WebReg 20081009140729.job
    C:\WINDOWS\tasks\WebReg 20081010142840.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2436160]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=nwiz.exe /install []
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2008-05-11 5423104]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
    C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
    C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    C:\WINDOWS\system32\NvMCTray.dll [2006-10-22 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    C:\Program Files\Picasa2\PicasaMediaDetector.exe [2008-02-26 443968]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
    C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-11 406016]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    C:\WINDOWS\SOUNDMAN.EXE [2002-02-05 46592]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [2006-11-09 49263]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
    C:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe [2005-12-08 35328]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2008-05-02 805392]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "vsmon"=3
    "Pml Driver HPZ12"=3
    "NVSvc"=2
    "C-DillaCdaC11BA"=2
    "Tomcat5"=3
    "FreeProxy"=2
    "gusvc"=3
    "AVG Anti-Spyware Guard"=2
    "LBTServ"=3

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
    c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-05-30 79408]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NBF]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nbf.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProtectedStorage]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "NoDriveAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\dev\IntelliJ-IDEA-3.0.4\bin\idea.exe"="C:\dev\IntelliJ-IDEA-3.0.4\bin\idea.exe:*:D isabled:LaunchAnywhere GUI"
    "C:\Program Files\Java\jdk1.5.0_06\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_06\bin\java.exe:*:D isabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\Program Files\Pando Networks\Pando\pando.exe"="C:\Program Files\Pando Networks\Pando\pando.exe:*:D isabled:p ando"
    "C:\Program Files\eMule\EMULE.EXE"="C:\Program Files\eMule\EMULE.EXE:*:Enabled:eMule"
    "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

    ======List of files/folders created in the last 1 months======

    2008-11-06 22:05:19 ----D---- C:\rsit
    2008-11-05 19:34:53 ----A---- C:\NTDETECT.COM
    2008-10-27 20:15:04 ----D---- C:\WINDOWS\temp
    2008-10-24 13:27:56 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\zip.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\VFIND.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\SWXCACLS.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\SWSC.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\SWREG.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\sed.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\grep.exe
    2008-10-22 20:46:35 ----A---- C:\WINDOWS\fdsv.exe
    2008-10-21 22:25:09 ----D---- C:\Program Files\Trend Micro
    2008-10-21 18:59:58 ----D---- C:\Documents and Settings\christine\Application Data\Malwarebytes
    2008-10-21 18:59:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-20 21:21:57 ----A---- C:\WINDOWS\ntbtlog.txt
    2008-10-20 21:15:16 ----HD---- C:\WINDOWS\PIF

    ======List of files/folders modified in the last 1 months======

    2008-11-04 23:01:48 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-27 20:13:44 ----A---- C:\WINDOWS\system.ini
    2008-10-20 21:23:54 ----A---- C:\WINDOWS\system32\tmp.txt
    2008-10-15 18:35:44 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-07 21:19:40 ----A---- C:\WINDOWS\system32\MRT.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
    R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
    R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2007-05-30 10872]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-18 75072]
    R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
    R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    R1 Odptdi;Odptdi; \??\C:\WINDOWS\system32\drivers\odptdi.sys []
    R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS []
    R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
    R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
    R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
    R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2000-03-29 8096]
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
    R2 SetupNT;SetupNT; C:\WINDOWS\system32\SetupNT.sys [2000-10-25 3000]
    R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
    R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
    R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
    R3 AEXPAM;Philips SmartManage Service; C:\WINDOWS\System32\Drivers\aexpamdrv.sys [2004-09-01 21824]
    R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-02-04 278908]
    R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
    R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
    R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
    R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
    R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
    R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
    R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
    R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
    R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
    S1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys []
    S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
    S1 lusbaudio;Microphone USB Logitech; C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\System32\DRIVERS\alcan5ln.sys [2001-02-07 34864]
    S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2002-11-12 53168]
    S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-11-12 748544]
    S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-03-05 385152]
    S3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
    S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 FINEPIX_PCC;FinePix Digital Camera 020717; C:\WINDOWS\System32\Drivers\V4CB011D.SYS [2002-05-07 81700]
    S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-03-09 51024]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-03-09 21456]
    S3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
    S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2001-11-29 12338]
    S3 QCEmerald;QuickCam Web Logitech; C:\WINDOWS\System32\DRIVERS\OVCE.sys [2001-08-17 31872]
    S3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
    S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-04-26 138112]
    S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Super Ad Blocker\SABProcEnum.sys []
    S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USB_RNDIS;ADI Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
    S3 USBFMC;SvcDesc=USB Flash Memory Controller Service; C:\WINDOWS\System32\Drivers\USBFMC.sys [2000-05-16 34612]
    S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
    S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
    S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [2003-09-01 104064]
    S3 WN6201;Wireless Network Adapter Service; C:\WINDOWS\System32\DRIVERS\WN6201.sys [2005-06-17 457472]
    S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865]
    R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297]
    R2 Apache2.2;Apache2.2; C:\dev\xampplite\apache\bin\apache.exe [2008-06-14 17408]
    R2 mysql;mysql; C:\dev\xampplite\mysql\bin\mysqld-nt.exe [2008-04-17 5750784]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-08-10 38912]
    S2 XAMPP;XAMPP Service; C:\dev\xampplite\service.exe [2006-10-23 60928]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S4 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe []
    S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2003-08-25 54784]
    S4 FreeProxy;Free Proxy Service; C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe [2006-04-04 356352]
    S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-25 138168]
    S4 LBTServ;Logitech Bluetooth Service; C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
    S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe []
    S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-03-09 65795]
    S4 Tomcat5;Apache Tomcat; C:\Tomcat 5.5\bin\tomcat5.exe //RS//Tomcat5 []

    -----------------EOF-----------------
    6 Novembre 2008 22:10:03

    et le info .txt :
    info.txt logfile of random's system information tool 1.04 2008-11-06 22:05:45

    ======Uninstall list======

    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EA29840-1D27-11D5-93E8-00E0181A27BD}\Setup.exe" -uninst -f"C:\Program Files\Magic Keyboard\uninst.isu" -c"C:\Program Files\Magic Keyboard\UnInst.dll"
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware SE Personal-->MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop 5.0-->C:\WINDOWS\UNIN040C.EXE -f"c:\program files\photoshop\DeIsL2.isu" -c"c:\program files\photoshop\Uninst.dll"
    Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
    Ahead Nero - Burning Rom-->C:\WINDOWS\UNNERO.exe /UNINSTALL
    Altiris Philips SmartManage Agent-->MsiExec.exe /I{F84B9669-7102-42B4-A3A2-9A68741CD253}
    Amarina-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC77DB06-0A68-463E-95C3-192BA8808334}\Setup.exe"
    ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:D ISPLAY -clean
    AvantGo Client-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\Setup.exe" -l0x9 CP
    AVG Anti-Spyware 7.5-->C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
    BitComet 1.02-->C:\Program Files\BitComet\uninst.exe
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
    Digital Image Recovery 1.47-->"C:\Program Files\Digital Image Recovery\unins000.exe"
    DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
    DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DS2BW All*Saves v2-->MsiExec.exe /I{D0575BE4-C97D-4357-B9DF-FE603C112029}
    Dungeon Siege 2 Broken World-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}\setup.exe" -l0x9 -removeonly
    Dungeon Siege 2-->"D:\jeux\dungeon siege 2\UNINSTAL.EXE" /runtemp /uninstall
    eMule-->"C:\Program Files\eMule\Uninstall.exe"
    EVEREST Home Edition v2.20-->"C:\Program Files\EVEREST\unins000.exe"
    Extension Système de Microsoft Money-->MsiExec.exe /X{02479442-560D-46B4-884E-E7F902684539}
    FreeProxy version 3.92-->"C:\Program Files\Hand-Crafted Software\FreeProxy\unins000.exe"
    FTP Zilla 6.2.0.0-->"C:\Program Files\FTP Zilla\unins000.exe"
    Galactic Magnate v1.2-->"C:\Program Files\Galactic Magnate\uninst\unins000.exe"
    GameDesire-Pool & Snooker-->C:\Program Files\Ganymede\billiards_uninstall.exe
    Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    Grand Prix 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4961DB6-A3F3-11D3-BE67-0000B4A81FC5}\setup.exe"
    Guitar Pro 4.0-->C:\PROGRA~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\GUITAR~1\INSTALL.LOG
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    hp psc 2170 series-->MsiExec.exe /X{93FB47FB-4FDF-4131-B5FD-7A37883868E7}
    J2SE Development Kit 5.0 Update 6-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
    J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
    J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    JAlbum 7.4-->C:\Program Files\JAlbumWin\Uninstall.exe
    Java 2 Runtime Environment, SE v1.4.1_02-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
    Java 2 Runtime Environment, SE v1.4.1_03-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4B03AEB-33D3-11D7-9D37-00010240CE95}\Setup.exe"
    Java 2 SDK, SE v1.4.1_03-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08211E13-33D6-11D7-9D37-00010240CE95}\setup.exe" Anytext
    Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"
    KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
    Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    LightFrameDR-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12056324-9337-45D2-AE77-6D2A011B6CB1}\Setup.exe" -l0x40c MaintVia
    Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
    Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
    Magic Keyboard-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EA29840-1D27-11D5-93E8-00E0181A27BD}\Setup.exe" -uninst
    Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
    Microsoft Money-->MsiExec.exe /X{02424FA0-40CA-440D-A1F6-B50CD8B64EB3}
    Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
    Microsoft Sites publics français-->MsiExec.exe /I{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft XML Parser SDK-->MsiExec.exe /I{4E91EE21-B0C1-4B80-A2CF-80CED14AE8CB}
    Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    monAlbumPhoto-->"C:\Program Files\monAlbumPhoto\unins000.exe"
    Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    Palm Desktop-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall
    Pando-->MsiExec.exe /I{C0B0FA55-D4E9-4374-9871-BBFBF2AEF0D1}
    Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
    Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
    Photo et imagerie HP 2.0 - hp psc 2170 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
    Photosynth 2.0.1403.5-->MsiExec.exe /X{556EEE74-6788-4292-8252-8B17E2C7952A}
    Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
    ProSavageDDR and Utilities-->C:\PROGRA~1\S3Inc\P4M266\s3setvga.exe -s -fC:\PROGRA~1\S3Inc\P4M266\P4M266.uns
    QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
    S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
    S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
    S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
    S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
    Saab EPC-->C:\WINDOWS\unin040c.exe -fD:\SAAB\EPC\DeIsL1.isu
    SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
    Shockwave-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
    SlowView-->"C:\Program Files\SlowView\Uninstall.exe"
    SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
    Sony USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL
    Spider-->"C:\Program Files\Spider\unins000.exe"
    Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
    Sqirlz Morph-->C:\WINDOWS\Sqirlz Morph Uninstaller.exe
    Studio 10-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x40c UNINSTALL
    SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
    TreeSize Free V1.78-->"C:\Program Files\TreeSize\unins000.exe"
    Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    UxTheme Multipatcher Fr-->C:\Program Files\UxTheme Multipatcher Fr\uninstall.exe
    VideoLAN VLC media player 0.8.6h-->C:\Program Files\VLC\uninstall.exe
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinMGT-->Rm WinMGT.exe C:\Go\WinMGT.ini
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Workshop Information System - WIS-->D:\saab\Wis\UNWISE.EXE D:\saab\Wis\INSTALL.LOG

    ======Security center information======

    AV: Avira AntiVir PersonalEdition

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "NUMBER_OF_PROCESSORS"=1
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_REVISION"=0801
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip

    -----------------EOF-----------------
    6 Novembre 2008 22:36:54

    re
    comment se comporte ton pc?
    7 Novembre 2008 21:34:18

    Tout se passe pour le mieux depuis le passage de ComboFix
    A part que je n'ai jamais réussi a installer la console de récupération windows.

    Je pense qu'on y ai je passe à [résolu] ?
    8 Novembre 2008 16:43:40

    bonjour
    ~Fais une analyse antivirus en ligne sur le site de Kaspersky
    http://www.kaspersky.com/kos/eng/partner/default/kavweb...

    * Clique sur Accept
    * Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
    * clique une nouvelle fois sur "Accept"
    * Les bases de mises à jour vont s'installer, patiente un moment
    * Clique sur Next.
    * Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
    * Poste le rapport de scan.
    9 Novembre 2008 04:46:24

    alut,
    il a trouvé plein de saloperies :( 
    KASPERSKY ONLINE SCANNER 7 REPORT
    Sunday, November 9, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Saturday, November 08, 2008 17:23:19
    Records in database: 1374606
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    A:\
    C:\
    D:\
    E:\
    G:\
    Scan statistics
    Files scanned 135328
    Threat name 4
    Infected objects 6
    Suspicious objects 0
    Duration of the scan 06:51:30

    File name Threat name Threats count
    C:\WINDOWS\system32\LightFrame3IECOM.dll Infected: not-a-virus:AdWare.Win32.BHO.cr 1
    C:\Program Files\Hand-Crafted Software\FreeProxy\FreeProxy.exe Infected: not-a-virus:Server-Proxy.Win32.FreeProxy.d 1
    C:\System Volume Information\_restore{0735CDC7-93DF-432B-9978-7344752F40CA}\RP541\A0223323.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\System Volume Information\_restore{0735CDC7-93DF-432B-9978-7344752F40CA}\RP541\A0223349.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\System Volume Information\_restore{0735CDC7-93DF-432B-9978-7344752F40CA}\RP540\A0223253.exe Infected: not-a-virus:FraudTool.Win32.XPSecurityCenter.be 1
    C:\System Volume Information\_restore{0735CDC7-93DF-432B-9978-7344752F40CA}\RP540\A0223268.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    The selected area was scanned.
    9 Novembre 2008 20:35:50

    bonsoir
    c'est ok, ne supprime pas les deux premières détections, ce sont des faux posistifs.
    pour le reste:

    ~Désactive puis réactive la restauration en suivant ce tuto:
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfoint...
    Il faudra désactiver la restauration, redémarrer l'ordinateur et réactiver aussitôt la restauration.



    Supprime tous les programmes installés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    ~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.
    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 
    9 Novembre 2008 22:13:39

    Encore merci Sham-Sham (tu permets que je t'appelle sham-sham)
    Bonne chance pour la suite, et donner de ton temps comme ça est vraiment sympa.

    a+ (j'espère pas trop vite j'espere ;) )
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS