01net    Web


Actuellement en ligne : 760 Utilisateurs dont 93 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Malekal_morte, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Virus
> probleme gestionnaire de taches cause virus {resolu}
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
k_alone
  
   
      ?   @     Posté le 11/05/2008 21:38:51  
Voter pour ce message
bonjour, je suis en galère, mon pc est infesté de virus qui me bloque mon gestionnaire de taches entre autre. j'avais d'abord installé spyware terminator qui m'avait bien supprimer les virus mais je n'avais plus accès a tous les fichiers exe ni le panneau de configuration. j'ai du faire une restauration du système en mode sans échec et supprimer spyware. les virus sont toujours la et le gestionnaire de taches toujours bloquer.j'ai télécharger avast, il m'a mit tous les virus en quarantaine mais je n'ai toujours pas accès au gestionnaire. y a t' il quelqu'un qui pourrait m'aider s'il vous plait?
-->Message édité par k_alone le 15/05/2008 18:12:35<--
Mérillym
  Modérateur/Helper
   
      ?   @     Posté le 11/05/2008 21:50:03  
Voter pour ce message
Bonjour,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.

    ;)
    -------
    Dossier prévention>à lire
    Si vous vous faites déjà aider sur un autre forum, merci de me le dire !
    • k_alone
      
       
          ?   @     Posté le 11/05/2008 21:54:03  
    Voter pour ce message
    c fait

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:53:32, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Documents and Settings\bruno\cftmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id(...)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\bruno\cftmon.exe
    O4 - HKCU\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
    O4 - HKCU\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
    O4 - HKCU\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
    O4 - HKCU\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
    O4 - HKCU\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
    O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
    O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\bruno\cftmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 5072 bytes
    Mérillym
      Modérateur/Helper
       
          ?   @     Posté le 11/05/2008 23:36:27  
    Voter pour ce message
    Re,

    1) Désactive toute protection résidente ( antivirus…) ! Aide ici : http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm
    Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !

    Télécharge Combofix de sUBs
    Sauvegarde le sur ton bureau et pas ailleurs !
    Redémarre en mode sans échecs : aide ici >>>
    http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
    /!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt

    2) Copie/colle un nouveau rapport HiJackThis avec.

    ;)
    -------
    Dossier prévention>à lire
    Si vous vous faites déjà aider sur un autre forum, merci de me le dire !
    k_alone
      
       
          ?   @     Posté le 12/05/2008 12:33:24  
    Voter pour ce message
    voila le rapport de combofix

    ComboFix 08-05-11.1 - Administrateur 2008-05-12 12:24:39.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.832 [GMT 2:00]
    Endroit: C:\Documents and Settings\bruno\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur.BRUNO-110A629AF\cftmon.exe
    C:\Documents and Settings\bruno\cftmon.exe
    C:\Documents and Settings\bruno\Local Settings\Application Data\hanknzu.dat
    C:\Documents and Settings\bruno\Local Settings\Application Data\hanknzu.exe
    C:\Documents and Settings\bruno\Local Settings\Application Data\hanknzu_nav.dat
    C:\Documents and Settings\bruno\Local Settings\Application Data\hanknzu_navps.dat
    C:\Documents and Settings\LocalService\cftmon.exe
    C:\Program Files\Microsoft Security Adviser
    C:\Program Files\Microsoft Security Adviser\mssadv.exe
    C:\WINDOWS\mssadv.dll
    C:\WINDOWS\system32\~.exe
    C:\WINDOWS\system32\drivers\spools.exe
    C:\WINDOWS\system32\nvs2.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_Schedule
    -------\Service_Schedule


    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-12 12:24 . 2008-05-12 12:24 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    2008-05-12 12:23 . 2008-05-12 12:23 5,120 --a------ C:\Documents and Settings\Administrateur.BRUNO-110A629AF\ftp34.dll
    2008-05-12 12:21 . 2008-04-05 01:02 <REP> d--h----- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\Voisinage r‚seau
    2008-05-12 12:21 . 2008-04-05 01:02 <REP> d--h----- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\Voisinage d'impression
    2008-05-12 12:21 . 2008-04-04 23:13 <REP> d--h----- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\ModŠles
    2008-05-12 12:21 . 2008-04-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\Mes documents
    2008-05-12 12:21 . 2008-04-05 01:02 <REP> dr------- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\Menu D‚marrer
    2008-05-12 12:21 . 2008-04-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\Favoris
    2008-05-12 12:21 . 2008-04-05 01:02 <REP> d-------- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\Bureau
    2008-05-12 12:21 . 2008-05-12 12:26 <REP> d-------- C:\Documents and Settings\Administrateur.BRUNO-110A629AF
    2008-05-12 12:21 . 2008-05-12 12:27 1,024 --ah----- C:\Documents and Settings\Administrateur.BRUNO-110A629AF\NtUser.dat.LOG
    2008-05-11 23:32 . 2008-05-12 12:14 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-05-11 21:25 . 2008-05-11 21:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-05-11 19:03 . 2008-05-11 19:03 <REP> d-------- C:\Program Files\Alwil Software
    2008-05-11 18:52 . 2008-05-11 18:52 <REP> d-------- C:\Program Files\Spyware Doctor
    2008-05-11 18:52 . 2008-05-11 18:52 <REP> d-------- C:\Documents and Settings\bruno\Application Data\PC Tools
    2008-05-11 18:26 . 2008-05-11 18:51 <REP> d-------- C:\Documents and Settings\Administrateur\ModŠles
    2008-05-11 18:26 . 2008-05-11 18:51 <REP> d---s---- C:\Documents and Settings\Administrateur
    2008-05-11 18:26 . 2008-05-12 12:24 1,024 --ah----- C:\Documents and Settings\Administrateur\NtUser.dat.LOG
    2008-05-11 17:08 . 2008-05-11 18:52 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
    2008-05-11 15:28 . 2008-05-11 18:52 <REP> d-------- C:\Program Files\WinClamAVShield
    2008-05-11 15:24 . 2008-05-11 18:52 <REP> d-------- C:\Program Files\Spyware Terminator
    2008-05-11 15:24 . 2008-05-11 18:52 <REP> d-------- C:\Program Files\Crawler
    2008-05-11 15:24 . 2008-05-11 18:52 <REP> d-------- C:\Documents and Settings\bruno\Application Data\Spyware Terminator
    2008-05-11 15:22 . 2008-05-11 18:52 <REP> d-------- C:\Program Files\Antipub
    2008-05-11 14:55 . 2008-05-11 15:20 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-11 14:55 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-05-11 14:55 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-05-11 14:55 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-05-11 14:55 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-05-08 12:44 . 2008-05-11 15:21 5,120 --a------ C:\Documents and Settings\LocalService\ftp34.dll.ren
    2008-05-08 12:44 . 2008-05-11 19:23 5,120 --a------ C:\Documents and Settings\LocalService\ftp34.dll
    2008-05-07 23:32 . 2008-05-12 12:23 5,120 --a------ C:\WINDOWS\system32\ftp34.dll
    2008-05-07 23:32 . 2008-05-12 12:18 5,120 --a------ C:\Documents and Settings\bruno\ftp34.dll
    2008-05-05 13:06 . 2008-05-11 14:00 <REP> d-------- C:\Program Files\Zapu
    2008-05-05 13:06 . 2008-05-11 14:44 <REP> d-------- C:\Program Files\Share_Accelerator_MM
    2008-05-05 13:06 . 2004-02-17 00:00 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll
    2008-05-01 20:52 . 2008-05-01 20:52 <REP> d-------- C:\Program Files\Microsoft ActiveSync
    2008-05-01 20:52 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
    2008-05-01 20:52 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
    2008-04-29 19:55 . 2008-04-29 19:55 <REP> d-------- C:\Documents and Settings\bruno\Application Data\Morpheus Software
    2008-04-29 19:52 . 2008-04-29 19:52 <REP> d-------- C:\Documents and Settings\bruno\WINDOWS
    2008-04-29 19:52 . 1997-01-22 15:34 312,320 --a------ C:\WINDOWS\IsUninst.exe
    2008-04-29 19:52 . 2008-04-29 19:53 491 --a------ C:\WINDOWS\SStylerProDemo.ini
    2008-04-29 09:32 . 2008-04-29 09:32 <REP> d-------- C:\Program Files\Once Itch
    2008-04-29 09:26 . 2008-04-29 09:26 <REP> d-------- C:\Documents and Settings\bruno\Application Data\ItsLabel
    2008-04-28 13:19 . 2008-04-29 19:54 <REP> d-------- C:\Program Files\EoRezo
    2008-04-28 13:19 . 2008-05-01 20:57 <REP> d-------- C:\Documents and Settings\bruno\Application Data\EoRezo
    2008-04-28 13:19 . 2008-04-28 13:19 45 ---h----- C:\WINDOWS\dsez1728.dat
    2008-04-28 12:32 . 2008-05-01 21:06 1,010 --a------ C:\WINDOWS\Active Setup Log.BAK
    2008-04-19 20:29 . 2008-04-19 20:29 20 --a------ C:\WINDOWS\mafosav.INI
    2008-04-19 20:22 . 2008-04-19 20:22 796,672 --a------ C:\WINDOWS\GPInstall.exe
    2008-04-19 20:22 . 2000-09-29 18:00 8,784 --a------ C:\WINDOWS\F_France.gpl
    2008-04-14 21:34 . 2008-04-14 21:34 268 --ah----- C:\sqmdata19.sqm
    2008-04-14 21:34 . 2008-04-14 21:34 244 --ah----- C:\sqmnoopt19.sqm
    2008-04-13 22:05 . 2008-04-13 22:05 268 --ah----- C:\sqmdata18.sqm
    2008-04-13 22:05 . 2008-04-13 22:05 244 --ah----- C:\sqmnoopt18.sqm
    2008-04-13 21:17 . 2008-04-13 21:17 268 --ah----- C:\sqmdata17.sqm
    2008-04-13 21:17 . 2008-04-13 21:17 244 --ah----- C:\sqmnoopt17.sqm
    2008-04-13 18:48 . 2008-05-11 14:16 <REP> d-------- C:\Program Files\Norton Security Scan
    2008-04-13 18:48 . 2008-03-19 18:26 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2008-04-13 18:46 . 2008-04-13 18:47 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-04-13 16:34 . 2008-04-13 16:34 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
    2008-04-12 00:15 . 2008-04-12 00:15 268 --ah----- C:\sqmdata16.sqm
    2008-04-12 00:15 . 2008-04-12 00:15 244 --ah----- C:\sqmnoopt16.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-11 17:11 --------- d-----w C:\Program Files\Adverts
    2008-05-11 16:51 --------- d-----w C:\Program Files\SuperCopier
    2008-05-11 12:01 --------- d-----w C:\Program Files\Zylom Games
    2008-05-05 18:56 --------- d-----w C:\Program Files\eMule
    2008-04-29 07:34 --------- d-----w C:\Documents and Settings\bruno\Application Data\Once Itch
    2008-04-29 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tons balm hope 2
    2008-04-20 19:16 --------- d-----w C:\Program Files\Midnight Oil Solitaire
    2008-04-11 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
    2008-04-08 17:25 --------- d-----w C:\Documents and Settings\bruno\Application Data\Screenshot Sender
    2008-04-07 15:43 --------- d-----w C:\Documents and Settings\bruno\Application Data\Ahead
    2008-04-07 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-04-07 15:02 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2008-04-07 15:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
    2008-04-07 15:01 --------- d-----w C:\Program Files\Nero
    2008-04-07 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
    2008-04-07 14:50 --------- d-----w C:\Program Files\MSN Messenger
    2008-04-07 14:50 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-04-06 20:51 2,290,176 ----a-w C:\WINDOWS\system32\TUKernel.exe
    2008-04-06 20:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-04-06 20:16 --------- d-----w C:\Program Files\Boonty
    2008-04-06 19:25 --------- d-----w C:\Program Files\TOSHIBA
    2008-04-06 19:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-06 19:23 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2008-04-05 02:26 --------- d-----w C:\Program Files\Atheros
    2008-04-05 02:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Atheros
    2008-04-05 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\XP
    2008-04-05 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista64
    2008-04-05 01:33 --------- d-----w C:\Program Files\ltmoh
    2008-04-05 00:47 --------- d-----w C:\Program Files\TuneUp Utilities 2007
    2008-04-05 00:47 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-04-05 00:43 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-04-05 00:43 --------- d-----w C:\Program Files\Realtek
    2008-04-05 00:32 --------- d-----w C:\Documents and Settings\bruno\Application Data\TuneUp Software
    2008-04-05 00:27 --------- d-----w C:\Documents and Settings\bruno\Application Data\InstallShield
    2008-04-05 00:21 --------- d-----w C:\Program Files\Intel Desktop Board
    2008-04-05 00:19 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
    2008-04-04 21:17 --------- d-----w C:\Program Files\microsoft frontpage
    2008-04-04 21:15 --------- d-----w C:\Program Files\Services en ligne
    2008-03-07 10:56 920,088 ----a-w C:\WINDOWS\system32\igxpun.exe
    2008-02-15 11:21 147,456 ----a-w C:\WINDOWS\system32\igfxCoIn_v4926.dll
    2008-02-15 11:12 57,344 ----a-w C:\WINDOWS\system32\igxprd32.dll
    2008-02-15 11:12 2,643,968 ----a-w C:\WINDOWS\system32\igxpdx32.dll
    2008-02-15 11:12 151,040 ----a-w C:\WINDOWS\system32\igxpgd32.dll
    2008-02-15 11:12 1,670,144 ----a-w C:\WINDOWS\system32\igxpdv32.dll
    2008-02-15 11:01 294,912 ----a-w C:\WINDOWS\system32\igldev32.dll
    2008-02-15 11:00 2,334,720 ----a-w C:\WINDOWS\system32\iglicd32.dll
    2008-02-15 10:49 184,320 ----a-w C:\WINDOWS\system32\igfxres.dll
    2008-02-15 10:48 524,288 ----a-w C:\WINDOWS\system32\igfxcfg.exe
    2008-02-15 10:46 48,128 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
    2008-02-15 10:46 249,856 ----a-w C:\WINDOWS\system32\igfxsrvc.exe
    2008-02-15 10:46 24,576 ----a-w C:\WINDOWS\system32\igfxexps.dll
    2008-02-15 10:46 204,800 ----a-w C:\WINDOWS\system32\igfxpph.dll
    2008-02-15 10:46 163,840 ----a-w C:\WINDOWS\system32\igfxext.exe
    2008-02-15 10:46 159,744 ----a-w C:\WINDOWS\system32\hkcmd.exe
    2008-02-15 10:46 135,168 ----a-w C:\WINDOWS\system32\igfxtray.exe
    2008-02-15 10:46 135,168 ----a-w C:\WINDOWS\system32\igfxdo.dll
    2008-02-15 10:46 131,072 ----a-w C:\WINDOWS\system32\igfxpers.exe
    2008-02-15 10:45 3,293,184 ----a-w C:\WINDOWS\system32\igfxress.dll
    2008-02-15 10:45 208,896 ----a-w C:\WINDOWS\system32\igfxdev.dll
    2008-02-15 10:45 163,840 ----a-w C:\WINDOWS\system32\igfxzoom.exe
    2008-02-15 10:45 102,400 ----a-w C:\WINDOWS\system32\hccutils.dll
    2006-12-12 09:13 32,768 ----a-w C:\Documents and Settings\All Users\Application Data\EBLib.dll
    2006-07-28 14:25 19,456 ----a-w C:\Documents and Settings\All Users\Application Data\LPCFilter.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.avrn"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
    "vidc.advj"= C:\PROGRA~1\ACEMEG~1\SystemS\AVIDAV~1.DLL
    "vidc.mszh"= C:\PROGRA~1\ACEMEG~1\SystemS\avimszh.dll
    "vidc.zlib"= C:\PROGRA~1\ACEMEG~1\SystemS\avizlib.dll
    "vidc.cscd"= C:\PROGRA~1\ACEMEG~1\SystemS\camcodec.dll
    "vidc.cvid"= C:\PROGRA~1\ACEMEG~1\SystemS\iccvid.dll
    "msacm.trspch"= C:\PROGRA~1\ACEMEG~1\SystemS\tssoft32.acm
    "vidc.em2v"= C:\PROGRA~1\ACEMEG~1\SystemS\etxcodec.dll
    "vidc.mkvc"= C:\PROGRA~1\ACEMEG~1\SystemS\kmvidc32.dll
    "vidc.hfyu"= C:\PROGRA~1\ACEMEG~1\SystemS\huffyuv.dll
    "msacm.lameacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lameacm.acm
    "msacm.lhacm"= C:\PROGRA~1\ACEMEG~1\SystemS\lhacm.acm
    "msacm.l3acm"= C:\PROGRA~1\ACEMEG~1\SystemS\l3codecp.acm
    "vidc.sjpg"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
    "vidc.dmb2"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
    "vidc.gepj"= C:\PROGRA~1\ACEMEG~1\SystemS\pmjpeg32.dll
    "vidc.qpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
    "vidc.q1.0"= C:\PROGRA~1\ACEMEG~1\SystemS\Qpeg32.dll
    "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
    "vidc.tscc"= C:\PROGRA~1\ACEMEG~1\SystemS\tsccvid.dll
    "vidc.vifp"= C:\PROGRA~1\ACEMEG~1\SystemS\vfcodec.dll
    "vidc.wrpr"= C:\PROGRA~1\ACEMEG~1\SystemS\aviwrap.dll
    "vidc.wnv1"= C:\PROGRA~1\ACEMEG~1\SystemS\wnvplay1.dll
    "vidc.advs"= C:\PROGRA~1\ACEMEG~1\SystemS\Adaptec\Dvc.dll
    "vidc.aflc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
    "vidc.afli"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\FLCCOD~1.DLL
    "vidc.aasc"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
    "vidc.aas4"= C:\PROGRA~1\ACEMEG~1\SystemS\Autodesk\Aasc32.dll
    "vidc.asv1"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv1.dll
    "vidc.asv2"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
    "vidc.asvx"= C:\PROGRA~1\ACEMEG~1\SystemS\ASUS\asusasv2.dll
    "vidc.vcr1"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr1.dll
    "vidc.vcr2"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\ativcr2.dll
    "vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
    "vidc.mwv1"= C:\PROGRA~1\ACEMEG~1\SystemS\Aware\icmw_32.dll
    "vidc.bt20"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
    "vidc.y41p"= C:\PROGRA~1\ACEMEG~1\SystemS\BROOKT~1\btvvc32.drv
    "msacm.pcdv"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\pcdv.acm
    "vidc.cdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCCDVC.DLL
    "vidc.ddvc"= C:\PROGRA~1\ACEMEG~1\SystemS\Canopus\CSCdvsd.DLL
    "vidc.png1"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREPN~1.DLL
    "msacm.CoreFLAC_ACM"= C:\PROGRA~1\ACEMEG~1\SystemS\Core\COREFL~1.ACM
    "vidc.davc"= C:\PROGRA~1\ACEMEG~1\SystemS\dicas\davcvfw.dll
    "vidc.div3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
    "vidc.div5"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
    "vidc.mpg3"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32.dll
    "vidc.div4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
    "vidc.div6"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
    "vidc.ap41"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivXc32f.dll
    "vidc.dvx4"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divx4.dll
    "vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
    "msacm.divxa32"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\divxa32.acm
    "vidc.frwd"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
    "vidc.frwt"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwd.dll
    "vidc.frwa"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwt.dll
    "vidc.frwu"= C:\PROGRA~1\ACEMEG~1\SystemS\Forward\frwu.dll
    "vidc.glzw"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GLZW.dll
    "vidc.gpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\Gabest\GPEG.dll
    "vidc.i263"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\i263_32.drv
    "vidc.iv30"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv31"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv32"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv33"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv34"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv35"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv36"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv37"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv38"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv39"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir32_32.dll
    "vidc.iv40"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv41"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv42"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv43"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv44"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv45"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv46"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv47"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv48"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv49"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir41_32.dll
    "vidc.iv50"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\ir50_32.dll
    "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
    "vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
    "vidc.ir21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
    "vidc.rt21"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IR21_R.DLL
    "msacm.imc"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\IMC32.ACM
    "vidc.lead"= C:\PROGRA~1\ACEMEG~1\SystemS\LEAD\LCODCCMP.DLL
    "vidc.dvsd"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
    "vidc.dvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
    "vidc.dvcs"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCDVD_32.DLL
    "vidc.dcmj"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
    "vidc.avi1"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
    "vidc.avi2"= C:\PROGRA~1\ACEMEG~1\SystemS\MAINCO~1\MCMJPG32.DLL
    "msacm.msadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msadp32.acm
    "msacm.imaadpcm"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\imaadp32.acm
    "msacm.msg711"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg711.acm
    "msacm.msg723"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msg723.acm
    "msacm.msgsm610"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msgsm32.acm
    "vidc.m261"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh261.drv
    "vidc.m263"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
    "vidc.i420"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msh263.drv
    "vidc.mrle"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msrle32.dll
    "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
    "vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
    "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
    "vidc.msvc"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
    "vidc.cram"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msvidc32.dll
    "vidc.mpg4"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
    "vidc.mp41"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
    "vidc.mp42"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
    "vidc.mp43"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
    "vidc.mp4s"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
    "vidc.mp4v"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\mpg4c32.dll
    "vidc.wmv3"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\WMV9VCM.dll
    "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm
    "vidc.vixl"= C:\PROGRA~1\ACEMEG~1\SystemS\Miro\miroxl32.dll
    "vidc.nt00"= C:\PROGRA~1\ACEMEG~1\SystemS\Newtek\ntcodec.dll
    "msacm.vorbis"= C:\PROGRA~1\ACEMEG~1\SystemS\OGG\vorbis.acm
    "vidc.vp30"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
    "vidc.vp31"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp31vfw.dll
    "vidc.vp60"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
    "vidc.vp61"= C:\PROGRA~1\ACEMEG~1\SystemS\ON2TEC~1\vp6vfw.dll
    "vidc.pdvc"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
    "vidc.ipdv"= C:\PROGRA~1\ACEMEG~1\SystemS\PANASO~1\idvcodec.dll
    "vidc.pvw2"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvwv220.dll
    "vidc.pimj"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvljpg20.dll
    "vidc.mjpx"= C:\PROGRA~1\ACEMEG~1\SystemS\Pegasus\pvmjpg21.dll
    "vidc.miro"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
    "vidc.dcap"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\MIRODV~1.DLL
    "vidc.mjpa"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
    "vidc.gpjm"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\RTMJPG~1.DLL
    "vidc.pim1"= C:\PROGRA~1\ACEMEG~1\SystemS\Pinnacle\pclepim1.dll
    "msacm.qmpeg"= C:\PROGRA~1\ACEMEG~1\SystemS\QDesign\qmpeg.acm
    "vidc.rmp4"= C:\PROGRA~1\ACEMEG~1\SystemS\REALMA~1\rmp4.dll
    "vidc.rud0"= C:\PROGRA~1\ACEMEG~1\SystemS\Rududu\rududu.dll
    "msacm.at3"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\atrac3.acm
    "vidc.sony"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
    "vidc.dvcp"= C:\PROGRA~1\ACEMEG~1\SystemS\SONY\sonydv.dll
    "vidc.s422"= C:\PROGRA~1\ACEMEG~1\SystemS\Tekram\tekyuv.dll
    "vidc.t420"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
    "vidc.y411"= C:\PROGRA~1\ACEMEG~1\SystemS\Toshiba\tsbyuv.dll
    "vidc.vssv"= C:\PROGRA~1\ACEMEG~1\SystemS\VANGUA~1\vsscodec.dll
    "msacm.voxacm160"= C:\PROGRA~1\ACEMEG~1\SystemS\VoxWare\vct3216.acm
    "vidc.xvid"= C:\PROGRA~1\ACEMEG~1\SystemS\XviD\xvidvfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:55]
    R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-12-13 20:31]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-04-18 15:16:07 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-05-07 22:00:00 C:\WINDOWS\Tasks\A97A1CE3918594BB.job"
    - c:\docume~1\bruno\applic~1\onceit~1\MoreAcidAim.exe
    "2008-04-18 15:16:13 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2008-04-13 16:48:50 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-12 12:28:42
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-12 12:30:25 - machine was rebooted [bruno]
    ComboFix-quarantined-files.txt 2008-05-12 10:30:21

    Pre-Run: 14,544,023,552 octets libres
    Post-Run: 14,684,401,664 octets libres

    366 --- E O F --- 2008-05-11 21:33:05

    et voila le rapport de hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32, on 2008-05-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id(...)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 4057 bytes
    k_alone
      
       
          ?   @     Posté le 12/05/2008 12:40:27  
    Voter pour ce message
    c super mon gestionnaire de taches est revenu!
    y a til d'autre manip a faire ou est-ce terminé?
    Mérillym
      Modérateur/Helper
       
          ?   @     Posté le 12/05/2008 13:46:05  
    Voter pour ce message
    :hello: Bonjour,

    Oui oui tu es encore infecté(e). Je te le ferais savoir quand tout sera fini :)

    [~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
    [~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
    Tu recocheras après.

    [~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK

    1) Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Documents and Settings\Administrateur.BRUNO-110A629AF\ftp34.dll
    C:\WINDOWS\system32\Msvcrtd.dll
    C:\WINDOWS\system32\ftp34.dll
    C:\sqmdata19.sqm

  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image : < inclued picture >
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.

    2) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

    AIDE : Tuto en images sur MBAM

    ;)
    -------
    Dossier prévention>à lire
    Si vous vous faites déjà aider sur un autre forum, merci de me le dire !
    • k_alone
      
       
          ?   @     Posté le 12/05/2008 18:18:08  
    Voter pour ce message
    premierement, voila les rapports de virus total


    Fichier ftp34.dll reçu le 2008.05.12 17:58:12 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 TR/Spy.Gen
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 PSW.Agent.SYV
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 Trojan.Downloader-34503
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 Win32/Ruternam!generic
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Fortinet 3.14.0.0 2008.05.12 W32/Small.VEM!tr.dldr
    GData 2.0.7306.1023 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Ikarus T3.1.1.26.0 2008.05.12 Trojan-Spy
    Kaspersky 7.0.0.125 2008.05.12 Trojan-Downloader.Win32.Small.vem
    McAfee 5292 2008.05.10 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 a variant of Win32/PSW.Agent.NHG
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 Trj/Agent.ISS
    Prevx1 V2 2008.05.12 Cloaked Malware
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 Troj/Agent-GXN
    Sunbelt 3.0.1114.0 2008.05.12 Trojan.Spy.Gen
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 Trojan.Spy.Gen
    Information additionnelle
    File size: 5120 bytes
    MD5...: 282b2617356b0bbd801e6fe01bee268f
    SHA1..: e7525098e94c2869884c5912b8032785fc5f5775
    SHA256: 1149ca0b67d47d09954ea0b60f7eec808d43dab8ad98ec62e10079725e62b106
    SHA512: 9043ec2978e5e6e97f8aa68684a49aa226d882126e1f080d70bd33ca8919960f<br>69464d97cbbb2a367ee211bdec90f3aed6b7789a54312836ab1105ab72e6ce7a
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10109bd0<br>timedatestamp.....: 0x4814538a (Sun Apr 27 10:20:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x108000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x109000 0x1000 0xe00 7.47 d389311106dc1ac64198f61d8c6289ed<br>UPX2 0x10a000 0x1000 0x200 2.72 aabf72553e4930941b56470f277dedf4<br><br>( 4 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree<br>&gt; MSVCRT.dll: free<br>&gt; USER32.dll: CallNextHookEx<br>&gt; WS2_32.dll: -<br><br>( 0 exports ) <br>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CBE9867000EA637B149200FBBEDAD4(...)
    packers (F-Prot): UPX

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 TR/Spy.Gen
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 PSW.Agent.SYV
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 Trojan.Downloader-34503
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 Win32/Ruternam!generic
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Fortinet 3.14.0.0 2008.05.12 W32/Small.VEM!tr.dldr
    GData 2.0.7306.1023 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Ikarus T3.1.1.26.0 2008.05.12 Trojan-Spy
    Kaspersky 7.0.0.125 2008.05.12 Trojan-Downloader.Win32.Small.vem
    McAfee 5292 2008.05.10 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 a variant of Win32/PSW.Agent.NHG
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 Trj/Agent.ISS
    Prevx1 V2 2008.05.12 Cloaked Malware
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 Troj/Agent-GXN
    Sunbelt 3.0.1114.0 2008.05.12 Trojan.Spy.Gen
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 Trojan.Spy.Gen

    Information additionnelle
    File size: 5120 bytes
    MD5...: 282b2617356b0bbd801e6fe01bee268f
    SHA1..: e7525098e94c2869884c5912b8032785fc5f5775
    SHA256: 1149ca0b67d47d09954ea0b60f7eec808d43dab8ad98ec62e10079725e62b106
    SHA512: 9043ec2978e5e6e97f8aa68684a49aa226d882126e1f080d70bd33ca8919960f<br>69464d97cbbb2a367ee211bdec90f3aed6b7789a54312836ab1105ab72e6ce7a
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10109bd0<br>timedatestamp.....: 0x4814538a (Sun Apr 27 10:20:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x108000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x109000 0x1000 0xe00 7.47 d389311106dc1ac64198f61d8c6289ed<br>UPX2 0x10a000 0x1000 0x200 2.72 aabf72553e4930941b56470f277dedf4<br><br>( 4 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree<br>&gt; MSVCRT.dll: free<br>&gt; USER32.dll: CallNextHookEx<br>&gt; WS2_32.dll: -<br><br>( 0 exports ) <br>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CBE9867000EA637B149200FBBEDAD4(...)
    packers (F-Prot): UPX



    Fichier Msvcrtd.dll reçu le 2008.05.12 18:02:49 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 -
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 -
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 -
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 -
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 -
    Fortinet 3.14.0.0 2008.05.12 -
    GData 2.0.7306.1023 2008.05.12 -
    Ikarus T3.1.1.26 2008.05.12 -
    Kaspersky 7.0.0.125 2008.05.12 -
    McAfee 5292 2008.05.10 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 -
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 -
    Prevx1 V2 2008.05.12 -
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 -
    Sunbelt 3.0.1114.0 2008.05.12 -
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 -
    Information additionnelle
    File size: 434252 bytes
    MD5...: 65f232ae50755a6fbf72dac2977a118f
    SHA1..: 71764c042437c690da80fe9e7bdad852118d25ce
    SHA256: 673a9ebe874f015c3d8b8e73d05c4b03f85c42cd8fc031f6edae235ef9671d66
    SHA512: 66cd36d5a9c47a36171930c62e94a680cd6b81a9f0749ac80b1c4d123e1b8ee0<br>f503816a6a4c3d201111dd86d01d54a465f8912e9550325a77009cd2ba4ff909
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1020b060<br>timedatestamp.....: 0x4032061e (Tue Feb 17 12:16:30 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x54d4f 0x55000 6.33 8b19756e25330280c427783a063b6dad<br>.rdata 0x56000 0x853b 0x9000 5.64 0d534b6e772648c84b028a7001c3d1b8<br>.data 0x5f000 0x7188 0x6000 3.11 a6d66fc59b1e9bb6cb179713784a324e<br>.rsrc 0x67000 0x3a8 0x1000 1.00 c88f67ea826f6adb0a8863ff2209fcb0<br>.reloc 0x68000 0x3f82 0x4000 6.69 c26f3736b7b8d0c02cfa635de7d8c632<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: SetEnvironmentVariableW, RtlUnwind, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, SetUnhandledExceptionFilter, GetModuleFileNameA, GetModuleFileNameW, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetCommandLineA, GetVersion, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FatalAppExitA, ResumeThread, GetLastError, CreateThread, TlsSetValue, TlsGetValue, ExitThread, CloseHandle, GetCurrentThreadId, TlsAlloc, TlsFree, SetLastError, GetCurrentThread, FindNextFileA, FindFirstFileA, FindClose, FindNextFileW, FindFirstFileW, HeapFree, HeapAlloc, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, SetHandleCount, GetFileType, GetStartupInfoA, GetCPInfo, GetACP, GetOEMCP, HeapValidate, GetProcAddress, LoadLibraryA, DebugBreak, InterlockedDecrement, OutputDebugStringA, InterlockedIncrement, MultiByteToWideChar, GetCommandLineW, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, UnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, RaiseException, FlushFileBuffers, SetFilePointer, SetStdHandle, Sleep, CompareStringA, CompareStringW, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetLocaleInfoW, GetTimeZoneInformation, SetEnvironmentVariableA, Beep, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDiskFreeSpaceA, GetLogicalDrives, SetErrorMode, GetFileAttributesA, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetDriveTypeA, GetCurrentProcessId, CreateDirectoryA, RemoveDirectoryA, DeleteFileA, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, SetFileAttributesW, GetFullPathNameW, CreateDirectoryW, DeleteFileW, MoveFileW, RemoveDirectoryW, GetDriveTypeW, MoveFileA, GetExitCodeProcess, WaitForSingleObject, FreeLibrary, CreateProcessA, CreateProcessW, HeapCompact, HeapWalk, ReadConsoleA, SetConsoleMode, GetConsoleMode, SetEndOfFile, WriteConsoleA, DuplicateHandle, GetFileInformationByHandle, PeekNamedPipe, ReadConsoleInputA, PeekConsoleInputA, GetNumberOfConsoleInputEvents, LockFile, UnlockFile, CreateFileA, CreatePipe, ReadFile, CreateFileW, GetSystemTimeAsFileTime, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, GetLocalTime, SetLocalTime, GetSystemTime<br><br>( 792 exports ) <br>$I10_OUTPUT, __0__non_rtti_object@@QAE@ABV0@@Z, __0__non_rtti_object@@QAE@PBD@Z, __0bad_cast@@QAE@ABQBD@Z, __0bad_cast@@QAE@ABV0@@Z, __0bad_typeid@@QAE@ABV0@@Z, __0bad_typeid@@QAE@PBD@Z, __0exception@@QAE@ABQBD@Z, __0exception@@QAE@ABV0@@Z, __0exception@@QAE@XZ, __1__non_rtti_object@@UAE@XZ, __1bad_cast@@UAE@XZ, __1bad_typeid@@UAE@XZ, __1exception@@UAE@XZ, __1type_info@@UAE@XZ, __2@YAPAXI@Z, __2@YAPAXIHPBDH@Z, __3@YAXPAX@Z, __4__non_rtti_object@@QAEAAV0@ABV0@@Z, __4bad_cast@@QAEAAV0@ABV0@@Z, __4bad_typeid@@QAEAAV0@ABV0@@Z, __4exception@@QAEAAV0@ABV0@@Z, __8type_info@@QBEHABV0@@Z, __9type_info@@QBEHABV0@@Z, ___7__non_rtti_object@@6B@, ___7bad_cast@@6B@, ___7bad_typeid@@6B@, ___7exception@@6B@, ___E__non_rtti_object@@UAEPAXI@Z, ___Ebad_cast@@UAEPAXI@Z, ___Ebad_typeid@@UAEPAXI@Z, ___Eexception@@UAEPAXI@Z, ___G__non_rtti_object@@UAEPAXI@Z, ___Gbad_cast@@UAEPAXI@Z, ___Gbad_typeid@@UAEPAXI@Z, ___Gexception@@UAEPAXI@Z, __query_new_handler@@YAP6AHI@ZXZ, __query_new_mode@@YAHXZ, __set_new_handler@@YAP6AHI@ZP6AHI@Z@Z, __set_new_mode@@YAHH@Z, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, _before@type_info@@QBEHABV1@@Z, _name@type_info@@QBEPBDXZ, _raw_name@type_info@@QBEPBDXZ, _set_new_handler@@YAP6AXXZP6AXXZ@Z, _set_terminate@@YAP6AXXZP6AXXZ@Z, _set_unexpected@@YAP6AXXZP6AXXZ@Z, _terminate@@YAXXZ, _unexpected@@YAXXZ, _what@exception@@UBEPBDXZ, _CIacos, _CIasin, _CIatan, _CIatan2, _CIcos, _CIcosh, _CIexp, _CIfmod, _CIlog, _CIlog10, _CIpow, _CIsin, _CIsinh, _CIsqrt, _CItan, _CItanh, _CrtCheckMemory, _CrtDbgBreak, _CrtDbgReport, _CrtDoForAllClientObjects, _CrtDumpMemoryLeaks, _CrtIsMemoryBlock, _CrtIsValidHeapPointer, _CrtIsValidPointer, _CrtMemCheckpoint, _CrtMemDifference, _CrtMemDumpAllObjectsSince, _CrtMemDumpStatistics, _CrtSetAllocHook, _CrtSetBreakAlloc, _CrtSetDbgBlockType, _CrtSetDbgFlag, _CrtSetDumpClient, _CrtSetReportFile, _CrtSetReportHook, _CrtSetReportMode, _CxxThrowException, _EH_prolog, _Getdays, _Getmonths, _Gettnames, _HUGE, _Strftime, _XcptFilter, __CxxFrameHandler, __CxxLongjmpUnwind, __RTCastToVoid, __RTDynamicCast, __RTtypeid, __STRINGTOLD, __argc, __argv, __badioinfo, __crtCompareStringA, __crtGetLocaleInfoW, __crtLCMapStringA, __dllonexit, __doserrno, __fpecode, __getmainargs, __initenv, __isascii, __iscsym, __iscsymf, __lc_codepage, __lc_collate_cp, __lc_handle, __lconv_init, __mb_cur_max, __p___argc, __p___argv, __p___initenv, __p___mb_cur_max, __p___wargv, __p___winitenv, __p__acmdln, __p__amblksiz, __p__commode, __p__crtAssertBusy, __p__crtBreakAlloc, __p__crtDbgFlag, __p__daylight, __p__dstbias, __p__environ, __p__fileinfo, __p__fmode, __p__iob, __p__mbcasemap, __p__mbctype, __p__osver, __p__pctype, __p__pgmptr, __p__pwctype, __p__timezone, __p__tzname, __p__wcmdln, __p__wenviron, __p__winmajor, __p__winminor, __p__winver, __p__wpgmptr, __pioinfo, __pxcptinfoptrs, __set_app_type, __setlc_active, __setusermatherr, __threadhandle, __threadid, __toascii, __unDName, __unDNameEx, __unguarded_readlc_active, __wargv, __wgetmainargs, __winitenv, _abnormal_termination, _access, _acmdln, _adj_fdiv_m16i, _adj_fdiv_m32, _adj_fdiv_m32i, _adj_fdiv_m64, _adj_fdiv_r, _adj_fdivr_m16i, _adj_fdivr_m32, _adj_fdivr_m32i, _adj_fdivr_m64, _adj_fpatan, _adj_fprem, _adj_fprem1, _adj_fptan, _adjust_fdiv, _aexit_rtn, _amsg_exit, _assert, _atodbl, _atoi64, _atoldbl, _beep, _beginthread, _beginthreadex, _c_exit, _cabs, _callnewh, _calloc_dbg, _cexit, _cgets, _chdir, _chdrive, _chgsign, _chkesp, _chmod, _chsize, _clearfp, _close, _commit, _commode, _control87, _controlfp, _copysign, _cprintf, _cputs, _creat, _crtAssertBusy, _crtBreakAlloc, _crtDbgFlag, _cscanf, _ctype, _cwait, _daylight, _dstbias, _dup, _dup2, _ecvt, _endthread, _endthreadex, _environ, _eof, _errno, _except_handler2, _except_handler3, _execl, _execle, _execlp, _execlpe, _execv, _execve, _execvp, _execvpe, _exit, _expand, _expand_dbg, _fcloseall, _fcvt, _fdopen, _fgetchar, _fgetwchar, _filbuf, _fileinfo, _filelength, _filelengthi64, _fileno, _findclose, _findfirst, _findfirsti64, _findnext, _findnexti64, _finite, _flsbuf, _flushall, _fmode, _fpclass, _fpieee_flt, _fpreset, _fputchar, _fputwchar, _free_dbg, _fsopen, _fstat, _fstati64, _ftime, _ftol, _fullpath, _futime, _gcvt, _get_osfhandle, _get_sbh_threshold, _getch, _getche, _getcwd, _getdcwd, _getdiskfree, _getdllprocaddr, _getdrive, _getdrives, _getmaxstdio, _getmbcp, _getpid, _getsystime, _getw, _getws, _global_unwind2, _heapadd, _heapchk, _heapmin, _heapset, _heapused, _heapwalk, _hypot, _i64toa, _i64tow, _initterm, _inp, _inpd, _inpw, _iob, _isatty, _isctype, _ismbbalnum, _ismbbalpha, _ismbbgraph, _ismbbkalnum, _ismbbkana, _ismbbkprint, _ismbbkpunct, _ismbblead, _ismbbprint, _ismbbpunct, _ismbbtrail, _ismbcalnum, _ismbcalpha, _ismbcdigit, _ismbcgraph, _ismbchira, _ismbckata, _ismbcl0, _ismbcl1, _ismbcl2, _ismbclegal, _ismbclower, _ismbcprint, _ismbcpunct, _ismbcspace, _ismbcsymbol, _ismbcupper, _ismbslead, _ismbstrail, _isnan, _itoa, _itow, _j0, _j1, _jn, _kbhit, _lfind, _loaddll, _local_unwind2, _lock, _locking, _logb, _longjmpex, _lrotl, _lrotr, _lsearch, _lseek, _lseeki64, _ltoa, _ltow, _makepath, _malloc_dbg, _mbbtombc, _mbbtype, _mbcasemap, _mbccpy, _mbcjistojms, _mbcjmstojis, _mbclen, _mbctohira, _mbctokata, _mbctolower, _mbctombb, _mbctoupper, _mbctype, _mbsbtype, _mbscat, _mbschr, _mbscmp, _mbscoll, _mbscpy, _mbscspn, _mbsdec, _mbsdup, _mbsicmp, _mbsicoll, _mbsinc, _mbslen, _mbslwr, _mbsnbcat, _mbsnbcmp, _mbsnbcnt, _mbsnbcoll, _mbsnbcpy, _mbsnbicmp, _mbsnbicoll, _mbsnbset, _mbsncat, _mbsnccnt, _mbsncmp, _mbsncoll, _mbsncpy, _mbsnextc, _mbsnicmp, _mbsnicoll, _mbsninc, _mbsnset, _mbspbrk, _mbsrchr, _mbsrev, _mbsset, _mbsspn, _mbsspnp, _mbsstr, _mbstok, _mbstrlen, _mbsupr, _memccpy, _memicmp, _mkdir, _mktemp, _msize, _msize_dbg, _nextafter, _onexit, _open, _open_osfhandle, _osver, _outp, _outpd, _outpw, _pclose, _pctype, _pgmptr, _pipe, _popen, _purecall, _putch, _putenv, _putw, _putws, _pwctype, _read, _realloc_dbg, _rmdir, _rmtmp, _rotl, _rotr, _safe_fdiv, _safe_fdivr, _safe_fprem, _safe_fprem1, _scalb, _searchenv, _seh_longjmp_unwind, _set_error_mode, _set_sbh_threshold, _seterrormode, _setjmp, _setjmp3, _setmaxstdio, _setmbcp, _setmode, _setsystime, _sleep, _snprintf, _snwprintf, _sopen, _spawnl, _spawnle, _spawnlp, _spawnlpe, _spawnv, _spawnve, _spawnvp, _spawnvpe, _splitpath, _stat, _stati64, _statusfp, _strcmpi, _strdate, _strdup, _strerror, _stricmp, _stricoll, _strlwr, _strncoll, _strnicmp, _strnicoll, _strnset, _strrev, _strset, _strtime, _strupr, _swab, _sys_errlist, _sys_nerr, _tell, _telli64, _tempnam, _timezone, _tolower, _toupper, _tzname, _tzset, _ui64toa, _ui64tow, _ultoa, _ultow, _umask, _ungetch, _unlink, _unloaddll, _unlock, _utime, _vsnprintf, _vsnwprintf, _waccess, _wasctime, _wchdir, _wchmod, _wcmdln, _wcreat, _wcsdup, _wcsicmp, _wcsicoll, _wcslwr, _wcsncoll, _wcsnicmp, _wcsnicoll, _wcsnset, _wcsrev, _wcsset, _wcsupr, _wctime, _wenviron, _wexecl, _wexecle, _wexeclp, _wexeclpe, _wexecv, _wexecve, _wexecvp, _wexecvpe, _wfdopen, _wfindfirst, _wfindfirsti64, _wfindnext, _wfindnexti64, _wfopen, _wfreopen, _wfsopen, _wfullpath, _wgetcwd, _wgetdcwd, _wgetenv, _winmajor, _winminor, _winver, _wmakepath, _wmkdir, _wmktemp, _wopen, _wperror, _wpgmptr, _wpopen, _wputenv, _wremove, _wrename, _write, _wrmdir, _wsearchenv, _wsetlocale, _wsopen, _wspawnl, _wspawnle, _wspawnlp, _wspawnlpe, _wspawnv, _wspawnve, _wspawnvp, _wspawnvpe, _wsplitpath, _wstat, _wstati64, _wstrdate, _wstrtime, _wsystem, _wtempnam, _wtmpnam, _wtoi, _wtoi64, _wtol, _wunlink, _wutime, _y0, _y1, _yn, abort, abs, acos, asctime, asin, atan, atan2, atexit, atof, atoi, atol, bsearch, calloc, ceil, clearerr, clock, cos, cosh, ctime, difftime, div, exit, exp, fabs, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fgetwc, fgetws, floor, fmod, fopen, fprintf, fputc, fputs, fputwc, fputws, fread, free, freopen, frexp, fscanf, fseek, fsetpos, ftell, fwprintf, fwrite, fwscanf, getc, getchar, getenv, gets, getwc, getwchar, gmtime, is_wctype, isalnum, isalpha, iscntrl, isdigit, isgraph, isleadbyte, islower, isprint, ispunct, isspace, isupper, iswalnum, iswalpha, iswascii, iswcntrl, iswctype, iswdigit, iswgraph, iswlower, iswprint, iswpunct, iswspace, iswupper, iswxdigit, isxdigit, labs, ldexp, ldiv, localeconv, localtime, log, log10, longjmp, malloc, mblen, mbstowcs, mbtowc, memchr, memcmp, memcpy, memmove, memset, mktime, modf, perror, pow, printf, putc, putchar, puts, putwc, putwchar, qsort, raise, rand, realloc, remove, rename, rewind, scanf, setbuf, setlocale, setvbuf, signal, sin, sinh, sprintf, sqrt, srand, sscanf, strcat, strchr, strcmp, strcoll, strcpy, strcspn, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtod, strtok, strtol, strtoul, strxfrm, swprintf, swscanf, system, tan, tanh, time, tmpfile, tmpnam, tolower, toupper, towlower, towupper, ungetc, ungetwc, vfprintf, vfwprintf, vprintf, vsprintf, vswprintf, vwprintf, wcscat, wcschr, wcscmp, wcscoll, wcscpy, wcscspn, wcsftime, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstod, wcstok, wcstol, wcstombs, wcstoul, wcsxfrm, wctomb, wprintf, wscanf<br>

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 -
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 -
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 -
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 -
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 -
    Fortinet 3.14.0.0 2008.05.12 -
    GData 2.0.7306.1023 2008.05.12 -
    Ikarus T3.1.1.26 2008.05.12 -
    Kaspersky 7.0.0.125 2008.05.12 -
    McAfee 5292 2008.05.10 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 -
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 -
    Prevx1 V2 2008.05.12 -
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 -
    Sunbelt 3.0.1114.0 2008.05.12 -
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 -

    Information additionnelle
    File size: 434252 bytes
    MD5...: 65f232ae50755a6fbf72dac2977a118f
    SHA1..: 71764c042437c690da80fe9e7bdad852118d25ce
    SHA256: 673a9ebe874f015c3d8b8e73d05c4b03f85c42cd8fc031f6edae235ef9671d66
    SHA512: 66cd36d5a9c47a36171930c62e94a680cd6b81a9f0749ac80b1c4d123e1b8ee0<br>f503816a6a4c3d201111dd86d01d54a465f8912e9550325a77009cd2ba4ff909
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1020b060<br>timedatestamp.....: 0x4032061e (Tue Feb 17 12:16:30 2004)<br>machinetype.......: 0x14c (I386)<br><br>( 5 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x54d4f 0x55000 6.33 8b19756e25330280c427783a063b6dad<br>.rdata 0x56000 0x853b 0x9000 5.64 0d534b6e772648c84b028a7001c3d1b8<br>.data 0x5f000 0x7188 0x6000 3.11 a6d66fc59b1e9bb6cb179713784a324e<br>.rsrc 0x67000 0x3a8 0x1000 1.00 c88f67ea826f6adb0a8863ff2209fcb0<br>.reloc 0x68000 0x3f82 0x4000 6.69 c26f3736b7b8d0c02cfa635de7d8c632<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: SetEnvironmentVariableW, RtlUnwind, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, SetUnhandledExceptionFilter, GetModuleFileNameA, GetModuleFileNameW, ExitProcess, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, GetCommandLineA, GetVersion, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, FatalAppExitA, ResumeThread, GetLastError, CreateThread, TlsSetValue, TlsGetValue, ExitThread, CloseHandle, GetCurrentThreadId, TlsAlloc, TlsFree, SetLastError, GetCurrentThread, FindNextFileA, FindFirstFileA, FindClose, FindNextFileW, FindFirstFileW, HeapFree, HeapAlloc, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, SetHandleCount, GetFileType, GetStartupInfoA, GetCPInfo, GetACP, GetOEMCP, HeapValidate, GetProcAddress, LoadLibraryA, DebugBreak, InterlockedDecrement, OutputDebugStringA, InterlockedIncrement, MultiByteToWideChar, GetCommandLineW, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, UnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, LCMapStringA, LCMapStringW, SetConsoleCtrlHandler, RaiseException, FlushFileBuffers, SetFilePointer, SetStdHandle, Sleep, CompareStringA, CompareStringW, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetLocaleInfoW, GetTimeZoneInformation, SetEnvironmentVariableA, Beep, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDiskFreeSpaceA, GetLogicalDrives, SetErrorMode, GetFileAttributesA, GetCurrentDirectoryA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetDriveTypeA, GetCurrentProcessId, CreateDirectoryA, RemoveDirectoryA, DeleteFileA, GetFileAttributesW, GetCurrentDirectoryW, SetCurrentDirectoryW, SetFileAttributesW, GetFullPathNameW, CreateDirectoryW, DeleteFileW, MoveFileW, RemoveDirectoryW, GetDriveTypeW, MoveFileA, GetExitCodeProcess, WaitForSingleObject, FreeLibrary, CreateProcessA, CreateProcessW, HeapCompact, HeapWalk, ReadConsoleA, SetConsoleMode, GetConsoleMode, SetEndOfFile, WriteConsoleA, DuplicateHandle, GetFileInformationByHandle, PeekNamedPipe, ReadConsoleInputA, PeekConsoleInputA, GetNumberOfConsoleInputEvents, LockFile, UnlockFile, CreateFileA, CreatePipe, ReadFile, CreateFileW, GetSystemTimeAsFileTime, SetFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, GetLocalTime, SetLocalTime, GetSystemTime<br><br>( 792 exports ) <br>$I10_OUTPUT, __0__non_rtti_object@@QAE@ABV0@@Z, __0__non_rtti_object@@QAE@PBD@Z, __0bad_cast@@QAE@ABQBD@Z, __0bad_cast@@QAE@ABV0@@Z, __0bad_typeid@@QAE@ABV0@@Z, __0bad_typeid@@QAE@PBD@Z, __0exception@@QAE@ABQBD@Z, __0exception@@QAE@ABV0@@Z, __0exception@@QAE@XZ, __1__non_rtti_object@@UAE@XZ, __1bad_cast@@UAE@XZ, __1bad_typeid@@UAE@XZ, __1exception@@UAE@XZ, __1type_info@@UAE@XZ, __2@YAPAXI@Z, __2@YAPAXIHPBDH@Z, __3@YAXPAX@Z, __4__non_rtti_object@@QAEAAV0@ABV0@@Z, __4bad_cast@@QAEAAV0@ABV0@@Z, __4bad_typeid@@QAEAAV0@ABV0@@Z, __4exception@@QAEAAV0@ABV0@@Z, __8type_info@@QBEHABV0@@Z, __9type_info@@QBEHABV0@@Z, ___7__non_rtti_object@@6B@, ___7bad_cast@@6B@, ___7bad_typeid@@6B@, ___7exception@@6B@, ___E__non_rtti_object@@UAEPAXI@Z, ___Ebad_cast@@UAEPAXI@Z, ___Ebad_typeid@@UAEPAXI@Z, ___Eexception@@UAEPAXI@Z, ___G__non_rtti_object@@UAEPAXI@Z, ___Gbad_cast@@UAEPAXI@Z, ___Gbad_typeid@@UAEPAXI@Z, ___Gexception@@UAEPAXI@Z, __query_new_handler@@YAP6AHI@ZXZ, __query_new_mode@@YAHXZ, __set_new_handler@@YAP6AHI@ZP6AHI@Z@Z, __set_new_mode@@YAHH@Z, __set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z, _before@type_info@@QBEHABV1@@Z, _name@type_info@@QBEPBDXZ, _raw_name@type_info@@QBEPBDXZ, _set_new_handler@@YAP6AXXZP6AXXZ@Z, _set_terminate@@YAP6AXXZP6AXXZ@Z, _set_unexpected@@YAP6AXXZP6AXXZ@Z, _terminate@@YAXXZ, _unexpected@@YAXXZ, _what@exception@@UBEPBDXZ, _CIacos, _CIasin, _CIatan, _CIatan2, _CIcos, _CIcosh, _CIexp, _CIfmod, _CIlog, _CIlog10, _CIpow, _CIsin, _CIsinh, _CIsqrt, _CItan, _CItanh, _CrtCheckMemory, _CrtDbgBreak, _CrtDbgReport, _CrtDoForAllClientObjects, _CrtDumpMemoryLeaks, _CrtIsMemoryBlock, _CrtIsValidHeapPointer, _CrtIsValidPointer, _CrtMemCheckpoint, _CrtMemDifference, _CrtMemDumpAllObjectsSince, _CrtMemDumpStatistics, _CrtSetAllocHook, _CrtSetBreakAlloc, _CrtSetDbgBlockType, _CrtSetDbgFlag, _CrtSetDumpClient, _CrtSetReportFile, _CrtSetReportHook, _CrtSetReportMode, _CxxThrowException, _EH_prolog, _Getdays, _Getmonths, _Gettnames, _HUGE, _Strftime, _XcptFilter, __CxxFrameHandler, __CxxLongjmpUnwind, __RTCastToVoid, __RTDynamicCast, __RTtypeid, __STRINGTOLD, __argc, __argv, __badioinfo, __crtCompareStringA, __crtGetLocaleInfoW, __crtLCMapStringA, __dllonexit, __doserrno, __fpecode, __getmainargs, __initenv, __isascii, __iscsym, __iscsymf, __lc_codepage, __lc_collate_cp, __lc_handle, __lconv_init, __mb_cur_max, __p___argc, __p___argv, __p___initenv, __p___mb_cur_max, __p___wargv, __p___winitenv, __p__acmdln, __p__amblksiz, __p__commode, __p__crtAssertBusy, __p__crtBreakAlloc, __p__crtDbgFlag, __p__daylight, __p__dstbias, __p__environ, __p__fileinfo, __p__fmode, __p__iob, __p__mbcasemap, __p__mbctype, __p__osver, __p__pctype, __p__pgmptr, __p__pwctype, __p__timezone, __p__tzname, __p__wcmdln, __p__wenviron, __p__winmajor, __p__winminor, __p__winver, __p__wpgmptr, __pioinfo, __pxcptinfoptrs, __set_app_type, __setlc_active, __setusermatherr, __threadhandle, __threadid, __toascii, __unDName, __unDNameEx, __unguarded_readlc_active, __wargv, __wgetmainargs, __winitenv, _abnormal_termination, _access, _acmdln, _adj_fdiv_m16i, _adj_fdiv_m32, _adj_fdiv_m32i, _adj_fdiv_m64, _adj_fdiv_r, _adj_fdivr_m16i, _adj_fdivr_m32, _adj_fdivr_m32i, _adj_fdivr_m64, _adj_fpatan, _adj_fprem, _adj_fprem1, _adj_fptan, _adjust_fdiv, _aexit_rtn, _amsg_exit, _assert, _atodbl, _atoi64, _atoldbl, _beep, _beginthread, _beginthreadex, _c_exit, _cabs, _callnewh, _calloc_dbg, _cexit, _cgets, _chdir, _chdrive, _chgsign, _chkesp, _chmod, _chsize, _clearfp, _close, _commit, _commode, _control87, _controlfp, _copysign, _cprintf, _cputs, _creat, _crtAssertBusy, _crtBreakAlloc, _crtDbgFlag, _cscanf, _ctype, _cwait, _daylight, _dstbias, _dup, _dup2, _ecvt, _endthread, _endthreadex, _environ, _eof, _errno, _except_handler2, _except_handler3, _execl, _execle, _execlp, _execlpe, _execv, _execve, _execvp, _execvpe, _exit, _expand, _expand_dbg, _fcloseall, _fcvt, _fdopen, _fgetchar, _fgetwchar, _filbuf, _fileinfo, _filelength, _filelengthi64, _fileno, _findclose, _findfirst, _findfirsti64, _findnext, _findnexti64, _finite, _flsbuf, _flushall, _fmode, _fpclass, _fpieee_flt, _fpreset, _fputchar, _fputwchar, _free_dbg, _fsopen, _fstat, _fstati64, _ftime, _ftol, _fullpath, _futime, _gcvt, _get_osfhandle, _get_sbh_threshold, _getch, _getche, _getcwd, _getdcwd, _getdiskfree, _getdllprocaddr, _getdrive, _getdrives, _getmaxstdio, _getmbcp, _getpid, _getsystime, _getw, _getws, _global_unwind2, _heapadd, _heapchk, _heapmin, _heapset, _heapused, _heapwalk, _hypot, _i64toa, _i64tow, _initterm, _inp, _inpd, _inpw, _iob, _isatty, _isctype, _ismbbalnum, _ismbbalpha, _ismbbgraph, _ismbbkalnum, _ismbbkana, _ismbbkprint, _ismbbkpunct, _ismbblead, _ismbbprint, _ismbbpunct, _ismbbtrail, _ismbcalnum, _ismbcalpha, _ismbcdigit, _ismbcgraph, _ismbchira, _ismbckata, _ismbcl0, _ismbcl1, _ismbcl2, _ismbclegal, _ismbclower, _ismbcprint, _ismbcpunct, _ismbcspace, _ismbcsymbol, _ismbcupper, _ismbslead, _ismbstrail, _isnan, _itoa, _itow, _j0, _j1, _jn, _kbhit, _lfind, _loaddll, _local_unwind2, _lock, _locking, _logb, _longjmpex, _lrotl, _lrotr, _lsearch, _lseek, _lseeki64, _ltoa, _ltow, _makepath, _malloc_dbg, _mbbtombc, _mbbtype, _mbcasemap, _mbccpy, _mbcjistojms, _mbcjmstojis, _mbclen, _mbctohira, _mbctokata, _mbctolower, _mbctombb, _mbctoupper, _mbctype, _mbsbtype, _mbscat, _mbschr, _mbscmp, _mbscoll, _mbscpy, _mbscspn, _mbsdec, _mbsdup, _mbsicmp, _mbsicoll, _mbsinc, _mbslen, _mbslwr, _mbsnbcat, _mbsnbcmp, _mbsnbcnt, _mbsnbcoll, _mbsnbcpy, _mbsnbicmp, _mbsnbicoll, _mbsnbset, _mbsncat, _mbsnccnt, _mbsncmp, _mbsncoll, _mbsncpy, _mbsnextc, _mbsnicmp, _mbsnicoll, _mbsninc, _mbsnset, _mbspbrk, _mbsrchr, _mbsrev, _mbsset, _mbsspn, _mbsspnp, _mbsstr, _mbstok, _mbstrlen, _mbsupr, _memccpy, _memicmp, _mkdir, _mktemp, _msize, _msize_dbg, _nextafter, _onexit, _open, _open_osfhandle, _osver, _outp, _outpd, _outpw, _pclose, _pctype, _pgmptr, _pipe, _popen, _purecall, _putch, _putenv, _putw, _putws, _pwctype, _read, _realloc_dbg, _rmdir, _rmtmp, _rotl, _rotr, _safe_fdiv, _safe_fdivr, _safe_fprem, _safe_fprem1, _scalb, _searchenv, _seh_longjmp_unwind, _set_error_mode, _set_sbh_threshold, _seterrormode, _setjmp, _setjmp3, _setmaxstdio, _setmbcp, _setmode, _setsystime, _sleep, _snprintf, _snwprintf, _sopen, _spawnl, _spawnle, _spawnlp, _spawnlpe, _spawnv, _spawnve, _spawnvp, _spawnvpe, _splitpath, _stat, _stati64, _statusfp, _strcmpi, _strdate, _strdup, _strerror, _stricmp, _stricoll, _strlwr, _strncoll, _strnicmp, _strnicoll, _strnset, _strrev, _strset, _strtime, _strupr, _swab, _sys_errlist, _sys_nerr, _tell, _telli64, _tempnam, _timezone, _tolower, _toupper, _tzname, _tzset, _ui64toa, _ui64tow, _ultoa, _ultow, _umask, _ungetch, _unlink, _unloaddll, _unlock, _utime, _vsnprintf, _vsnwprintf, _waccess, _wasctime, _wchdir, _wchmod, _wcmdln, _wcreat, _wcsdup, _wcsicmp, _wcsicoll, _wcslwr, _wcsncoll, _wcsnicmp, _wcsnicoll, _wcsnset, _wcsrev, _wcsset, _wcsupr, _wctime, _wenviron, _wexecl, _wexecle, _wexeclp, _wexeclpe, _wexecv, _wexecve, _wexecvp, _wexecvpe, _wfdopen, _wfindfirst, _wfindfirsti64, _wfindnext, _wfindnexti64, _wfopen, _wfreopen, _wfsopen, _wfullpath, _wgetcwd, _wgetdcwd, _wgetenv, _winmajor, _winminor, _winver, _wmakepath, _wmkdir, _wmktemp, _wopen, _wperror, _wpgmptr, _wpopen, _wputenv, _wremove, _wrename, _write, _wrmdir, _wsearchenv, _wsetlocale, _wsopen, _wspawnl, _wspawnle, _wspawnlp, _wspawnlpe, _wspawnv, _wspawnve, _wspawnvp, _wspawnvpe, _wsplitpath, _wstat, _wstati64, _wstrdate, _wstrtime, _wsystem, _wtempnam, _wtmpnam, _wtoi, _wtoi64, _wtol, _wunlink, _wutime, _y0, _y1, _yn, abort, abs, acos, asctime, asin, atan, atan2, atexit, atof, atoi, atol, bsearch, calloc, ceil, clearerr, clock, cos, cosh, ctime, difftime, div, exit, exp, fabs, fclose, feof, ferror, fflush, fgetc, fgetpos, fgets, fgetwc, fgetws, floor, fmod, fopen, fprintf, fputc, fputs, fputwc, fputws, fread, free, freopen, frexp, fscanf, fseek, fsetpos, ftell, fwprintf, fwrite, fwscanf, getc, getchar, getenv, gets, getwc, getwchar, gmtime, is_wctype, isalnum, isalpha, iscntrl, isdigit, isgraph, isleadbyte, islower, isprint, ispunct, isspace, isupper, iswalnum, iswalpha, iswascii, iswcntrl, iswctype, iswdigit, iswgraph, iswlower, iswprint, iswpunct, iswspace, iswupper, iswxdigit, isxdigit, labs, ldexp, ldiv, localeconv, localtime, log, log10, longjmp, malloc, mblen, mbstowcs, mbtowc, memchr, memcmp, memcpy, memmove, memset, mktime, modf, perror, pow, printf, putc, putchar, puts, putwc, putwchar, qsort, raise, rand, realloc, remove, rename, rewind, scanf, setbuf, setlocale, setvbuf, signal, sin, sinh, sprintf, sqrt, srand, sscanf, strcat, strchr, strcmp, strcoll, strcpy, strcspn, strerror, strftime, strlen, strncat, strncmp, strncpy, strpbrk, strrchr, strspn, strstr, strtod, strtok, strtol, strtoul, strxfrm, swprintf, swscanf, system, tan, tanh, time, tmpfile, tmpnam, tolower, toupper, towlower, towupper, ungetc, ungetwc, vfprintf, vfwprintf, vprintf, vsprintf, vswprintf, vwprintf, wcscat, wcschr, wcscmp, wcscoll, wcscpy, wcscspn, wcsftime, wcslen, wcsncat, wcsncmp, wcsncpy, wcspbrk, wcsrchr, wcsspn, wcsstr, wcstod, wcstok, wcstol, wcstombs, wcstoul, wcsxfrm, wctomb, wprintf, wscanf<br>



    Fichier ftp34.dll reçu le 2008.05.12 18:14:32 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 TR/Spy.Gen
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 PSW.Agent.SYV
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 Trojan.Downloader-34503
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 Win32/Ruternam!generic
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Fortinet 3.14.0.0 2008.05.12 W32/Small.VEM!tr.dldr
    GData 2.0.7306.1023 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Ikarus T3.1.1.26.0 2008.05.12 Trojan-Spy
    Kaspersky 7.0.0.125 2008.05.12 Trojan-Downloader.Win32.Small.vem
    McAfee 5291 2008.05.08 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 a variant of Win32/PSW.Agent.NHG
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 Trj/Agent.ISS
    Prevx1 V2 2008.05.12 Cloaked Malware
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 Troj/Agent-GXN
    Sunbelt 3.0.1114.0 2008.05.12 Trojan.Spy.Gen
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 Trojan.Spy.Gen
    Information additionnelle
    File size: 5120 bytes
    MD5...: 282b2617356b0bbd801e6fe01bee268f
    SHA1..: e7525098e94c2869884c5912b8032785fc5f5775
    SHA256: 1149ca0b67d47d09954ea0b60f7eec808d43dab8ad98ec62e10079725e62b106
    SHA512: 9043ec2978e5e6e97f8aa68684a49aa226d882126e1f080d70bd33ca8919960f<br>69464d97cbbb2a367ee211bdec90f3aed6b7789a54312836ab1105ab72e6ce7a
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10109bd0<br>timedatestamp.....: 0x4814538a (Sun Apr 27 10:20:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x108000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x109000 0x1000 0xe00 7.47 d389311106dc1ac64198f61d8c6289ed<br>UPX2 0x10a000 0x1000 0x200 2.72 aabf72553e4930941b56470f277dedf4<br><br>( 4 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree<br>&gt; MSVCRT.dll: free<br>&gt; USER32.dll: CallNextHookEx<br>&gt; WS2_32.dll: -<br><br>( 0 exports ) <br>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CBE9867000EA637B149200FBBEDAD4(...)
    packers (F-Prot): UPX

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 TR/Spy.Gen
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 PSW.Agent.SYV
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 Trojan.Downloader-34503
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 Win32/Ruternam!generic
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Fortinet 3.14.0.0 2008.05.12 W32/Small.VEM!tr.dldr
    GData 2.0.7306.1023 2008.05.12 Trojan-Downloader.Win32.Small.vem
    Ikarus T3.1.1.26.0 2008.05.12 Trojan-Spy
    Kaspersky 7.0.0.125 2008.05.12 Trojan-Downloader.Win32.Small.vem
    McAfee 5291 2008.05.08 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 a variant of Win32/PSW.Agent.NHG
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 Trj/Agent.ISS
    Prevx1 V2 2008.05.12 Cloaked Malware
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 Troj/Agent-GXN
    Sunbelt 3.0.1114.0 2008.05.12 Trojan.Spy.Gen
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 Trojan.Spy.Gen

    Information additionnelle
    File size: 5120 bytes
    MD5...: 282b2617356b0bbd801e6fe01bee268f
    SHA1..: e7525098e94c2869884c5912b8032785fc5f5775
    SHA256: 1149ca0b67d47d09954ea0b60f7eec808d43dab8ad98ec62e10079725e62b106
    SHA512: 9043ec2978e5e6e97f8aa68684a49aa226d882126e1f080d70bd33ca8919960f<br>69464d97cbbb2a367ee211bdec90f3aed6b7789a54312836ab1105ab72e6ce7a
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x10109bd0<br>timedatestamp.....: 0x4814538a (Sun Apr 27 10:20:58 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x108000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x109000 0x1000 0xe00 7.47 d389311106dc1ac64198f61d8c6289ed<br>UPX2 0x10a000 0x1000 0x200 2.72 aabf72553e4930941b56470f277dedf4<br><br>( 4 imports ) <br>&gt; KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree<br>&gt; MSVCRT.dll: free<br>&gt; USER32.dll: CallNextHookEx<br>&gt; WS2_32.dll: -<br><br>( 0 exports ) <br>
    Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=CBE9867000EA637B149200FBBEDAD4(...)
    packers (F-Prot): UPX



    Fichier sqmdata19.sqm reçu le 2008.05.12 18:16:51 (CET)
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 -
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 -
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 -
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 -
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 -
    Fortinet 3.14.0.0 2008.05.12 -
    GData 2.0.7306.1023 2008.05.12 -
    Ikarus T3.1.1.26.0 2008.05.12 -
    Kaspersky 7.0.0.125 2008.05.12 -
    McAfee 5292 2008.05.10 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 -
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 -
    Prevx1 V2 2008.05.12 -
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 -
    Sunbelt 3.0.1114.0 2008.05.12 -
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 -
    Information additionnelle
    File size: 268 bytes
    MD5...: 73fbdc164808f55e21953bf6285ce3f7
    SHA1..: 0a22aa8b5d982e10ff8f872871b5a8ac2a628d94
    SHA256: ddead27e9efc2e18f60372cf13d069c329247d2bec446082dbbaf4139968f623
    SHA512: 48956acdec4c826b9595e420f4333cfaeaf53e94c5bbcbd7456aca08b32b51ed<br>b9c124294c1604e4d5c7c9a276c7f14fd20f39613b3f259d32226fc31d7db278
    PEiD..: -
    PEInfo: -

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.5.10.0 2008.05.10 -
    AntiVir 7.8.0.17 2008.05.12 -
    Authentium 5.1.0.4 2008.05.11 -
    Avast 4.8.1169.0 2008.05.11 -
    AVG 7.5.0.516 2008.05.12 -
    BitDefender 7.2 2008.05.08 -
    CAT-QuickHeal 9.50 2008.05.12 -
    ClamAV 0.92.1 2008.05.12 -
    DrWeb 4.44.0.09170 2008.05.12 -
    eSafe 7.0.15.0 2008.05.12 -
    eTrust-Vet 31.4.5781 2008.05.12 -
    Ewido 4.0 2008.05.12 -
    F-Prot 4.4.2.54 2008.05.12 -
    F-Secure 6.70.13260.0 2008.05.12 -
    Fortinet 3.14.0.0 2008.05.12 -
    GData 2.0.7306.1023 2008.05.12 -
    Ikarus T3.1.1.26.0 2008.05.12 -
    Kaspersky 7.0.0.125 2008.05.12 -
    McAfee 5292 2008.05.10 -
    Microsoft 1.3408 2008.05.12 -
    NOD32v2 3093 2008.05.12 -
    Norman 5.80.02 2008.05.09 -
    Panda 9.0.0.4 2008.05.11 -
    Prevx1 V2 2008.05.12 -
    Rising 20.44.02.00 2008.05.12 -
    Sophos 4.29.0 2008.05.12 -
    Sunbelt 3.0.1114.0 2008.05.12 -
    Symantec 10 2008.05.12 -
    TheHacker 6.2.92.307 2008.05.12 -
    VBA32 3.12.6.5 2008.05.12 -
    VirusBuster 4.3.26:9 2008.05.11 -
    Webwasher-Gateway 6.6.2 2008.05.12 -

    Information additionnelle
    File size: 268 bytes
    MD5...: 73fbdc164808f55e21953bf6285ce3f7
    SHA1..: 0a22aa8b5d982e10ff8f872871b5a8ac2a628d94
    SHA256: ddead27e9efc2e18f60372cf13d069c329247d2bec446082dbbaf4139968f623
    SHA512: 48956acdec4c826b9595e420f4333cfaeaf53e94c5bbcbd7456aca08b32b51ed<br>b9c124294c1604e4d5c7c9a276c7f14fd20f39613b3f259d32226fc31d7db278
    PEiD..: -
    PEInfo: -

    voila je reviens je vis terminer le reste de loperation
    k_alone
      
       
          ?   @     Posté le 12/05/2008 19:25:29  
    Voter pour ce message
    et voila le rapport de malware

    est ce que je peux recocher les fichiers masqués du systeme d'exploitation maintenant ou dois je attendre?

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 742

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 60722
    Temps écoulé: 47 minute(s), 50 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 101

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Documents and Settings\Administrateur.BRUNO-110A629AF\ftp34.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Documents and Settings\bruno\ftp34.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\ftp34.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\ftp34.dll.ren (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Documents and Settings\Administrateur.BRUNO-110A629AF\cftmon.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Documents and Settings\bruno\cftmon.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Documents and Settings\LocalService\cftmon.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\Microsoft Security Adviser\mssadv.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\mssadv.dll.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\spools.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002361.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002363.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002368.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002369.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002371.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002372.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002387.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002388.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002390.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002391.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002401.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002402.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002404.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0002405.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0003401.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0003402.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0003404.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0003405.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0003411.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{F6447D13-FAE4-44BF-A245-18FFED448284}\RP44\A0003412.dll (Trojan.DN