Mumbly

Après le scan de panda, et la suppression des fichiers adéquats tout à l'ai d'aller bien... Bizarre que hijack ne donnait rien!!! Merci pour le coup de main

Voilà le rapport de combofix .... bonne chance ComboFix 08-05-15.3 - Patrick 2008-05-18 16:59:51.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1836 [GMT 2:00] Endroit: C:\Users\Patrick\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\MSINET.oca I:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))))))) . 2008-05-18 15:56 . 2008-05-18 16:05 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-18 15:56 . 2008-05-18 15:56 1,409 --a------ C:\Windows\QTFont.for 2008-05-18 10:27 . 2008-05-18 10:27 <REP> d-------- C:\Users\All Users\SUPERAntiSpyware.com 2008-05-18 10:27 . 2008-05-18 10:27 <REP> d-------- C:\ProgramData\SUPERAntiSpyware.com 2008-05-18 10:26 . 2008-05-18 10:26 <REP> d-------- C:\Users\Patrick\AppData\Roaming\SUPERAntiSpyware.com 2008-05-18 10:26 . 2008-05-18 16:55 <REP> d-------- C:\Program Files\SUPERAntiSpyware 2008-05-17 14:49 . 2008-05-17 14:49 147,456 --a------ C:\Users\Patrick\VundoFix.exe 2008-05-17 12:40 . 2008-05-17 13:50 <REP> d-------- C:\Program Files\a-squared Free 2008-05-16 20:00 . 2008-05-17 14:25 <REP> d-------- C:\Program Files\Avast4 2008-05-16 20:00 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-05-15 20:58 . 2008-05-15 20:58 <REP> d-------- C:\Users\All Users\Elaborate Bytes 2008-05-15 20:58 . 2008-05-15 20:58 <REP> d-------- C:\ProgramData\Elaborate Bytes 2008-05-15 18:33 . 2008-05-15 18:34 <REP> d-------- C:\Users\All Users\Lavasoft 2008-05-15 18:33 . 2008-05-15 18:34 <REP> d-------- C:\ProgramData\Lavasoft 2008-05-15 18:33 . 2008-05-15 18:33 <REP> d-------- C:\Program Files\Ad-Aware 2007 2008-05-15 18:31 . 2008-05-18 10:26 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-15 18:00 . 2008-05-15 18:01 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Lavasoft 2008-05-13 12:25 . 2008-05-13 14:30 524,288 --ahs---- C:\Users\IUSR_NMPR\NTUSER.DAT{b1df0ebb-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:25 . 2008-05-18 16:03 524,288 --ahs---- C:\Users\IUSR_NMPR\NTUSER.DAT{b1df0ebb-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:25 . 2008-05-18 16:03 65,536 --ahs---- C:\Users\IUSR_NMPR\NTUSER.DAT{b1df0ebb-20bd-11dd-9030-001d9274fd0c}.TM.blf 2008-05-13 12:24 . 2008-05-13 14:30 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1df0eb7-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:24 . 2008-05-18 16:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1df0eb7-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:24 . 2008-05-13 14:30 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{b1df0eb5-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:24 . 2008-05-18 16:03 524,288 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{b1df0eb5-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:24 . 2008-05-13 14:30 524,288 --ahs---- C:\Users\Patrick\NTUSER.DAT{b1df0ebf-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000002.regtrans-ms 2008-05-13 12:24 . 2008-05-18 16:03 524,288 --ahs---- C:\Users\Patrick\NTUSER.DAT{b1df0ebf-20bd-11dd-9030-001d9274fd0c}.TMContainer00000000000000000001.regtrans-ms 2008-05-13 12:24 . 2008-05-18 16:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{b1df0eb7-20bd-11dd-9030-001d9274fd0c}.TM.blf 2008-05-13 12:24 . 2008-05-18 16:03 65,536 --ahs---- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{b1df0eb5-20bd-11dd-9030-001d9274fd0c}.TM.blf 2008-05-13 12:24 . 2008-05-18 16:03 65,536 --ahs---- C:\Users\Patrick\NTUSER.DAT{b1df0ebf-20bd-11dd-9030-001d9274fd0c}.TM.blf 2008-05-13 10:34 . 2008-05-13 10:34 262,144 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.tmp.LOG1 2008-05-13 10:34 . 2008-05-13 10:34 0 --ah----- C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.tmp.LOG2 2008-05-13 10:34 . 2008-05-13 10:34 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.tmp.LOG2 2008-05-13 10:34 . 2008-05-13 10:34 0 --ah----- C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.tmp.LOG1 2008-05-13 10:34 . 2008-05-13 10:34 0 --ah----- C:\Users\IUSR_NMPR\NTUSER.DAT.tmp.LOG2 2008-05-13 10:34 . 2008-05-13 10:34 0 --ah----- C:\Users\IUSR_NMPR\NTUSER.DAT.tmp.LOG1 2008-05-08 16:35 . 2008-05-08 16:35 <REP> d-------- C:\Program Files\Apple Software Update 2008-05-07 16:41 . 2008-05-07 16:41 <REP> d-------- C:\Users\All Users\Disk Cleaner 2008-05-07 16:41 . 2008-05-07 16:41 <REP> d-------- C:\ProgramData\Disk Cleaner 2008-05-07 16:40 . 2008-05-07 16:40 <REP> d-------- C:\Users\All Users\Registry Helper 2008-05-07 16:40 . 2008-05-07 16:40 <REP> d-------- C:\ProgramData\Registry Helper 2008-05-05 18:40 . 2008-05-05 18:41 <REP> d-------- C:\Program Files\AnyDVD 2008-05-05 18:38 . 2008-05-05 18:39 <REP> d-------- C:\Program Files\CloneDVD2 2008-05-05 18:17 . 2008-05-05 18:18 <REP> d-------- C:\Program Files\RegSupreme Pro 2008-05-05 17:55 . 2008-05-05 17:55 <REP> d-------- C:\Users\All Users\SlySoft 2008-05-05 17:55 . 2008-05-05 17:55 <REP> d-------- C:\ProgramData\SlySoft 2008-05-05 17:55 . 2008-05-15 22:20 125 ---hs---- C:\Users\All Users\.zreglib 2008-05-05 17:55 . 2008-05-15 22:20 125 ---hs---- C:\ProgramData\.zreglib 2008-05-05 17:53 . 2008-05-05 17:55 24 ---hs---- C:\Windows\SC8305F96.tmp 2008-05-05 16:31 . 2008-05-05 16:31 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Apple Computer 2008-05-05 16:30 . 2008-05-05 16:30 <REP> d-------- C:\Users\All Users\Apple Computer 2008-05-05 16:30 . 2008-05-05 16:30 <REP> d-------- C:\ProgramData\Apple Computer 2008-05-05 16:30 . 2008-05-05 16:30 <REP> d-------- C:\Program Files\QuickTime 2008-05-05 16:30 . 2008-05-05 16:31 <REP> d-------- C:\Program Files\iTunes 2008-05-05 16:30 . 2008-05-05 16:30 <REP> d-------- C:\Program Files\iPod 2008-05-05 16:29 . 2008-05-05 16:29 <REP> d-------- C:\Users\All Users\Apple 2008-05-05 16:29 . 2008-05-05 16:29 <REP> d-------- C:\ProgramData\Apple 2008-05-05 16:29 . 2008-05-05 16:29 <REP> d-------- C:\Program Files\Common Files\Apple 2008-05-03 08:04 . 2008-05-03 08:04 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Template 2008-05-03 08:04 . 2008-05-14 16:50 122 --a------ C:\Users\Patrick\AppData\Roaming\wklnhst.dat 2008-05-02 07:24 . 2008-05-02 07:24 <REP> d-------- C:\perflogs 2008-05-01 19:37 . 2008-05-01 19:37 <REP> d-------- C:\Users\Patrick\AppData\Roaming\DivX 2008-05-01 06:58 . 2008-05-01 06:58 <REP> d-------- C:\Program Files\DivX 2008-05-01 06:58 . 2008-05-01 06:58 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine 2008-04-30 16:48 . 2008-04-30 16:48 <REP> d-------- C:\Users\All Users\Ubisoft 2008-04-30 16:48 . 2008-04-30 16:48 <REP> d-------- C:\ProgramData\Ubisoft 2008-04-19 16:24 . 2008-05-17 12:08 <REP> d-------- C:\Users\Patrick\AppData\Roaming\Azureus 2008-04-19 16:24 . 2008-04-19 16:24 <REP> d-------- C:\Users\All Users\Azureus 2008-04-19 16:24 . 2008-04-19 16:24 <REP> d-------- C:\ProgramData\Azureus 2008-04-19 16:23 . 2008-04-19 16:31 <REP> d-------- C:\Program Files\Azureus 2008-04-19 11:39 . 2008-05-16 18:06 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-04-19 11:39 . 2008-05-16 18:06 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-04-19 11:39 . 2008-04-19 11:40 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-19 11:29 . 2008-04-19 11:29 <REP> d-------- C:\Windows\System32\AppData 2008-04-19 11:29 . 2008-04-19 11:34 <REP> d-------- C:\Program Files\WinUtilities 2008-04-19 11:01 . 2008-04-19 11:01 <REP> d-------- C:\Program Files\CCleaner . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 16:55 --------- d-----w C:\Program Files\Google 2008-05-16 16:18 --------- d-----w C:\Program Files\Common Files\BitDefender 2008-05-14 04:39 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-14 04:39 --------- d-----w C:\Program Files\Windows Mail 2008-05-02 09:36 --------- d---a-w C:\Program Files\GoogleEULA 2008-04-30 14:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-30 14:44 --------- d-----w C:\Program Files\Jeux 2008-04-12 06:18 --------- d-----w C:\Program Files\Java 2008-04-12 06:16 --------- d-----w C:\Program Files\Common Files\Java 2008-04-08 15:57 85,520 ----a-w C:\Windows\system32\drivers\bdfndisf.sys 2008-04-06 20:33 --------- d-----w C:\Users\Patrick\AppData\Roaming\Talkback 2008-04-05 17:43 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-04-04 12:12 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-04 12:12 --------- d-----w C:\Program Files\Windows Live 2008-04-04 12:08 --------- d-----w C:\ProgramData\WLInstaller 2008-04-04 11:46 --------- d-----w C:\ProgramData\CyberLink 2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-03-26 17:07 --------- d-----w C:\Users\Patrick\AppData\Roaming\InterTrust 2008-03-26 17:07 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-26 15:46 --------- d-----w C:\Users\Patrick\AppData\Roaming\Nero 2008-03-26 15:22 --------- d-----w C:\Users\Patrick\AppData\Roaming\CyberLink 2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-03-19 17:06 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-19 16:51 --------- d-----w C:\ProgramData\Gtek 2008-03-19 16:50 --------- d-----w C:\Users\Patrick\AppData\Roaming\GTek 2008-03-19 16:50 --------- d-----w C:\ProgramData\NVIDIA 2008-03-19 16:47 --------- d-sh--w C:\ProgramData\Modèles 2008-03-19 16:47 --------- d-sh--w C:\ProgramData\Menu Démarrer 2008-03-19 16:47 --------- d-sh--w C:\ProgramData\Favoris 2008-03-19 16:47 --------- d-sh--w C:\ProgramData\Bureau 2008-03-19 16:47 --------- d-sh--w C:\Program Files\Fichiers communs 2008-03-19 16:37 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2008-02-15 13:42 174 --sha-w C:\Program Files\desktop.ini . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-09 00:19 178712] "NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 10:14 439512] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136] "TVEService"="C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" [2007-10-19 18:42 155648] "CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 10:18 215256] "RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 16:50 4706304 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-14 04:28 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-14 04:28 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-14 04:28 81920] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [2007-02-09 15:54 16896] "RegistryMechanic"="" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4CDC7852-5866-4C98-A33B-A3EB8AA746E5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2FBC344C-2605-4C80-93FE-C0975D5B8DEB}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5F12E089-0F03-438A-970A-81CA4CA1C613}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{B4F9BD78-7980-4626-8CAE-64DAA6673173}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{A36EA6CF-257C-46EC-A070-72DF4782F815}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{BB48BB67-1574-4707-83B1-0119C4EFA3FA}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{1380A118-D058-4ED5-ABCB-F1F407209538}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{124D7471-CEEE-471A-A220-8BEB0193E5CC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{7E8F95F3-CF71-4158-BA30-216A0B393DA5}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv Media Server Discovery "{93F0E271-8EE4-45ED-A845-AD74216515FB}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{72628F0D-4751-4FA3-A166-22D6B9CE7397}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc "{7054B92E-00F4-4309-B0DA-CB6104145BCF}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector "{87C85656-C824-4298-8627-16649CBC04BB}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{DCF8670F-3984-4221-94B6-8D0508F41261}"= C:\Program Files\HomeCinema\TV Enhance\TVEnhance.exe:CyberLink TVEnhance "{E1378BCF-9157-4559-8D0B-A67A2DA879FF}"= C:\Program Files\HomeCinema\TV Enhance\TVEService.exe:CyberLink TVEnhance Resident Program "TCP Query User{A4376C7A-FF19-4CA6-ABCC-CBD865E4DBFF}C:\\program files\\jeux\\splinter cell pandora tomorrow\\pandora.exe"= UDP:C:\program files\jeux\splinter cell pandora tomorrow\pandora.exe:pandora "UDP Query User{974984EB-0BBF-4A19-932A-698877A5A114}C:\\program files\\jeux\\splinter cell pandora tomorrow\\pandora.exe"= TCP:C:\program files\jeux\splinter cell pandora tomorrow\pandora.exe:pandora "TCP Query User{DD8783CE-10F4-4F90-A276-29EF0417A886}C:\\program files\\jeux\\call of duty 2\\cod2mp_s.exe"= UDP:C:\program files\jeux\call of duty 2\cod2mp_s.exe:CoD2MP_s "UDP Query User{C6D78923-410C-4964-A0E9-38143F7188D1}C:\\program files\\jeux\\call of duty 2\\cod2mp_s.exe"= TCP:C:\program files\jeux\call of duty 2\cod2mp_s.exe:CoD2MP_s "{B5509DB7-E294-423B-85F3-63BE9EEAC985}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{7B6379CE-E9F0-4E8A-B81C-A6ABE7E5F43B}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{B71FE624-7E9F-4F60-A405-B7D250A67A07}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{8A49DF04-4BEB-4971-9956-508B886B7257}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{0F386149-8D4E-4AA0-BC8B-9604B62EB00D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{ADEC820B-A145-498E-91D7-4BA32D317152}C:\\program files\\kaspersky\\setup.exe"= UDP:C:\program files\kaspersky\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 "UDP Query User{38ED3E6C-B86E-4C3D-8065-109B0423C944}C:\\program files\\kaspersky\\setup.exe"= TCP:C:\program files\kaspersky\setup.exe:Programme d'installation de Kaspersky Internet Security 7.0 R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 11:46] R2 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 10:14] R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34] R2 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 10:17] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe" [2007-10-19 18:42] R2 TVESched;TVEnhance Task Scheduler (TTS));"C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe" [2007-10-19 18:42] R3 3xHybrid;Philips SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2008-01-08 09:17] R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-10-24 17:25] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-09-21 10:38] R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 10:31] S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 10:15] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 09:36] *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-18 12:18:21 C:\Windows\Tasks\User_Feed_Synchronization-{F5081D7C-52A7-41A1-98EA-715AEA1A9CFF}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 17:01:28 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-18 17:02:14 ComboFix-quarantined-files.txt 2008-05-18 15:02:11 Pre-Run: 366,064,521,216 octets libres Post-Run: 366,051,393,536 octets libres 252 --- E O F --- 2008-05-16 11:18:19

J'ai oublié de préciser que j'ai vista comme OS. Merci

Bonjour, Je viens vous demander un peu d'aide suite à quelques petits soucis avec 2 trojans. Symptomes: Impossibilité d'ouvrir IE7 Message 'Buffer overrun detected'. Impossibilité d'ouvrir des pdf avec adobe. Avec Mozilla, ouvertures de fenetres, vers adnet ..., kansas ...., etc etc, et également difficultés pour l'ouverture de certaines pages comme ce forum. J'ai utilisé CCleaner, a-squared Free, ad-aware .... J'ai à plusieurs reprises utiliser spyboot qui m'a trouvé 'virtumonde' J'ai testé alors avec Virtumondobegone mais il n'a rien trouvé. J'ai également utilisé 'Superantispyware' qui a nettoyé pas mal de chose. Les trois tojans détectés pas avast sont Trojano 1165, Privacyset et Rootkit-gen. Mais j'ai toujours sur avec spyboot ' virtumonde' qui est présent. Il revient sans cesse. J'ai lancé hijack et voici son rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:25:09, on 18/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\HomeCinema\TV Enhance\TVEService.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\System32\rundll32.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Patrick\Desktop\scanner.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe" O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [42c104ff] rundll32.exe "C:\Users\Patrick\AppData\Local\Temp\xffgbult.dll",b O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [bM41f23763] Rundll32.exe "C:\Users\Patrick\AppData\Local\Temp\diqioido.dll",s O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8813 bytes Un petit coup de main me ferait grandement plaisir. Merci d'avance.

Merci Angélique Voilà c'est fait... enfin j'espère avoir fait ce qu'il fallait... 1. le scan complet était bon 2. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, December 30, 2007 12:59:09 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 30/12/2007 Kaspersky Anti-Virus database records: 500225 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Critical Areas: C:\WINDOWS C:\DOCUME~1\Patrick\LOCALS~1\Temp\ Scan Statistics: Total number of scanned objects: 21288 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:43:22 Infected Object Name / Virus Name / Last Action C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MUMBLY.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_19c.dat Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_264.dat Object is locked skipped C:\WINDOWS\Temp\ZLT0241e.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT02421.TMP Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\DOCUME~1\Patrick\LOCALS~1\Temp\~DFEE64.tmp Object is locked skipped Scan process completed. 3. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:05:56, on 30/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\Mixer.exe C:\Program Files\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\AD-AWA~1\Ad-Watch.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\awtqqol.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Microsoft Windows Update x86] opera.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\AD-AWA~1\Ad-Watch.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] opera.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU) O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU) O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: awtqqol - C:\WINDOWS\SYSTEM32\awtqqol.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7893 bytes

Bonjour, Suite à un petit souci avec avp.exe (lenteur du pc au démarrage principalement), j'ai cherché une explication sur l'utilité d'accepter que avp.exe se connecte sur internet. Avp.exe est associé à Kaspersky internet security. Dans certains forums, avp est considéré comme normal, dans d'autres comme un malware. Mais aucun n'indique le danger de laisser se processus s'exécuter. J'ai donc suivi le premier conseil donné à chaque fois... faire une analyse par Hijack dont le rapport suit ci-dessous. Pouvez-vous m'éclairer sur cette analyse? Mon log est-il clean? Merci d'avance. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:58, on 27/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\routing.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Mixer.exe C:\Program Files\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\AD-AWA~1\Ad-Watch.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Microsoft Windows Update x86] opera.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\AD-AWA~1\Ad-Watch.exe" O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\RunServices: [Microsoft Windows Update x86] opera.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Kaspersky Internet Security 7.0 (2).lnk = C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote K - IE 6.htm (HKCU) O9 - Extra button: Dictionnaire - {FB4AE6A3-EE20-442c-9189-251885352358} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote D - IE 6.htm (HKCU) O9 - Extra button: Synonymes - {FDD637F8-2693-49ce-817E-1AD59574900C} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote S - IE 6.htm (HKCU) O9 - Extra button: Conjugueur - {FF229BEC-9E1F-48c1-99A6-AF34ABEFAB0A} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote C - IE 6.htm (HKCU) O9 - Extra button: Grammaire - {FFB5EE7F-726F-423e-83C2-572FE7CEB3F0} - C:\PROGRA~1\Antidote\Antidote\Internet Explorer\6\Antidote G - IE 6.htm (HKCU) O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7741 bytes

Re... Medicus, Je comprend tout a fait ton point vue ... Il n'y a pas de rancune... dommage... c'est tout Merci quand meme de m'avoir répondu

Bonsoir, En quoi est il répréhensible de surveiller les courriers de son fils? Ce n'est en aucun cas, ici, utilisable pour une société, mais un pc familial. Merci à vous

Bonjour, Y a t'il moyen de faire copier, dans un répertoire par exempale, tout les messages entrants et sortants dans outlook? Cela en vue bien sur de surveiller le contenu des mails en toute discretion. Merci d'avance.