Cheval de troie détecté par Avast

cocojohn -  
cocojohn Messages postés 1 Statut Membre -
Bonjour,

Depuis quelques jours AVAST détecte des "cheval de troie" sur plusieurs fichiers.
Je vous joins le log réalisé par Hijackthis
Merci d'avance pour vos conseils
Cordialement

Logfile of HijackThis v1.99.1
Scan saved at 14:58:12, on 12/07/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\regedit.exe
C:\Windows\explorer.exe
C:\Users\Jean\Documents\web\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Jean\LOCALS~1\APPLIC~1\MICROS~1\mstsc.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils Copernic Desktop Search - Home - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [mgqwa] "c:\users\jean\appdata\local\mgqwa.exe" mgqwa
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Configuration: Windows Vista
Firefox 3.0.11

16 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt désactive le tea timer de spybot en allant dans mode puis mode avancé puis outils puis resident

    puis

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter

    en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
    1
    1. cocojohn
       
      Bonjour
      Voici le résultat de l'analyse

      Cordialement



      *** Recherche dossiers dans "c:\users\jean\appdata\roaming\micros~1\windows\startm~1\programs" ***


      *** Recherche dossiers dans "C:\Users\Jean\AppData\Local\virtualstore\Program Files" ***



      *** Recherche dossiers dans "C:\Users\Jean\AppData\Local" ***




      *** Recherche dossiers dans "C:\Users\Jean\AppData\Roaming" ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\Windows\system32" *

      * Recherche dans "C:\Users\Jean\AppData\Local\Microsoft" *

      * Recherche dans "C:\Users\Jean\AppData\Local" *



      *** Recherche fichiers ***



      *** Recherche clés spécifiques dans le Registre ***
      !! Les clés trouvées ne sont pas forcément infectées !!


      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "mgqwa"="\"c:\\users\\jean\\appdata\\local\\mgqwa.exe\" mgqwa"


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\Windows\system32" :


      * Dans "C:\Users\Jean\AppData\Local\Microsoft" :


      * Dans "C:\Users\Jean\AppData\Local" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche autres dossiers et fichiers connus :



      *** Analyse terminée le 12/07/2009 à 17:58:07,82 ***
      0
  2. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    ho
    pedro

    ça
    "O4 - HKCU\..\Run: [mgqwa] "c:\users\jean\appdata\local\mgqwa.exe" mgqwa"

    ou tu vois que MBAM la dégommé?il a juste dégommé la clé run...dans trois jours il reviendra avec une autre famille!

    tu demandes de fixer ça
    "O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe"

    alors que hijack ne fixe pas les services de cette manière et qui en plus est parfaitement légitime
    https://www.processlibrary.com/en/search?q=snmvtsvc

    faut que t'arrête les conner***
    1
  3. pedrodu69 Messages postés 279 Statut Membre 11
     
    Bonjour ,

    tu vas relancer Hijackthis puis faire : " do a system scan only" et tu selectionneras ces lignes :

    "F3 - REG:win.ini: load=C:\Users\Jean\LOCALS~1\APPLIC~1\MICROS~1\mstsc.exe"
    "O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)"
    "O4 - HKCU\..\Run: [mgqwa] "c:\users\jean\appdata\local\mgqwa.exe" mgqwa"
    "O23 - Service: SoundMovieServer - SoundMovieServer - C:\Windows\system32\snmvtsvc.exe"

    Puis tu fais FIX CHECKED.

    Une fois sa fait , tu vas télécharger MBAM ici : https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html

    Tu lances un scan COMPLET et tout ce qu'il trouveras , tu SUPPRIMES et tu me post un rapport qui se trouve dans " rapports\log" du logiciel .

    Tiens moi au courant.
    0
    1. cocojohn
       
      Bonjour Pedro

      Ci joint le rapport après avoir suivi tes conseils
      Après reboot du PC je n'ai plus de message d'alerte

      Je te tiens informé de la suite
      Cordialement
      Jean


      Le rapport :


      alwarebytes' Anti-Malware 1.38
      Version de la base de données: 2412
      Windows 6.0.6001 Service Pack 1

      12/07/2009 17:05:16
      mbam-log-2009-07-12 (17-05-16).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 272048
      Temps écoulé: 1 hour(s), 8 minute(s), 44 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 7

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mgqwa (Trojan.Agent.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      c:\Users\Jean\documents\web\Alcohol\alcohol 120% fr v1.9.6.5429 (xp_vista) + crack\alcohol 120% fr v1.9.6.5429 (crack)\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\Users\Jean\documents\web\protected_storage_passview\pspv.exe (Password.Stealer) -> Quarantined and deleted successfully.
      d:\Donnees\protected_storage_passview\pspv.exe (Password.Stealer) -> Quarantined and deleted successfully.
      c:\Users\Jean\AppData\Roaming\Microsoft\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Users\Jean\Local Settings\Application Data\mqtgsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\drivers\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      0
  4. InfernO.vir
     
    Slt,

    Pedro, c'est pas en fixant des lignes dans HJT que les infections vont se volatiliser ! et arrete de faire passer MBAM a tout bout de champ sur tous les topics.... encore un ! -_-

    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. pedrodu69 Messages postés 279 Statut Membre 11
     
    Mais laisse moi faire. MBAM marche tres bien , comme tu vois le resultat !
    0
  7. InfernO.vir
     
    Pedro, je me permets de soutenir chimay, ta "desinfecté" combien de pc sur CCM une dizaine ? ... alors viens pas faire ta loi ici mon coco ! t'es un boulet, tu ne connais rien dans la desinfection et je ne suis pas le seul a le dire ! tu balance des procedures sans savoir ce que tu fais... tu fait passer combofix alors que tu ne sais meme pas desactiver un service avec HJT et reconnaitre une infection de base, alors je serais a ta place, je fermerais mon clapet ! ... il se croit ou lui....

    0
  8. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    comme tu vois le resultat !

    ce que je vois comme résultat,c'est que tu essayes de faire fixer des lignes qui sont légitimes
    0
  9. InfernO.vir
     
    Hé chimay ! c'est pratique le robot hijackthis, n'est-ce pas pedro... ;-)

    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    refais navilog , choisi l'option 2 et colle le rapport

    puis

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. cocojohn
       
      Bonjour
      Ci joint les 3 fichiers

      Cordialement


      le rapport de Navilog1 avec l'option 2:


      Clean Navipromo version 3.7.5 commencé le 12/07/2009 à 19:38:42,24

      Outil exécuté depuis C:\Program Files\navilog1

      Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
      X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
      BIOS : Phoenix - AwardBIOS v6.00PG
      USER : Jean ( Administrator )
      BOOT : Normal boot

      Antivirus : avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 (Activated)


      C:\ (Local Disk) - NTFS - Total:225 Go (Free:31 Go)
      D:\ (Local Disk) - NTFS - Total:59 Go (Free:44 Go)
      E:\ (CD or DVD)
      G:\ (USB)
      H:\ (USB)
      I:\ (USB)
      J:\ (USB)
      K:\ (USB)


      Mode suppression automatique
      avec prise en charge résultats Catchme et GNS


      Nettoyage exécuté au redémarrage de l'ordinateur


      *** fsbl1.txt non trouvé ***
      (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


      *** Suppression avec sauvegardes résultats GenericNaviSearch ***

      * Suppression dans "C:\Windows\System32" *


      * Suppression dans "C:\Users\Jean\AppData\Local\Microsoft" *


      * Suppression dans "C:\Users\Jean\AppData\Local" *



      *** Suppression dossiers dans "C:\Windows" ***


      *** Suppression dossiers dans "C:\Program Files" ***


      *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


      *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


      *** Suppression dossiers dans "C:\ProgramData" ***


      *** Suppression dossiers dans c:\users\jean\appdata\roaming\micros~1\windows\startm~1\programs ***


      *** Suppression dossiers dans "C:\Users\Jean\AppData\Local\virtualstore\Program Files" ***


      *** Suppression dossiers dans "C:\Users\Jean\AppData\Local" ***


      *** Suppression dossiers dans "C:\Users\Jean\AppData\Roaming" ***



      *** Suppression fichiers ***


      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\Windows\Temp effectué !
      Nettoyage contenu C:\Users\Jean\AppData\Local\Temp effectué !

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

      2)Recherche, création sauvegardes et suppression Heuristique :


      * Dans "C:\Windows\system32" *



      * Dans "C:\Users\Jean\AppData\Local\Microsoft" *



      * Dans "C:\Users\Jean\AppData\Local" *



      *** Sauvegarde du Registre vers dossier Safebackup ***

      sauvegarde du Registre réalisée avec succès !

      *** Nettoyage Registre ***

      Nettoyage Registre Ok


      *** Certificats ***

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat Montorgueil absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltdt absent !


      *** Recherche autres dossiers et fichiers connus ***



      *** Nettoyage terminé le 12/07/2009 à 19:43:54,01 ***


      Les 2 rapports suivants :

      Premier rapport

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Jean at 2009-07-12 19:48:18
      Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
      System drive C: has 32 GB (14%) free of 231 GB
      Total RAM: 2046 MB (52% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:48:46, on 12/07/2009
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\notepad.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Windows\WindowsMobile\wmdSync.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\DNA\btdna.exe
      C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Logitech\SetPoint\SetPoint.exe
      C:\Program Files\PDFCreator\PDFCreator.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
      C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
      C:\Program Files\Windows Mail\WinMail.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\explorer.exe
      C:\Users\Jean\Documents\web\RsiT\RSIT.exe
      C:\Program Files\trend micro\Jean.exe
      C:\Windows\system32\SearchFilterHost.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Barre d'outils Copernic Desktop Search - Home - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000048.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Windows\mstinit.exe /waitservice (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Windows\mstinit.exe /waitservice (User 'Default user')
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
      O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
      O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
      O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
      O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
      0
  11. [EniDurb_Rp] Messages postés 1769 Statut Membre 489
     
    N ECOUTE QUE JLPJLP ou a la limite chimay mais pas pedro il raconte des bétises
    a l avenir regarde le score ou le nombre de messages de celui à qui tu fais confiance

    AVAST est bon pour ceux qui on de la chance si tu commence a faire le malin avec avast t es mort
    même avec le meilleur anti virus du monde tu n es pas in verolable

    ensuite on voit l incapacité d avast lorsqu on effectue des tests :)
    genre une clé usb avec 300-350 virus les plus courants et on s apercoit que avast est minable

    Avast - La Passoire est la pire des daubes des antivirus gratuits, il est aveugle ou presque, et quand il voit, ce n'est pas un vrai virus ou il est incapable d'agir...

    A lire: https://forum.malekal.com/viewtopic.php?f=45&t=11659

    La bonne place pour Avast, dans la cuisine, avec les autres passoires... Ou à la poubelle mais certainement pas sur un Pc...

    Voici quelques liens sérieux de comparaisons d’antivirus …
    https://forum.malekal.com/viewtopic.php?f=45&t=11659 (malekal)
    http://winnow.oitc.com/AntiVirusPerformance.html
    http://winnow.oitc.com/avmalwarestats.php

    Malekal est la plus réputé dans le domaine de l informatique et a fait ses preuves !

    je te conseil de passer a avira lorsque jlpjlp te dira que c' est clean

    Cdlt Enidurb
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    mets a jour adobe reader avec la version 9 car tu en est a la version 8

    pour vista le sp2 est sorti il faudra voir par la suite

    pour vérifier ton pc:

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
    1. cocojohn
       
      Bonjour
      le resultat de scan en ligne
      Cdt

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-07-13 06:10:22
      PROTECTIONS: 4
      MALWARE: 41
      SUSPECTS: 24
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 Yes Yes
      Spybot - Search and Destroy 1.0.0.6 No No
      Windows Defender 1.1.1505.0 No Yes
      avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 No Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00035727 Adware/ClockSync Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe]
      00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\TraceTool\excel_tool\WNAddIns.xla
      00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\Excel\batch tool.zip[batch tool/WNAddIns.xla]
      00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\Excel\batch tool\WNAddIns.xla
      00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\TraceTool\excel_tool.zip[WNAddIns.xla]
      00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[2].txt
      00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[1].txt
      00154694 Adware/WeatherCast Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVSNInst.exe][VVSN.exe]
      00160595 Adware/WeatherCast Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVSNInst.exe]
      00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@com[1].txt
      00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@yadro[2].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[1].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[2].txt
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@ad.yieldmanager[2].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@serving-sys[1].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@bs.serving-sys[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@weborama[2].txt
      00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[1].txt
      00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[3].txt
      00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@overture[1].txt
      00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@questionmarket[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@smartadserver[2].txt
      00361421 Application/MyWay HackTools No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[s4BarSp.exe]
      00436936 Trj/Rustock.L Virus/Trojan No 0 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\is7771.exe
      00521110 Hacktool/Passview.T HackTools No 1 Yes No D:\Donnees\Protected_Storage_Passview\pspv.zip[pspv.exe]
      00521110 Hacktool/Passview.T HackTools No 1 Yes No C:\Users\Jean\Documents\web\Protected_Storage_Passview\pspv.zip[pspv.exe]
      00958500 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Getright\getrt420.exe
      00967264 Trj/Agent.MFH Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\sld_codec\sld.codec.pack.2.2.exe
      01228695 Adware/Gator Adware No 0 No No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe[data\divx5\0\DivXPro502GAINBundle.exe]
      01264355 Trj/Banker.SW Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[Capthumb.dll]
      01465830 Trj/Sinowal.WIM Virus/Trojan No 0 Yes No C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\545B159B-00001D1B.eml[ecard.zip][ecard.exe]
      01465830 Trj/Sinowal.WIM Virus/Trojan No 0 Yes No C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0CBC65E6-00001D20.eml[ecard.zip][ecard.exe]
      01650300 HackTool/Samdump HackTools No 0 Yes No C:\Users\Jean\Documents\web\ophcrack-win32-installer-2.3.4.exe
      02002069 Adware/Gator Adware No 0 Yes No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe
      02384575 Trj/Banker.JER Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Philips Ccr600 CAR400 MK1\Ccr600 CAR400 MK1.exe
      02384575 Trj/Banker.JER Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Philips Car Radio Decoding Software\Philips Car Radio Decoding Software\Ccr600 v1.2.exe]
      02384575 Trj/Banker.JER Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Philips Ccr600 CAR400 MK1/Ccr600 CAR400 MK1.exe]
      02918743 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][manager.exe]
      02918748 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hosts.exe]
      02918751 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][irc\irc.exe]
      02924054 Adware/AccesMembre Adware No 0 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][downloader\downloader.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.00.exe
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-1000\$R3EA9MB\crack.exe
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.0.exe
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-1000\$RMW6KDZ.zip[crack.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Daewoo Car Radio Decoding Software\DAEWOO Serials Calculator v1.00.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.0.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.00.exe]
      03263573 Trj/Inject.K Virus/Trojan No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe]
      03263573 Trj/Inject.K Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe
      03433835 W32/Mytob.QL.worm Virus No 1 Yes No C:\Users\Jean\Documents\web\IePV\iepv.exe
      03433835 W32/Mytob.QL.worm Virus No 1 Yes No C:\Users\Jean\Documents\web\IePV\iepv_fr.zip[iepv.exe]
      03495586 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Radio Codes2 and DVD Unlocking Codes.zip[radio-decode-softwares.zip][Radio Decode Package/Blaupunkt/Blaupunkt v1.0.exe]
      03495586 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/More Blaupunkt/BPcalc v1[1].0 .exe]
      03727302 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE[C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE][is156383.exe]
      03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
      03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
      03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
      03918956 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\VNC\Real.VNC.Enterprise.Edition.v4.1.9.Incl.Keymaker-ZWT.zip[zwt.rar][keygen.exe]
      03918998 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Abby Convert PDF\ABBYY PDF Transformer v2.0 - Mr1000 + keygen.rar[keygen\keygen.exe]
      03918998 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Abby Convert PDF\keygen\keygen.exe
      04010329 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hostsmon.exe]
      05205981 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Navilog1\Backupnavi\mgqwa.exe
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location lo�p�+�9
      ;===================================================================================================================================================================================
      No C:\Program Files\Navilog1\gnc.exe lo�p�+�9
      No C:\Users\Jean\AppData\Local\Microsoft\logman.exe lo�p�+�9
      No C:\Users\Jean\AppData\Roaming\esentutl.exe lo�p�+�9
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe lo�p�+�9
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\ae2000pr.exe lo�p�+�9
      No D:\Donnees\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe] lo�p�+�9
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description lo�p�+�9
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
    2. cocojohn
       
      Bonsoir
      Tout à l'air de bien fonctionner.
      Y a t-il une suite ou des recommandations particulères

      Merci d'avance pour votre aide
      Cdt
      0
  13. chimay8 Messages postés 7947 Statut Contributeur sécurité 60
     
    lol
    j'adore le
    ou a la limite
    0
  14. cocojohn
     
    Bonjour
    Ci joint le résultat du scan
    Cdt

    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-07-13 06:10:22
    PROTECTIONS: 4
    MALWARE: 41
    SUSPECTS: 24
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 Yes Yes
    Spybot - Search and Destroy 1.0.0.6 No No
    Windows Defender 1.1.1505.0 No Yes
    avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00035727 Adware/ClockSync Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe]
    00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\TraceTool\excel_tool\WNAddIns.xla
    00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\Excel\batch tool.zip[batch tool/WNAddIns.xla]
    00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\Excel\batch tool\WNAddIns.xla
    00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\TraceTool\excel_tool.zip[WNAddIns.xla]
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[2].txt
    00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[1].txt
    00154694 Adware/WeatherCast Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVSNInst.exe][VVSN.exe]
    00160595 Adware/WeatherCast Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVSNInst.exe]
    00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@com[1].txt
    00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@yadro[2].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[1].txt
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[2].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@ad.yieldmanager[2].txt
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@bs.serving-sys[2].txt
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@weborama[2].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[1].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[3].txt
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@overture[1].txt
    00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@questionmarket[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@smartadserver[2].txt
    00361421 Application/MyWay HackTools No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[s4BarSp.exe]
    00436936 Trj/Rustock.L Virus/Trojan No 0 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\is7771.exe
    00521110 Hacktool/Passview.T HackTools No 1 Yes No D:\Donnees\Protected_Storage_Passview\pspv.zip[pspv.exe]
    00521110 Hacktool/Passview.T HackTools No 1 Yes No C:\Users\Jean\Documents\web\Protected_Storage_Passview\pspv.zip[pspv.exe]
    00958500 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Getright\getrt420.exe
    00967264 Trj/Agent.MFH Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\sld_codec\sld.codec.pack.2.2.exe
    01228695 Adware/Gator Adware No 0 No No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe[data\divx5\0\DivXPro502GAINBundle.exe]
    01264355 Trj/Banker.SW Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[Capthumb.dll]
    01465830 Trj/Sinowal.WIM Virus/Trojan No 0 Yes No C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\545B159B-00001D1B.eml[ecard.zip][ecard.exe]
    01465830 Trj/Sinowal.WIM Virus/Trojan No 0 Yes No C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0CBC65E6-00001D20.eml[ecard.zip][ecard.exe]
    01650300 HackTool/Samdump HackTools No 0 Yes No C:\Users\Jean\Documents\web\ophcrack-win32-installer-2.3.4.exe
    02002069 Adware/Gator Adware No 0 Yes No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe
    02384575 Trj/Banker.JER Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Philips Ccr600 CAR400 MK1\Ccr600 CAR400 MK1.exe
    02384575 Trj/Banker.JER Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Philips Car Radio Decoding Software\Philips Car Radio Decoding Software\Ccr600 v1.2.exe]
    02384575 Trj/Banker.JER Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Philips Ccr600 CAR400 MK1/Ccr600 CAR400 MK1.exe]
    02918743 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][manager.exe]
    02918748 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hosts.exe]
    02918751 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][irc\irc.exe]
    02924054 Adware/AccesMembre Adware No 0 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][downloader\downloader.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.00.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-1000\$R3EA9MB\crack.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.0.exe
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-1000\$RMW6KDZ.zip[crack.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Daewoo Car Radio Decoding Software\DAEWOO Serials Calculator v1.00.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.0.exe]
    03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.00.exe]
    03263573 Trj/Inject.K Virus/Trojan No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe]
    03263573 Trj/Inject.K Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe
    03433835 W32/Mytob.QL.worm Virus No 1 Yes No C:\Users\Jean\Documents\web\IePV\iepv.exe
    03433835 W32/Mytob.QL.worm Virus No 1 Yes No C:\Users\Jean\Documents\web\IePV\iepv_fr.zip[iepv.exe]
    03495586 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Radio Codes2 and DVD Unlocking Codes.zip[radio-decode-softwares.zip][Radio Decode Package/Blaupunkt/Blaupunkt v1.0.exe]
    03495586 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/More Blaupunkt/BPcalc v1[1].0 .exe]
    03727302 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE[C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE][is156383.exe]
    03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
    03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
    03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
    03918956 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\VNC\Real.VNC.Enterprise.Edition.v4.1.9.Incl.Keymaker-ZWT.zip[zwt.rar][keygen.exe]
    03918998 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Abby Convert PDF\ABBYY PDF Transformer v2.0 - Mr1000 + keygen.rar[keygen\keygen.exe]
    03918998 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Abby Convert PDF\keygen\keygen.exe
    04010329 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hostsmon.exe]
    05205981 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Navilog1\Backupnavi\mgqwa.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No C:\Program Files\Navilog1\gnc.exe
    No C:\Users\Jean\AppData\Local\Microsoft\logman.exe
    No C:\Users\Jean\AppData\Roaming\esentutl.exe
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR[setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe
    No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip[setup.exe]
    No C:\Users\Jean\Documents\web\Excel_password\ae2000pr.exe
    No D:\Donnees\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTM
    http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTM.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :processes
    explorer.exe
    :files
    C:\Users\Jean\Documents\web\Codec\Cdvd.exe
    D:\Donnees\TraceTool\excel_tool\WNAddIns.xla
    D:\Donnees\Excel\batch tool.zip[batch tool/WNAddIns.xla]
    D:\Donnees\Excel\batch tool\WNAddIns.xla
    D:\Donnees\TraceTool\excel_tool.zip
    C:\Users\Jean\Documents\web\Codec\Cdvd.exe
    C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVS­NInst.exe]
    C:\Users\Jean\Documents\web\Codec\Cdvd.exe[s4BarSp.exe]
    C:\Program Files\Alwil Software\Avast4\DATA\moved\is7771.exe
    D:\Donnees\Protected_Storage_Passview\pspv.zip
    C:\Users\Jean\Documents\web\Protected_Storage_Passview\pspv.­zip
    C:\Users\Jean\Documents\web\Getright\getrt420.exe
    C:\Users\Jean\Documents\web\sld_codec\sld.codec.pack.2.2.exe­
    C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta16­1.exe
    C:\Users\Jean\Documents\web\Codec\Cdvd.exe[Capthumb.dll]
    C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\545B159B-00001D1B.eml
    C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0CBC65E6-00001D20.eml
    C:\Users\Jean\Documents\web\ophcrack-win32-installer-2.3.4.e­xe
    C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta16­1.exe
    C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Philips Ccr600 CAR400 MK1\Ccr600 CAR400 MK1.exe
    C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.­eng.rar
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[C­AR.RADIO.CALCULATOR/final2.dat][manager.exe]
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[C­AR.RADIO.CALCULATOR/final2.dat][hosts\hosts.exe]
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[C­AR.RADIO.CALCULATOR/final2.dat][irc\irc.exe]
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[C­AR.RADIO.CALCULATOR/final2.dat][downloader\downloader.exe]
    C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.00.exe
    C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-100­0\$R3EA9MB\crack.exe
    C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.0.exe
    C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-100­0\$RMW6KDZ.zip
    C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.­eng.rar[Car_Radio_Code_Calculator\Daewoo Car Radio Decoding Software\DAEWOO Serials Calculator v1.00.exe]
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[C­AR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.0.exe]
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[C­AR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.00.exe]
    C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe]
    C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe
    C:\Users\Jean\Documents\web\IePV\iepv.exe
    C:\Users\Jean\Documents\web\IePV\iepv_fr.zip[iepv.exe]
    C:\Users\Jean\Documents\Downloads\Radio Codes2 and DVD Unlocking Codes.zip[radio-decode-softwares.zip][Radio Decode Package/Blaupunkt/Blaupunkt v1.0.exe]
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/More Blaupunkt/BPcalc v1[1].0 .exe]
    C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE[C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE][is156383.exe]
    C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar
    C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
    C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
    No C:\Users\Jean\Documents\web\VNC\Real.VNC.Enterprise.Edition.v4.1.9.Incl.Keymaker-ZWT.zip
    C:\Users\Jean\Documents\web\Abby Convert PDF\ABBYY PDF Transformer v2.0 - Mr1000 + keygen.rar
    C:\Users\Jean\Documents\web\Abby Convert PDF\keygen\keygen.exe
    C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hostsmon.exe]
    C:\Program Files\Navilog1
    C:\Users\Jean\AppData\Local\Microsoft\logman.exe
    C:\Users\Jean\AppData\Roaming\esentutl.exe
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTM\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________________

    lance tool cleaner et vire tout
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

    _____________________________

    télécharge combofix (par sUBs) ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    déconnecte toi d'internet et ferme toutes tes applications.

    désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

    double-clique sur combofix.exe et suis les instructions

    à la fin, il va produire un rapport C:\ComboFix.txt

    réactive ton parefeu, ton antivirus, la garde de ton antispyware

    copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Tu as un tutoriel complet ici :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
    1. cocojohn
       
      Bonsoir
      Voici le résultat de ComboFix
      Cdt


      omboFix 09-07-14.08 - Jean 17/07/2009 21:39.1.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1150 [GMT 2:00]
      Running from: c:\users\Jean\Desktop\ComboFix.exe
      AV: avast! antivirus 4.8.1290 [VPS 081122-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
      SP: avast! antivirus 4.8.1290 [VPS 081122-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
      SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
      c:\$recycle.bin\S-1-5-21-2178082702-2476704759-1086154722-500
      c:\users\Jean\AppData\Local\Microsoft\logman.exe
      c:\users\Jean\AppData\Roaming\esentutl.exe
      c:\users\Jean\AppData\Roaming\inst.exe

      .
      ((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
      .

      2009-07-15 18:40 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
      2009-07-15 18:40 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
      2009-07-15 18:40 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
      2009-07-15 18:40 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
      2009-07-13 09:03 . 2009-07-13 09:03 -------- d-----w- c:\program files\WinXcopy
      2009-07-13 09:03 . 2009-07-13 09:04 290816 ------w- c:\windows\Setup1.exe
      2009-07-13 09:03 . 2009-07-13 09:04 74752 ----a-w- c:\windows\ST6UNST.EXE
      2009-07-12 19:26 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
      2009-07-12 19:25 . 2009-07-12 19:25 -------- d-----w- c:\program files\Panda Security
      2009-07-12 17:48 . 2009-07-17 18:43 -------- d-----w- c:\program files\trend micro
      2009-07-12 13:54 . 2009-07-12 13:54 -------- d-----w- c:\users\Jean\AppData\Roaming\Malwarebytes
      2009-07-12 13:54 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-07-12 13:54 . 2009-07-12 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-07-12 13:54 . 2009-07-12 13:54 -------- d-----w- c:\programdata\Malwarebytes
      2009-07-12 13:54 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-07-05 13:11 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
      2009-07-05 13:11 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
      2009-07-05 13:11 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
      2009-07-05 13:11 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
      2009-07-05 13:11 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
      2009-07-05 13:11 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
      2009-07-05 13:11 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
      2009-07-05 13:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
      2009-07-05 13:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
      2009-07-05 13:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
      2009-07-05 13:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
      2009-07-05 13:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
      2009-07-05 13:01 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
      2009-07-05 13:01 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
      2009-06-27 09:46 . 2009-06-27 12:59 -------- d-----w- c:\program files\Free PDF to Word Converter

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-07-17 19:43 . 2008-03-12 19:37 -------- d-----w- c:\users\Jean\AppData\Roaming\DNA
      2009-07-17 18:13 . 2008-03-12 19:37 -------- d-----w- c:\program files\DNA
      2009-07-17 18:11 . 2008-10-04 09:56 12 ----a-w- c:\windows\bthservsdp.dat
      2009-07-14 14:46 . 2007-10-06 04:41 696560 ----a-w- c:\windows\system32\perfh00C.dat
      2009-07-14 14:46 . 2007-10-06 04:41 135414 ----a-w- c:\windows\system32\perfc00C.dat
      2009-07-12 09:10 . 2007-07-14 11:24 -------- d-----w- c:\program files\eMule
      2009-07-11 18:57 . 2007-07-06 21:06 -------- d-----w- c:\users\Jean\AppData\Roaming\OpenOffice.org2
      2009-07-05 12:46 . 2008-03-24 13:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
      2009-07-05 12:46 . 2008-04-16 20:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
      2009-07-05 12:46 . 2008-04-16 20:46 -------- d-----w- c:\program files\CCleaner
      2009-06-28 20:22 . 2007-10-20 20:32 -------- d-----w- c:\users\Jean\AppData\Roaming\BitTorrent
      2009-06-28 12:16 . 2007-11-24 17:29 -------- d-----w- c:\users\Jean\AppData\Roaming\uTorrent
      2009-06-22 18:43 . 2007-10-05 19:35 89032 ----a-w- c:\users\Jean\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-06-14 14:13 . 2009-06-14 14:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
      2009-04-23 12:43 . 2009-06-09 19:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
      2009-04-23 12:42 . 2009-06-09 19:02 636928 ----a-w- c:\windows\system32\localspl.dll
      2009-04-22 17:13 . 2009-04-25 15:03 98304 ----a-w- c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
      2009-04-22 17:13 . 2009-04-25 15:03 77824 ----a-w- c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
      2009-04-21 11:55 . 2009-06-09 19:02 2033152 ----a-w- c:\windows\system32\win32k.sys
      2009-06-14 14:31 . 2008-11-11 09:52 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
      2008-07-01 19:34 . 2008-01-17 21:43 120 --sha-w- c:\windows\SAA4FA431(68).tmp
      2008-07-01 19:34 . 2008-01-17 21:43 120 --sh--w- c:\windows\SAA4FA431.tmp
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
      "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
      "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-14 342848]
      "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
      "Google Update"="c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
      "Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-12-11 1588224]
      "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-14 144792]
      "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-28 185896]
      "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
      "Fnac"="c:\program files\Fnac\Fnac.exe" [2007-12-19 532480]
      "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
      "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-05 90191]
      "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-05 7766016]
      "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-05 81920]
      "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
      "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-28 809488]
      Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
      PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-11-11 2641920]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "FirewallOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{88D34B81-BEE3-46A8-B99B-1D96EBC7A8C9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
      "{E86F1332-731F-46A7-AD53-3765EBACD8F5}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
      "{66552806-F023-48A8-82AF-DF9AD33210DB}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
      "{F7E8119C-9F65-4045-95FA-B5862450277D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
      "{E4F55524-55BC-4C5E-BF58-8EDD8628CFA4}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
      "{FBCACC41-A589-49B4-89E5-64E8A375E10A}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
      "{5DBF9C3D-F053-42CA-9520-05098D6766BA}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
      "{82E17566-6BC8-41A1-80BC-DDD5820F0422}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
      "{8D2B03A3-7699-41A5-8661-2067389558C9}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
      "{5103364A-5832-4BF5-8FE1-C5D57E1EEE0F}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
      "{8561F4F1-E71D-438A-8BF4-219A26687B5C}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
      "{2FAD515C-5E15-4319-8634-439E790F0C54}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
      "{95EDE2BC-FA69-453C-BDD4-D0364B182788}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
      "{4626F8DD-C43A-4332-8E64-C04C4E21FB91}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
      "{26CDA29F-E1E5-4387-BD4D-098AA44A2173}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
      "{53D3B170-8BE3-402E-BB6A-7FAA2C66B47C}"= UDP:c:\users\Jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CADBV6I5\utorrent[1].exe:µTorrent
      "{053F7908-1A6B-4730-A7F8-60402691727D}"= TCP:c:\users\Jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CADBV6I5\utorrent[1].exe:µTorrent
      "{B874C25B-66B1-497D-B39D-A03A9728DB4B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
      "{3F9662F8-559C-4DE6-B037-8212BB7B2989}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
      "{FBC8E32E-EC2D-4259-BCF3-EACAA85CB4DD}"= UDP:c:\program files\DNA\btdna.exe:DNA
      "{D507807A-6F91-42D4-B6A6-C31E9E8D6E42}"= TCP:c:\program files\DNA\btdna.exe:DNA
      "{2F04E4EB-7343-4448-B97C-DCC193EBC9B4}"= UDP:c:\program files\DNA\btdna.exe:DNA
      "{37B1CC64-BD31-4013-BAFB-86CFB8DB49B1}"= TCP:c:\program files\DNA\btdna.exe:DNA
      "{B693CD45-C8FB-488D-82CB-8F9ECC69C700}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
      "{03FB8C89-D190-4C81-B4EC-616131AD5BB4}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
      "{F1728F07-7CDE-41CC-A92E-77890C054B04}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
      "{470F1BD3-1FE9-41EC-A5D5-5918F91510DA}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
      "{D9729C28-742A-4163-A669-3284D3372D43}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
      "{4204B7CE-4619-41E0-B91F-C6C46BFF980E}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
      "{FD422A5F-8CEE-41EE-A051-34A826504DF0}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
      "{DCF3D3F3-B06C-4A7B-A782-E4BEC5641297}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
      "{ABCEA834-DF78-4226-B2CC-EDA6F2AB6624}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
      "{B5621BB1-821B-439D-9FAF-23F177F46F44}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
      "{3BE48DFA-0614-47BF-BFE7-9F1691FBC6DF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
      "{943B9725-EC8E-4178-910A-0C5E7A88E9D3}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
      "{589CA08F-916D-4E15-AEE2-4AA7A0A5174B}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
      "{3EAC17CE-BFF7-467A-803F-8DF17595EABB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{59E6A67F-11BD-4BC1-883E-768B3B3C848E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{7695FA38-8942-4E1D-8C05-CD9DD0176652}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
      "{BDFF9BF9-3F5F-41E2-A28C-3941E2509899}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
      "{3C8CB4DF-E476-4957-9290-4448139FC4A1}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{F93199C7-2C84-4D96-B689-51A91EC40742}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{1EF8C560-8F14-4656-AB5F-F2A5BDBE8A35}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{DC608CE6-A334-49FF-B0A8-9463F864F259}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{11EDA4A9-92EE-42A5-98E5-60EB30E407B2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{F6F97FB6-7B9B-402B-A5E6-93172963A121}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{C93AE066-86F7-4837-B6C6-DC748D4E2018}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{D65A2AF7-C57C-4838-A691-5444034EA41C}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{731BCA8E-ADAB-4A95-B0ED-20206B0E28F8}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{A7C1D1DE-E6A7-4B7D-BBAF-4FB566B0695E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{51C68ACD-481E-4222-8905-61576104AA41}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{E8F5430E-87B0-41A2-98D1-F9F974002819}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{DFF236EC-A025-4628-9D9A-40E3E816B873}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{973AAAA4-CC76-467F-A677-D443DD14F6A2}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
      "{248ED3EB-6BDF-4C63-B9F7-6DE0E3AC22BE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
      "{BC70A8C8-058A-4CBE-96EB-DC88E5C67A58}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
      "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

      R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/07/2009 21:26 28544]
      R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/04/2008 20:59 114768]
      R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/04/2008 20:59 20560]
      R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [13/07/2007 18:42 51792]
      R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24/03/2008 15:07 1153368]
      R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
      R3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [09/03/2009 21:54 23096]
      R3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [09/03/2009 21:54 3768]
      S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01/02/2008 15:17 138112]
      S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01/02/2008 15:17 8320]
      S4 SoundMovieServer;SoundMovieServer;c:\windows\System32\snmvtsvc.exe [09/03/2009 21:54 200704]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      WindowsMobile REG_MULTI_SZ wcescomm rapimgr
      LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
      bthsvcs REG_MULTI_SZ BthServ

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
      c:\program files\PixiePack Codec Pack\InstallerHelper.exe
      .
      Contents of the 'Scheduled Tasks' folder

      2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867760560-3019104783-3571434441-1000Core.job
      - c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 14:51]

      2009-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867760560-3019104783-3571434441-1000UA.job
      - c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 14:51]

      2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{6D9A1A29-7152-457C-A827-BCEB8FCAB778}.job
      - c:\windows\system32\msfeedssync.exe [2009-07-05 11:31]

      2009-07-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
      - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-mgqwa - c:\users\jean\appdata\local\mgqwa.exe
      HKU-Default-Explorer_Run-MstInit - c:\windows\mstinit.exe


      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.fr/
      uInternet Settings,ProxyOverride = *.local
      IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
      IE: E&xporter vers Microsoft Excel
      IE: Envoyer au périphérique &Bluetooth...
      IE: Envoyer l'&image au périphérique Bluetooth...
      DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
      FF - ProfilePath - c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\
      FF - prefs.js: browser.search.selectedEngine - Google
      FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/|https://portail.free.fr/
      FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll
      FF - component: c:\program files\Copernic Desktop Search 2\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
      FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
      FF - component: c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
      FF - component: c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
      FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
      FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
      FF - plugin: c:\users\Jean\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-07-17 21:46
      Windows 6.0.6001 Service Pack 1 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,28,b9,c6,89,de,
      9e,a7,7b,e2,63,26,f1,3f,c8,ff,68,10,ca,ab,be,7e,d2,59,c7,e2,63,26,f1,3f,c8,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,58,44,68,b3,4e,
      68,9b,f9,6a,9c,d6,61,af,45,84,18,2a,cd,38,7f,6f,cd,fd,ac,6a,9c,d6,61,af,45,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2a,9c,62,c9,72,
      88,2d,9f,ff,7c,85,e0,43,d4,0e,fe,d4,6f,6a,66,0a,e8,3e,54,ff,7c,85,e0,43,d4,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,49,f5,22,7c,5d,
      43,73,10,86,8c,21,01,be,91,eb,e7,e8,b1,91,61,b3,63,9c,d4,86,8c,21,01,be,91,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,58,26,fd,8c,5a,
      81,0a,42,f5,1d,4d,73,a8,13,5c,05,3e,06,6d,56,b8,2c,c9,27,f5,1d,4d,73,a8,13,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,a5,ab,85,a5,75,
      db,64,f4,df,20,58,62,78,6b,cf,c8,16,61,fa,07,87,6f,ac,01,df,20,58,62,78,6b,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,62,5f,46,4b,2f,
      28,bd,fc,fb,a7,78,e6,12,2f,9a,ea,a8,f5,58,d0,13,08,eb,81,fb,a7,78,e6,12,2f,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,77,54,ef,fd,07,
      6a,64,2e,01,3a,48,fc,e8,04,4a,f1,53,ff,b0,62,b0,43,9b,c5,01,3a,48,fc,e8,04,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f6,10,1b,d7,57,
      2f,98,9f,f6,0f,4e,58,98,5b,89,c9,08,0c,b3,cf,7b,aa,69,4d,f6,0f,4e,58,98,5b,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ce,d6,3b,9f,fe,
      e6,5c,ef,3d,ce,ea,26,2d,45,aa,78,60,18,10,7c,20,bc,bd,a6,3d,ce,ea,26,2d,45,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,2c,e8,bd,68,e7,
      a4,14,d2,2a,b7,cc,b5,b9,7f,41,e7,9f,a1,6c,8e,d5,10,c1,0a,2a,b7,cc,b5,b9,7f,\

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
      "ThreadingModel"="Apartment"
      @="c:\\Windows\\system32\\OLE32.DLL"
      "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e4,6a,13,14,46,
      ae,bc,69,6c,43,2d,1e,aa,22,2f,9c,03,ce,06,6f,6e,d6,44,f6,6c,43,2d,1e,aa,22,\

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      Completion time: 2009-07-17 21:49
      ComboFix-quarantined-files.txt 2009-07-17 19:49

      Pre-Run: 34 771 795 968 octets libres
      Post-Run: 34 323 841 024 octets libres

      Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
      347 --- E O F --- 2009-07-16 19:03
      0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    et le rapport OTM (otmovit) ????

    puis fais tool cleaner

    puis remets un scan en ligne de chez panda ou kaspersky ou bitdefender
    0
    1. cocojohn
       
      Otmovit plante. Pas de rapport de dispo
      Désolé
      0
    2. cocojohn
       
      Bonjour
      Ai relancé une analyse complète puis exécuté OTM avec les "files" indiqués et en reprenant la structure proposée, dont voici le rapport (pas de plantage cette fois). A la fin de l'analyse il a fallu rebooter le PC
      En espérant que c'est exploitable


      All processes killed
      ========== PROCESSES ==========
      No active process named explorer.exe was found!
      ========== FILES ==========
      C:\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen\lc4setup.exe moved successfully.
      File/Folder C:\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen.zip[lc4setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\BitDefender\BitDefender.Internet.Security.v10.FR.Incl-Keygen.rar[Keygen\keygen.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe] not found.
      C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe moved successfully.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe] not found.
      File/Folder C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe] not found.
      C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe moved successfully.
      ========== COMMANDS ==========

      [EMPTYTEMP]

      User: All Users

      User: Default
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Default User
      ->Temp folder emptied: 0 bytes
      ->Temporary Internet Files folder emptied: 0 bytes

      User: Jean
      File delete failed. C:\Users\Jean\AppData\Local\Temp\ee366d2b2e4ede8287de879e85a0dcc2PSK_PLUGINS_0 scheduled to be deleted on reboot.
      File delete failed. C:\Users\Jean\AppData\Local\Temp\~DFBA7A.tmp scheduled to be deleted on reboot.
      ->Temp folder emptied: 65021506 bytes
      ->Temporary Internet Files folder emptied: 10888702 bytes
      ->Java cache emptied: 3216733 bytes
      ->FireFox cache emptied: 60030348 bytes
      ->Google Chrome cache emptied: 10220569 bytes

      User: Public

      %systemdrive% .tmp files removed: 0 bytes
      C:\Windows\msdownld.tmp folder deleted successfully.
      File delete failed. C:\Windows\SAA4FA431.tmp scheduled to be deleted on reboot.
      %systemroot% .tmp files removed: 240 bytes
      %systemroot%\System32 .tmp files removed: 0 bytes
      File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
      Windows Temp folder emptied: 1192 bytes
      RecycleBin emptied: 0 bytes

      Total Files Cleaned = 142,46 mb


      OTM by OldTimer - Version 3.0.0.5 log created on 07182009_073319

      Files moved on Reboot...
      C:\Users\Jean\AppData\Local\Temp\ee366d2b2e4ede8287de879e85a0dcc2PSK_PLUGINS_0 moved successfully.
      C:\Users\Jean\AppData\Local\Temp\~DFBA7A.tmp moved successfully.
      File move failed. C:\Windows\SAA4FA431.tmp scheduled to be moved on reboot.
      File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

      Registry entries deleted on Reboot...
      0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour vérifier ton pc:

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    0
    1. cocojohn
       
      Bonjour

      Voici le résultat du scan

      Cdt

      ;***********************************************************************************************************************************************************************************
      ANALYSIS: 2009-07-18 13:34:44
      PROTECTIONS: 4
      MALWARE: 23
      SUSPECTS: 29
      ;***********************************************************************************************************************************************************************************
      PROTECTIONS
      Description Version Active Updated
      ;===================================================================================================================================================================================
      avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 Yes Yes
      Spybot - Search and Destroy 1.0.0.6 No No
      Windows Defender 1.1.1505.0 No Yes
      avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 No Yes
      ;===================================================================================================================================================================================
      MALWARE
      Id Description Type Active Severity Disinfectable Disinfected Location
      ;===================================================================================================================================================================================
      00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[2].txt
      00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[1].txt
      00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@com[1].txt
      00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@yadro[2].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[1].txt
      00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[2].txt
      00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@ad.yieldmanager[2].txt
      00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@serving-sys[1].txt
      00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@bs.serving-sys[2].txt
      00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@weborama[2].txt
      00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[3].txt
      00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[1].txt
      00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@overture[1].txt
      00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@questionmarket[1].txt
      00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@smartadserver[2].txt
      00521110 Hacktool/Passview.T HackTools No 1 Yes No C:\Users\Jean\Documents\web\Protected_Storage_Passview\pspv.zip[pspv.exe]
      01228695 Adware/Gator Adware No 0 No No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe[data\divx5\0\DivXPro502GAINBundle.exe]
      01650300 HackTool/Samdump HackTools No 0 Yes No C:\Users\Jean\Documents\web\ophcrack-win32-installer-2.3.4.exe
      02002069 Adware/Gator Adware No 0 Yes No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe
      02384575 Trj/Banker.JER Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Philips Car Radio Decoding Software\Philips Car Radio Decoding Software\Ccr600 v1.2.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.0.exe
      03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Daewoo Car Radio Decoding Software\DAEWOO Serials Calculator v1.00.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.00.exe
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Excel_password\ae2000pr.exe
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Excel_password\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe]
      03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Donnees\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
      03263573 Trj/Inject.K Virus/Trojan No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe]
      03263573 Trj/Inject.K Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe
      03727302 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE[C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE][is156383.exe]
      03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
      03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
      03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
      03918956 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\VNC\Real.VNC.Enterprise.Edition.v4.1.9.Incl.Keymaker-ZWT.zip[zwt.rar][keygen.exe]
      03918998 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Abby Convert PDF\keygen\keygen.exe
      03918998 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Abby Convert PDF\ABBYY PDF Transformer v2.0 - Mr1000 + keygen.rar[keygen\keygen.exe]
      ;===================================================================================================================================================================================
      SUSPECTS
      Sent Location
      ;===================================================================================================================================================================================
      No C:\Program Files\Radio Decoder\Ford\Ford ALC.exe
      No C:\Qoobox\Quarantine\C\Users\Jean\AppData\Local\Microsoft\logman.exe.vir
      No C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\esentutl.exe.vir
      No C:\Users\Jean\Documents\Downloads\Radio Codes2 and DVD Unlocking Codes.zip[radio-decode-softwares.zip][Radio Decode Package/Ford/Ford A,L & C Series.exe]
      No C:\Users\Jean\Documents\Downloads\Western Europe 825 2159\Map Cracker\tt8_keygen.exe
      No C:\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen.zip[lc4setup.exe]
      No C:\Users\Jean\Documents\web\BitDefender\BitDefender.Internet.Security.v10.FR.Incl-Keygen.rar[Keygen\keygen.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR[setup.exe]
      No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip[setup.exe]
      No C:\Users\Jean\Documents\web\Password Brute Force Fast Win NT,XP,2K L0phtCrack4.0 + crack\lc4setup.exe
      No C:\_OTM\MovedFiles\07182009_073319\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen\lc4setup.exe
      No C:\_OTM\MovedFiles\07182009_073319\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe
      No C:\_OTM\MovedFiles\07182009_073319\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe
      No D:\Donnees\TomTom_Carte\Western Europe 825 2159\Map Cracker\tt8_keygen.exe
      No D:\Map_Cracker\tt8_keygen.exe
      No D:\Donnees\Recherche_Cle-WEP\WinAircrackPack\WinAircrack.exe
      No D:\Donnees\Recherche_Cle-WEP\WinAircrackPack.rar[WinAircrackPack\WinAircrack.exe]
      ;===================================================================================================================================================================================
      VULNERABILITIES
      Id Severity Description
      ;===================================================================================================================================================================================
      ;===================================================================================================================================================================================
      0
    2. cocojohn Messages postés 1 Statut Membre
       
      Bonsoir

      Y a t-il une suite à toute cette analyse?

      Merci de votre retour

      Cdt
      0