Cheval de troie détecté par Avast

Bonjour
Voici le résultat de l'analyse

Cordialement



*** Recherche dossiers dans "c:\users\jean\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Jean\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\Jean\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\Jean\AppData\Roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Jean\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Jean\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mgqwa"="\"c:\\users\\jean\\appdata\\local\\mgqwa.exe\" mgqwa"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Jean\AppData\Local\Microsoft" :


* Dans "C:\Users\Jean\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 12/07/2009 à 17:58:07,82 ***

Bonjour Pedro

Ci joint le rapport après avoir suivi tes conseils
Après reboot du PC je n'ai plus de message d'alerte

Je te tiens informé de la suite
Cordialement
Jean


Le rapport :


alwarebytes' Anti-Malware 1.38
Version de la base de données: 2412
Windows 6.0.6001 Service Pack 1

12/07/2009 17:05:16
mbam-log-2009-07-12 (17-05-16).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 272048
Temps écoulé: 1 hour(s), 8 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mgqwa (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\Jean\documents\web\Alcohol\alcohol 120% fr v1.9.6.5429 (xp_vista) + crack\alcohol 120% fr v1.9.6.5429 (crack)\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jean\documents\web\protected_storage_passview\pspv.exe (Password.Stealer) -> Quarantined and deleted successfully.
d:\Donnees\protected_storage_passview\pspv.exe (Password.Stealer) -> Quarantined and deleted successfully.
c:\Users\Jean\AppData\Roaming\Microsoft\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Jean\Local Settings\Application Data\mqtgsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Bonjour
Ci joint les 3 fichiers

Cordialement


le rapport de Navilog1 avec l'option 2:

Clean Navipromo version 3.7.5 commencé le 12/07/2009 à 19:38:42,24

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 26.02.2009 à 18h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Jean ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 (Activated)


C:\ (Local Disk) - NTFS - Total:225 Go (Free:31 Go)
D:\ (Local Disk) - NTFS - Total:59 Go (Free:44 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\Jean\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\Jean\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\jean\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\Jean\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\Jean\AppData\Local" ***


*** Suppression dossiers dans "C:\Users\Jean\AppData\Roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Jean\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *



* Dans "C:\Users\Jean\AppData\Local\Microsoft" *



* Dans "C:\Users\Jean\AppData\Local" *



*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !


*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 12/07/2009 à 19:43:54,01 ***


Les 2 rapports suivants :

Premier rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jean at 2009-07-12 19:48:18
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 32 GB (14%) free of 231 GB
Total RAM: 2046 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:46, on 12/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Jean\Documents\web\RsiT\RSIT.exe
C:\Program Files\trend micro\Jean.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils Copernic Desktop Search - Home - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Fnac] "C:\Program Files\Fnac\Fnac.exe" /check
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Windows\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Windows\mstinit.exe /waitservice (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\SoundTaxi\YouTubeRipper.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

Bonjour
le resultat de scan en ligne
Cdt

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-13 06:10:22
PROTECTIONS: 4
MALWARE: 41
SUSPECTS: 24
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 Yes Yes
Spybot - Search and Destroy 1.0.0.6 No No
Windows Defender 1.1.1505.0 No Yes
avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00035727 Adware/ClockSync Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe]
00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\TraceTool\excel_tool\WNAddIns.xla
00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\Excel\batch tool.zip[batch tool/WNAddIns.xla]
00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\Excel\batch tool\WNAddIns.xla
00048799 W97M/Generic Virus No 0 Yes No D:\Donnees\TraceTool\excel_tool.zip[WNAddIns.xla]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[1].txt
00154694 Adware/WeatherCast Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVSNInst.exe][VVSN.exe]
00160595 Adware/WeatherCast Adware No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[VVSNInst.exe][VVSNInst.exe]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[3].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@questionmarket[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@smartadserver[2].txt
00361421 Application/MyWay HackTools No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[s4BarSp.exe]
00436936 Trj/Rustock.L Virus/Trojan No 0 Yes No C:\Program Files\Alwil Software\Avast4\DATA\moved\is7771.exe
00521110 Hacktool/Passview.T HackTools No 1 Yes No D:\Donnees\Protected_Storage_Passview\pspv.zip[pspv.exe]
00521110 Hacktool/Passview.T HackTools No 1 Yes No C:\Users\Jean\Documents\web\Protected_Storage_Passview\pspv.zip[pspv.exe]
00958500 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Getright\getrt420.exe
00967264 Trj/Agent.MFH Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\sld_codec\sld.codec.pack.2.2.exe
01228695 Adware/Gator Adware No 0 No No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe[data\divx5\0\DivXPro502GAINBundle.exe]
01264355 Trj/Banker.SW Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Codec\Cdvd.exe[Capthumb.dll]
01465830 Trj/Sinowal.WIM Virus/Trojan No 0 Yes No C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\545B159B-00001D1B.eml[ecard.zip][ecard.exe]
01465830 Trj/Sinowal.WIM Virus/Trojan No 0 Yes No C:\Users\Jean\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0CBC65E6-00001D20.eml[ecard.zip][ecard.exe]
01650300 HackTool/Samdump HackTools No 0 Yes No C:\Users\Jean\Documents\web\ophcrack-win32-installer-2.3.4.exe
02002069 Adware/Gator Adware No 0 Yes No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe
02384575 Trj/Banker.JER Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Philips Ccr600 CAR400 MK1\Ccr600 CAR400 MK1.exe
02384575 Trj/Banker.JER Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Philips Car Radio Decoding Software\Philips Car Radio Decoding Software\Ccr600 v1.2.exe]
02384575 Trj/Banker.JER Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Philips Ccr600 CAR400 MK1/Ccr600 CAR400 MK1.exe]
02918743 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][manager.exe]
02918748 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hosts.exe]
02918751 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][irc\irc.exe]
02924054 Adware/AccesMembre Adware No 0 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][downloader\downloader.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.00.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-1000\$R3EA9MB\crack.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.0.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\$Recycle.Bin\S-1-5-21-867760560-3019104783-3571434441-1000\$RMW6KDZ.zip[crack.exe]
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Daewoo Car Radio Decoding Software\DAEWOO Serials Calculator v1.00.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.0.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/Programs/Daewoo Serials Calculator 1.00.exe]
03263573 Trj/Inject.K Virus/Trojan No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe]
03263573 Trj/Inject.K Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe
03433835 W32/Mytob.QL.worm Virus No 1 Yes No C:\Users\Jean\Documents\web\IePV\iepv.exe
03433835 W32/Mytob.QL.worm Virus No 1 Yes No C:\Users\Jean\Documents\web\IePV\iepv_fr.zip[iepv.exe]
03495586 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Radio Codes2 and DVD Unlocking Codes.zip[radio-decode-softwares.zip][Radio Decode Package/Blaupunkt/Blaupunkt v1.0.exe]
03495586 Generic Trojan Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/More Blaupunkt/BPcalc v1[1].0 .exe]
03727302 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE[C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE][is156383.exe]
03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
03918956 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\VNC\Real.VNC.Enterprise.Edition.v4.1.9.Incl.Keymaker-ZWT.zip[zwt.rar][keygen.exe]
03918998 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Abby Convert PDF\ABBYY PDF Transformer v2.0 - Mr1000 + keygen.rar[keygen\keygen.exe]
03918998 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Abby Convert PDF\keygen\keygen.exe
04010329 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\CAR.RADIO.CALCULATOR.zip[CAR.RADIO.CALCULATOR/final2.dat][hosts\hostsmon.exe]
05205981 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Navilog1\Backupnavi\mgqwa.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location lo�p�+�9

;===================================================================================================================================================================================
No C:\Program Files\Navilog1\gnc.exe lo�p�+�9

No C:\Users\Jean\AppData\Local\Microsoft\logman.exe lo�p�+�9

No C:\Users\Jean\AppData\Roaming\esentutl.exe lo�p�+�9

No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe lo�p�+�9

No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\ae2000pr.exe lo�p�+�9

No D:\Donnees\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe] lo�p�+�9

;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description lo�p�+�9

;===================================================================================================================================================================================
;===================================================================================================================================================================================

Bonsoir
Tout à l'air de bien fonctionner.
Y a t-il une suite ou des recommandations particulères

Merci d'avance pour votre aide
Cdt

Bonsoir
Voici le résultat de ComboFix
Cdt


omboFix 09-07-14.08 - Jean 17/07/2009 21:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2046.1150 [GMT 2:00]
Running from: c:\users\Jean\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081122-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1290 [VPS 081122-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2178082702-2476704759-1086154722-500
c:\users\Jean\AppData\Local\Microsoft\logman.exe
c:\users\Jean\AppData\Roaming\esentutl.exe
c:\users\Jean\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-15 18:40 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 18:40 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 18:40 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 18:40 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 09:03 . 2009-07-13 09:03 -------- d-----w- c:\program files\WinXcopy
2009-07-13 09:03 . 2009-07-13 09:04 290816 ------w- c:\windows\Setup1.exe
2009-07-13 09:03 . 2009-07-13 09:04 74752 ----a-w- c:\windows\ST6UNST.EXE
2009-07-12 19:26 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-12 19:25 . 2009-07-12 19:25 -------- d-----w- c:\program files\Panda Security
2009-07-12 17:48 . 2009-07-17 18:43 -------- d-----w- c:\program files\trend micro
2009-07-12 13:54 . 2009-07-12 13:54 -------- d-----w- c:\users\Jean\AppData\Roaming\Malwarebytes
2009-07-12 13:54 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-12 13:54 . 2009-07-12 13:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-12 13:54 . 2009-07-12 13:54 -------- d-----w- c:\programdata\Malwarebytes
2009-07-12 13:54 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 13:11 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-05 13:11 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-05 13:11 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-05 13:11 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-05 13:11 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-05 13:11 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-05 13:11 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-05 13:03 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-05 13:03 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-05 13:03 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-05 13:02 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-05 13:02 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-05 13:01 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-05 13:01 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 09:46 . 2009-06-27 12:59 -------- d-----w- c:\program files\Free PDF to Word Converter

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 19:43 . 2008-03-12 19:37 -------- d-----w- c:\users\Jean\AppData\Roaming\DNA
2009-07-17 18:13 . 2008-03-12 19:37 -------- d-----w- c:\program files\DNA
2009-07-17 18:11 . 2008-10-04 09:56 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-14 14:46 . 2007-10-06 04:41 696560 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-14 14:46 . 2007-10-06 04:41 135414 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-12 09:10 . 2007-07-14 11:24 -------- d-----w- c:\program files\eMule
2009-07-11 18:57 . 2007-07-06 21:06 -------- d-----w- c:\users\Jean\AppData\Roaming\OpenOffice.org2
2009-07-05 12:46 . 2008-03-24 13:07 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-05 12:46 . 2008-04-16 20:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-05 12:46 . 2008-04-16 20:46 -------- d-----w- c:\program files\CCleaner
2009-06-28 20:22 . 2007-10-20 20:32 -------- d-----w- c:\users\Jean\AppData\Roaming\BitTorrent
2009-06-28 12:16 . 2007-11-24 17:29 -------- d-----w- c:\users\Jean\AppData\Roaming\uTorrent
2009-06-22 18:43 . 2007-10-05 19:35 89032 ----a-w- c:\users\Jean\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-14 14:13 . 2009-06-14 14:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-04-23 12:43 . 2009-06-09 19:02 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-09 19:02 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 17:13 . 2009-04-25 15:03 98304 ----a-w- c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-22 17:13 . 2009-04-25 15:03 77824 ----a-w- c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-04-21 11:55 . 2009-06-09 19:02 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-14 14:31 . 2008-11-11 09:52 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-07-01 19:34 . 2008-01-17 21:43 120 --sha-w- c:\windows\SAA4FA431(68).tmp
2008-07-01 19:34 . 2008-01-17 21:43 120 --sh--w- c:\windows\SAA4FA431.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-14 342848]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"Google Update"="c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-05 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-12-11 1588224]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-14 144792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-28 185896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Fnac"="c:\program files\Fnac\Fnac.exe" [2007-12-19 532480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-05 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-05 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-05 81920]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-12-29 4317184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-12 723496]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-28 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-11-11 2641920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{88D34B81-BEE3-46A8-B99B-1D96EBC7A8C9}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{E86F1332-731F-46A7-AD53-3765EBACD8F5}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{66552806-F023-48A8-82AF-DF9AD33210DB}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{F7E8119C-9F65-4045-95FA-B5862450277D}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{E4F55524-55BC-4C5E-BF58-8EDD8628CFA4}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{FBCACC41-A589-49B4-89E5-64E8A375E10A}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{5DBF9C3D-F053-42CA-9520-05098D6766BA}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{82E17566-6BC8-41A1-80BC-DDD5820F0422}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{8D2B03A3-7699-41A5-8661-2067389558C9}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{5103364A-5832-4BF5-8FE1-C5D57E1EEE0F}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{8561F4F1-E71D-438A-8BF4-219A26687B5C}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{2FAD515C-5E15-4319-8634-439E790F0C54}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{95EDE2BC-FA69-453C-BDD4-D0364B182788}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{4626F8DD-C43A-4332-8E64-C04C4E21FB91}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{26CDA29F-E1E5-4387-BD4D-098AA44A2173}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{53D3B170-8BE3-402E-BB6A-7FAA2C66B47C}"= UDP:c:\users\Jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CADBV6I5\utorrent[1].exe:µTorrent
"{053F7908-1A6B-4730-A7F8-60402691727D}"= TCP:c:\users\Jean\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CADBV6I5\utorrent[1].exe:µTorrent
"{B874C25B-66B1-497D-B39D-A03A9728DB4B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{3F9662F8-559C-4DE6-B037-8212BB7B2989}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{FBC8E32E-EC2D-4259-BCF3-EACAA85CB4DD}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{D507807A-6F91-42D4-B6A6-C31E9E8D6E42}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{2F04E4EB-7343-4448-B97C-DCC193EBC9B4}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{37B1CC64-BD31-4013-BAFB-86CFB8DB49B1}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{B693CD45-C8FB-488D-82CB-8F9ECC69C700}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{03FB8C89-D190-4C81-B4EC-616131AD5BB4}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{F1728F07-7CDE-41CC-A92E-77890C054B04}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{470F1BD3-1FE9-41EC-A5D5-5918F91510DA}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{D9729C28-742A-4163-A669-3284D3372D43}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{4204B7CE-4619-41E0-B91F-C6C46BFF980E}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{FD422A5F-8CEE-41EE-A051-34A826504DF0}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{DCF3D3F3-B06C-4A7B-A782-E4BEC5641297}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{ABCEA834-DF78-4226-B2CC-EDA6F2AB6624}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{B5621BB1-821B-439D-9FAF-23F177F46F44}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{3BE48DFA-0614-47BF-BFE7-9F1691FBC6DF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{943B9725-EC8E-4178-910A-0C5E7A88E9D3}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{589CA08F-916D-4E15-AEE2-4AA7A0A5174B}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{3EAC17CE-BFF7-467A-803F-8DF17595EABB}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{59E6A67F-11BD-4BC1-883E-768B3B3C848E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{7695FA38-8942-4E1D-8C05-CD9DD0176652}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDFF9BF9-3F5F-41E2-A28C-3941E2509899}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3C8CB4DF-E476-4957-9290-4448139FC4A1}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F93199C7-2C84-4D96-B689-51A91EC40742}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{1EF8C560-8F14-4656-AB5F-F2A5BDBE8A35}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{DC608CE6-A334-49FF-B0A8-9463F864F259}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{11EDA4A9-92EE-42A5-98E5-60EB30E407B2}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F6F97FB6-7B9B-402B-A5E6-93172963A121}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{C93AE066-86F7-4837-B6C6-DC748D4E2018}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D65A2AF7-C57C-4838-A691-5444034EA41C}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{731BCA8E-ADAB-4A95-B0ED-20206B0E28F8}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A7C1D1DE-E6A7-4B7D-BBAF-4FB566B0695E}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{51C68ACD-481E-4222-8905-61576104AA41}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E8F5430E-87B0-41A2-98D1-F9F974002819}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{DFF236EC-A025-4628-9D9A-40E3E816B873}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{973AAAA4-CC76-467F-A677-D443DD14F6A2}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{248ED3EB-6BDF-4C63-B9F7-6DE0E3AC22BE}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{BC70A8C8-058A-4CBE-96EB-DC88E5C67A58}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [12/07/2009 21:26 28544]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [02/04/2008 20:59 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [02/04/2008 20:59 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [13/07/2007 18:42 51792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [24/03/2008 15:07 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 12:38 92008]
R3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [09/03/2009 21:54 23096]
R3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [09/03/2009 21:54 3768]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [01/02/2008 15:17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [01/02/2008 15:17 8320]
S4 SoundMovieServer;SoundMovieServer;c:\windows\System32\snmvtsvc.exe [09/03/2009 21:54 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867760560-3019104783-3571434441-1000Core.job
- c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 14:51]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-867760560-3019104783-3571434441-1000UA.job
- c:\users\Jean\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-05 14:51]

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{6D9A1A29-7152-457C-A827-BCEB8FCAB778}.job
- c:\windows\system32\msfeedssync.exe [2009-07-05 11:31]

2009-07-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-mgqwa - c:\users\jean\appdata\local\mgqwa.exe
HKU-Default-Explorer_Run-MstInit - c:\windows\mstinit.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporter vers Microsoft Excel
IE: Envoyer au périphérique &Bluetooth...
IE: Envoyer l'&image au périphérique Bluetooth...
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
FF - ProfilePath - c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/|https://portail.free.fr/
FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: c:\program files\Copernic Desktop Search 2\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - component: c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\users\Jean\AppData\Roaming\Mozilla\Firefox\Profiles\sr2ln9zv.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\users\Jean\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 21:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,28,b9,c6,89,de,
9e,a7,7b,e2,63,26,f1,3f,c8,ff,68,10,ca,ab,be,7e,d2,59,c7,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,58,44,68,b3,4e,
68,9b,f9,6a,9c,d6,61,af,45,84,18,2a,cd,38,7f,6f,cd,fd,ac,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2a,9c,62,c9,72,
88,2d,9f,ff,7c,85,e0,43,d4,0e,fe,d4,6f,6a,66,0a,e8,3e,54,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,49,f5,22,7c,5d,
43,73,10,86,8c,21,01,be,91,eb,e7,e8,b1,91,61,b3,63,9c,d4,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,58,26,fd,8c,5a,
81,0a,42,f5,1d,4d,73,a8,13,5c,05,3e,06,6d,56,b8,2c,c9,27,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,a5,ab,85,a5,75,
db,64,f4,df,20,58,62,78,6b,cf,c8,16,61,fa,07,87,6f,ac,01,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,62,5f,46,4b,2f,
28,bd,fc,fb,a7,78,e6,12,2f,9a,ea,a8,f5,58,d0,13,08,eb,81,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,77,54,ef,fd,07,
6a,64,2e,01,3a,48,fc,e8,04,4a,f1,53,ff,b0,62,b0,43,9b,c5,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f6,10,1b,d7,57,
2f,98,9f,f6,0f,4e,58,98,5b,89,c9,08,0c,b3,cf,7b,aa,69,4d,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,ce,d6,3b,9f,fe,
e6,5c,ef,3d,ce,ea,26,2d,45,aa,78,60,18,10,7c,20,bc,bd,a6,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,2c,e8,bd,68,e7,
a4,14,d2,2a,b7,cc,b5,b9,7f,41,e7,9f,a1,6c,8e,d5,10,c1,0a,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,e4,6a,13,14,46,
ae,bc,69,6c,43,2d,1e,aa,22,2f,9c,03,ce,06,6f,6e,d6,44,f6,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-17 21:49
ComboFix-quarantined-files.txt 2009-07-17 19:49

Pre-Run: 34 771 795 968 octets libres
Post-Run: 34 323 841 024 octets libres

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
347 --- E O F --- 2009-07-16 19:03

Otmovit plante. Pas de rapport de dispo
Désolé

Bonjour
Ai relancé une analyse complète puis exécuté OTM avec les "files" indiqués et en reprenant la structure proposée, dont voici le rapport (pas de plantage cette fois). A la fin de l'analyse il a fallu rebooter le PC
En espérant que c'est exploitable


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen\lc4setup.exe moved successfully.
File/Folder C:\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen.zip[lc4setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\BitDefender\BitDefender.Internet.Security.v10.FR.Incl-Keygen.rar[Keygen\keygen.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe] not found.
C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe moved successfully.
File/Folder C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe] not found.
File/Folder C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe] not found.
C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jean
File delete failed. C:\Users\Jean\AppData\Local\Temp\ee366d2b2e4ede8287de879e85a0dcc2PSK_PLUGINS_0 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jean\AppData\Local\Temp\~DFBA7A.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 65021506 bytes
->Temporary Internet Files folder emptied: 10888702 bytes
->Java cache emptied: 3216733 bytes
->FireFox cache emptied: 60030348 bytes
->Google Chrome cache emptied: 10220569 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
File delete failed. C:\Windows\SAA4FA431.tmp scheduled to be deleted on reboot.
%systemroot% .tmp files removed: 240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied: 1192 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 142,46 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07182009_073319

Files moved on Reboot...
C:\Users\Jean\AppData\Local\Temp\ee366d2b2e4ede8287de879e85a0dcc2PSK_PLUGINS_0 moved successfully.
C:\Users\Jean\AppData\Local\Temp\~DFBA7A.tmp moved successfully.
File move failed. C:\Windows\SAA4FA431.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bonjour

Voici le résultat du scan

Cdt

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-18 13:34:44
PROTECTIONS: 4
MALWARE: 23
SUSPECTS: 29
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 Yes Yes
Spybot - Search and Destroy 1.0.0.6 No No
Windows Defender 1.1.1505.0 No Yes
avast! antivirus 4.8.1290 [VPS 081122-0] 4.8.1290 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@247realmedia[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@yadro[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@xiti[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@ad.yieldmanager[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@bs.serving-sys[2].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@weborama[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[3].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@adtech[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@overture[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@questionmarket[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Jean\AppData\Roaming\Microsoft\Windows\Cookies\jean@smartadserver[2].txt
00521110 Hacktool/Passview.T HackTools No 1 Yes No C:\Users\Jean\Documents\web\Protected_Storage_Passview\pspv.zip[pspv.exe]
01228695 Adware/Gator Adware No 0 No No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe[data\divx5\0\DivXPro502GAINBundle.exe]
01650300 HackTool/Samdump HackTools No 0 Yes No C:\Users\Jean\Documents\web\ophcrack-win32-installer-2.3.4.exe
02002069 Adware/Gator Adware No 0 Yes No C:\Users\Jean\Documents\web\Rippack_DVD_DIVX\Rippackv3beta161.exe
02384575 Trj/Banker.JER Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Philips Car Radio Decoding Software\Philips Car Radio Decoding Software\Ccr600 v1.2.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.0.exe
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\Downloads\Car_Radio_Code_Calculator.eng.rar[Car_Radio_Code_Calculator\Daewoo Car Radio Decoding Software\DAEWOO Serials Calculator v1.00.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Daewoo Serials Calculator 1.00.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Excel_password\ae2000pr.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Excel_password\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
03074964 Trj/CI.A Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\Aqbpr.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No D:\Donnees\Advanced_Excel_2000_Password_Recovery_v1[1].11.zip[ae2000pr.exe]
03263573 Trj/Inject.K Virus/Trojan No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe]
03263573 Trj/Inject.K Virus/Trojan No 1 Yes No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe
03727302 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE[C:\Users\Jean\Documents\Downloads\Car Radio Decoder Pro 2 (Finds all lost codes of your radio)\Decoder Pro 2.EXE][is156383.exe]
03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe[C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0\AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
03840115 Spyware/Virtumonde Spyware No 1 No No C:\Users\Jean\Documents\web\anydvd\AnyDVD & AnyDVD HD 6.4.5.0.rar[AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][AnyDVD & AnyDVD HD 6.4.5.0\SetupAnyDVD6450.exe][IQWKHM~1.EXE]
03918956 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\VNC\Real.VNC.Enterprise.Edition.v4.1.9.Incl.Keymaker-ZWT.zip[zwt.rar][keygen.exe]
03918998 Generic Malware Virus/Trojan No 0 Yes No C:\Users\Jean\Documents\web\Abby Convert PDF\keygen\keygen.exe
03918998 Generic Malware Virus/Trojan No 0 No No C:\Users\Jean\Documents\web\Abby Convert PDF\ABBYY PDF Transformer v2.0 - Mr1000 + keygen.rar[keygen\keygen.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Program Files\Radio Decoder\Ford\Ford ALC.exe
No C:\Qoobox\Quarantine\C\Users\Jean\AppData\Local\Microsoft\logman.exe.vir
No C:\Qoobox\Quarantine\C\Users\Jean\AppData\Roaming\esentutl.exe.vir
No C:\Users\Jean\Documents\Downloads\Radio Codes2 and DVD Unlocking Codes.zip[radio-decode-softwares.zip][Radio Decode Package/Ford/Ford A,L & C Series.exe]
No C:\Users\Jean\Documents\Downloads\Western Europe 825 2159\Map Cracker\tt8_keygen.exe
No C:\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen.zip[lc4setup.exe]
No C:\Users\Jean\Documents\web\BitDefender\BitDefender.Internet.Security.v10.FR.Incl-Keygen.rar[Keygen\keygen.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\Advanced Password Recovery - (Ace, Excel, Pdf, Zip, Icq, Rar, Access, Office, Outlook).rar[AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip][setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced ICQ Password Recovery v1.0\acqpr.zip[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\DISTINCT.RAR[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Outlook Password Recovery v1.11\DISTINCT.RAR[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT\setup.exe
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\DISTINCT.RAR[setup.exe]
No C:\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced QuickBooks Password Recovery v1.05\aqbpr.zip[setup.exe]
No C:\Users\Jean\Documents\web\Password Brute Force Fast Win NT,XP,2K L0phtCrack4.0 + crack\lc4setup.exe
No C:\_OTM\MovedFiles\07182009_073319\Users\Jean\Documents\web\(Cy5) Lc4 - Windows Password Auditing And Recovery Program With Keygen\lc4setup.exe
No C:\_OTM\MovedFiles\07182009_073319\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced Office 2000 Password Recovery v1.02\ao2000pr.exe
No C:\_OTM\MovedFiles\07182009_073319\Users\Jean\Documents\web\Excel_password\AdvPassw\Advanced PDF Password Recovery v1.21\apdfpr.exe
No D:\Donnees\TomTom_Carte\Western Europe 825 2159\Map Cracker\tt8_keygen.exe
No D:\Map_Cracker\tt8_keygen.exe
No D:\Donnees\Recherche_Cle-WEP\WinAircrackPack\WinAircrack.exe
No D:\Donnees\Recherche_Cle-WEP\WinAircrackPack.rar[WinAircrackPack\WinAircrack.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Bonsoir

Y a t-il une suite à toute cette analyse?

Merci de votre retour

Cdt