Raport findykill suite à beagle? [Résolu]

bonjour,
•Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
http://images.malwareremoval.com/random/RSIT.exe

Tuto : http://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Double clique sur RSIT.exe pour lancer l'outil.
Clique sur ' continue ' à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
(log.txt & info.txt)
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

slt



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

sous le nom de antibagle. Fais le avant que le fichier ne soit enregistré sur le bureau


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

merci pour vos conseils,

voici le rapport combofix que j'ai réalisé avant d'entamer cette discussion:


ComboFix 09-11-19.05 - rose 20/11/2009 17:43.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1263 [GMT 1:00]
Lancé depuis: c:\users\rose\Desktop\cm.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\rose\AppData\Roaming\drivers\downld
c:\users\rose\AppData\Roaming\drivers\winupgro.exe
c:\users\rose\AppData\Roaming\hidires
c:\users\rose\AppData\Roaming\hidires\flec003.exe
c:\users\rose\AppData\Roaming\hidires\names.txt
c:\users\rose\AppData\Roaming\m
c:\users\rose\AppData\Roaming\m\data.oct
c:\users\rose\AppData\Roaming\m\flec006.exe
c:\users\rose\AppData\Roaming\m\list.oct
c:\users\rose\AppData\Roaming\m\shared\123_Terminal_Server_1.3.zip
c:\users\rose\AppData\Roaming\m\shared\2007 Holidays Screensaver 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\3001_Bricks_1.zip
c:\users\rose\AppData\Roaming\m\shared\3D_Dancing_Skeleton_1.0_[Key+Serial].zip
c:\users\rose\AppData\Roaming\m\shared\AAA Real Recorder 1.7.zip
c:\users\rose\AppData\Roaming\m\shared\Accurate Spam For Outlook Express 1.2.zip
c:\users\rose\AppData\Roaming\m\shared\Active Q 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Advanced_DBF_Repair_1.5.zip
c:\users\rose\AppData\Roaming\m\shared\AGUTA PAD Submitter 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Akhbarakom_(Arabic)_2.zip
c:\users\rose\AppData\Roaming\m\shared\Alarm_1.6.zip
c:\users\rose\AppData\Roaming\m\shared\AlienSun 3.0.zip
c:\users\rose\AppData\Roaming\m\shared\All Cleaner 6.6.zip
c:\users\rose\AppData\Roaming\m\shared\APS Accounting & Stock Control 3.0.1.1.zip
c:\users\rose\AppData\Roaming\m\shared\Aries Video Converter GOLD 2.1.0.211.zip
c:\users\rose\AppData\Roaming\m\shared\ASTICE_Timetable_2004_(Key).zip
c:\users\rose\AppData\Roaming\m\shared\Audio_CD_Maker_6.0.2_[Cracked].zip
c:\users\rose\AppData\Roaming\m\shared\AudioSpin Media Recorder 1.09.046.zip
c:\users\rose\AppData\Roaming\m\shared\Avg.Antivírus.Plus.Firewall.V.7.344A.618.Sk.Full.zip
c:\users\rose\AppData\Roaming\m\shared\AVG_internetsecurity7.5.zip
c:\users\rose\AppData\Roaming\m\shared\AVI To WMA Converter 1.00.zip
c:\users\rose\AppData\Roaming\m\shared\AXS 3.00 beta 4.zip
c:\users\rose\AppData\Roaming\m\shared\BabyMouse and BabyBoard Pro 3.2.0.0.zip
c:\users\rose\AppData\Roaming\m\shared\Bank_Book_5.1.zip
c:\users\rose\AppData\Roaming\m\shared\Bearded_Frog_Enlarger_Pro_3.0.3.zip
c:\users\rose\AppData\Roaming\m\shared\Bendometer P.S. 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Best Selling Toys 1.0.0.0.zip
c:\users\rose\AppData\Roaming\m\shared\BitComet_Manager_1.zip
c:\users\rose\AppData\Roaming\m\shared\Browser Defender 2.0.6.6.zip
c:\users\rose\AppData\Roaming\m\shared\Cactus_Jukebox_0.3_RC1.zip
c:\users\rose\AppData\Roaming\m\shared\Capturix ScanShare 4.03.530.zip
c:\users\rose\AppData\Roaming\m\shared\ChatRelations_Live_Chat_2.0.zip
c:\users\rose\AppData\Roaming\m\shared\Cielo_Fm_Salta_0.5.zip
c:\users\rose\AppData\Roaming\m\shared\Clickster_1.50.zip
c:\users\rose\AppData\Roaming\m\shared\Client_Manager_1.5.1.zip
c:\users\rose\AppData\Roaming\m\shared\ClipEd 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\ClockWise 3.30b.zip
c:\users\rose\AppData\Roaming\m\shared\ClubCross Photo Crush 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Convolve 3.0.zip
c:\users\rose\AppData\Roaming\m\shared\Crawler Weather 1.1.zip
c:\users\rose\AppData\Roaming\m\shared\Dashiki 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Dirk's Accordion Tuner Pro 2.2.zip
c:\users\rose\AppData\Roaming\m\shared\DiskInternals ZIP Repair 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\dsRenamer_2.5_[Cracked].zip
c:\users\rose\AppData\Roaming\m\shared\Ease123 Video Watermarker 1.0.1.zip
c:\users\rose\AppData\Roaming\m\shared\Ease123_Video_Joiner_1.0.1_(Key+Serial).zip
c:\users\rose\AppData\Roaming\m\shared\easy! world population 0.62.zip
c:\users\rose\AppData\Roaming\m\shared\EasyFit 3.2.zip
c:\users\rose\AppData\Roaming\m\shared\eOrdering Professional 4.0.9.zip
c:\users\rose\AppData\Roaming\m\shared\EPiSMS_1.0.zip
c:\users\rose\AppData\Roaming\m\shared\ExposurePlot 1.13.zip
c:\users\rose\AppData\Roaming\m\shared\EZ_Document_Safe_1.7_[Crack].zip
c:\users\rose\AppData\Roaming\m\shared\Feedsoft Professional Edition 3.10 Patch.zip
c:\users\rose\AppData\Roaming\m\shared\File_Encryption_XP_1.5.81.zip
c:\users\rose\AppData\Roaming\m\shared\Find Toolbar Tweaks 2.0.1.zip
c:\users\rose\AppData\Roaming\m\shared\FindinSite-MS 1.61.zip
c:\users\rose\AppData\Roaming\m\shared\Forte Agent 4.2 Build 1118.zip
c:\users\rose\AppData\Roaming\m\shared\Functions_2d_0.2.zip
c:\users\rose\AppData\Roaming\m\shared\GEOTEK_Phone_Book_2.30_beta.zip
c:\users\rose\AppData\Roaming\m\shared\GridinSoft_Notepad_Home_3.221.zip
c:\users\rose\AppData\Roaming\m\shared\GSResolution 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Home_Planet_Lite_3.1.zip
c:\users\rose\AppData\Roaming\m\shared\HTMLtoRTF Converter Easy 1.1.zip
c:\users\rose\AppData\Roaming\m\shared\Icon_Lock-iT_XP_3.3_build_3301.zip
c:\users\rose\AppData\Roaming\m\shared\IIS Anti-leech Sniffer Dog 5.08.zip
c:\users\rose\AppData\Roaming\m\shared\Invasion_Screen_saver_1.1.2.0.zip
c:\users\rose\AppData\Roaming\m\shared\Jennifer_Ellison-E-Sex-BabeSavers.com_1.zip
c:\users\rose\AppData\Roaming\m\shared\JOC Print Commander 2.40.zip
c:\users\rose\AppData\Roaming\m\shared\Join (Merge, Combine) Multiple (or Two) HTML Files Into One Software 7.0.zip
c:\users\rose\AppData\Roaming\m\shared\Judo_Scoreboard_Deluxe_1.0_[Cracked].zip
c:\users\rose\AppData\Roaming\m\shared\KishKish SAM 2.0.0.22.zip
c:\users\rose\AppData\Roaming\m\shared\Legendary Search Device 5.0.1.zip
c:\users\rose\AppData\Roaming\m\shared\Lemonade_Forum_1.zip
c:\users\rose\AppData\Roaming\m\shared\LiqIT_4.7_(Crack).zip
c:\users\rose\AppData\Roaming\m\shared\Liquid_Media_2.0.zip
c:\users\rose\AppData\Roaming\m\shared\LiquidApps 6.0.0.zip
c:\users\rose\AppData\Roaming\m\shared\Lupin's_Diary_1.1.zip
c:\users\rose\AppData\Roaming\m\shared\M_Ram_Optimizer_2.0.zip
c:\users\rose\AppData\Roaming\m\shared\m9P Phonebook2 2.1.zip
c:\users\rose\AppData\Roaming\m\shared\Mailing List Wizard 1.32.zip
c:\users\rose\AppData\Roaming\m\shared\Maniac_Spheres_0.7.6.zip
c:\users\rose\AppData\Roaming\m\shared\Mao_Clock_1.0.zip
c:\users\rose\AppData\Roaming\m\shared\MCS CPU Benchmark 4.3.0.1.zip
c:\users\rose\AppData\Roaming\m\shared\MiniPortal_EP_3.3.99.zip
c:\users\rose\AppData\Roaming\m\shared\Moon_Day_Screensaver_1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Move_The_Music_4.0.zip
c:\users\rose\AppData\Roaming\m\shared\MP3_CD_Maker_2.0_[Key].zip
c:\users\rose\AppData\Roaming\m\shared\MTop Web Button Menu Maker 3.1.zip
c:\users\rose\AppData\Roaming\m\shared\OfficeCalendar_3.0.1.2.zip
c:\users\rose\AppData\Roaming\m\shared\Particls_0.9.2375.0.zip
c:\users\rose\AppData\Roaming\m\shared\PDF-to-Text_1.5.zip
c:\users\rose\AppData\Roaming\m\shared\PJ components 2.0.2.zip
c:\users\rose\AppData\Roaming\m\shared\ProductID 1.2.zip
c:\users\rose\AppData\Roaming\m\shared\Qir'at Quran Reciter 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Quickbix Integration Suite 2008 4.20.zip
c:\users\rose\AppData\Roaming\m\shared\Rapid-Website_3.3.zip
c:\users\rose\AppData\Roaming\m\shared\River Past Ringtone Converter 2.7.16.1904.zip
c:\users\rose\AppData\Roaming\m\shared\RPS_-_Remote_Power_Source_2.6.zip
c:\users\rose\AppData\Roaming\m\shared\SafenSec_Plus_Anti-Spyware_2.0.854.zip
c:\users\rose\AppData\Roaming\m\shared\Schedule_Wizard_Automation_Edition_4.04_build_4041.zip
c:\users\rose\AppData\Roaming\m\shared\SftpDrive 1.7.9.zip
c:\users\rose\AppData\Roaming\m\shared\SignGenius ASL Pro 3.1.3.780.zip
c:\users\rose\AppData\Roaming\m\shared\SignLingo_0.1.zip
c:\users\rose\AppData\Roaming\m\shared\SimpleChecklist_1.20.zip
c:\users\rose\AppData\Roaming\m\shared\SlovoEd Classic Italian-Russian 6.3.zip
c:\users\rose\AppData\Roaming\m\shared\SmilingMail 2.0.zip
c:\users\rose\AppData\Roaming\m\shared\Sonic_Progress_Bar_Control_1.zip
c:\users\rose\AppData\Roaming\m\shared\SpellForce_2_Shadow_Wars_demo.zip
c:\users\rose\AppData\Roaming\m\shared\StartupSelector_1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Stream Patrol - Windows Media Streams Monitor 2.0.zip
c:\users\rose\AppData\Roaming\m\shared\Swift PDF 1.1.zip
c:\users\rose\AppData\Roaming\m\shared\Swisspixels Counter 1.0.zip
c:\users\rose\AppData\Roaming\m\shared\Tab URL Copier 1.1.8.20061010.zip
c:\users\rose\AppData\Roaming\m\shared\TapiRex_1.3.zip
c:\users\rose\AppData\Roaming\m\shared\Text_PT_2.0.zip
c:\users\rose\AppData\Roaming\m\shared\The Net Detective Toolbar for Internet Explorer 4.5.144.0.zip
c:\users\rose\AppData\Roaming\m\shared\TunnelRat_1.0.4.16245.zip
c:\users\rose\AppData\Roaming\m\shared\TZ_Spyware-Adware_Remover_9.2.0.0.zip
c:\users\rose\AppData\Roaming\m\shared\UberClock 1.0.0.zip
c:\users\rose\AppData\Roaming\m\shared\uCertify PrepKit - C220-601 A+ Essentials 8.00.05.zip
c:\users\rose\AppData\Roaming\m\shared\Ultimate Date Calculator 2.9.0.zip
c:\users\rose\AppData\Roaming\m\shared\Ultra_JPEG_Tagger_1.4_[Cracked].zip
c:\users\rose\AppData\Roaming\m\shared\Union_2.11.zip
c:\users\rose\AppData\Roaming\m\shared\Unreal Tournament 2003 - The Tomb deathmatch map.zip
c:\users\rose\AppData\Roaming\m\shared\UserHealth_1.3.zip
c:\users\rose\AppData\Roaming\m\shared\VirtuaDisk_1.5.zip
c:\users\rose\AppData\Roaming\m\shared\Wheel Magister 1.4.2.zip
c:\users\rose\AppData\Roaming\m\shared\Winter Town 3D 1.2 [Key].zip
c:\users\rose\AppData\Roaming\m\shared\Winter_Reflections_Screensaver_1.0_[Cracked].zip
c:\users\rose\AppData\Roaming\m\srvlist.oct
c:\windows\system32\srosa2.sys
c:\windows\system32\wfsintwq.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Legacy_SROSA
-------\Service_sK9Ou0s


((((((((((((((((((((((((((((( Fichiers créés du 2009-10-20 au 2009-11-20 ))))))))))))))))))))))))))))))))))))
.

2009-11-20 16:57 . 2009-11-20 17:00 -------- d-----w- c:\users\rose\AppData\Local\temp
2009-11-20 16:57 . 2009-11-20 16:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-20 16:57 . 2009-11-20 16:57 -------- d-----w- c:\users\marion\AppData\Local\temp
2009-11-20 16:57 . 2009-11-20 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-20 16:35 . 2009-04-11 06:32 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2009-11-20 16:35 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-20 16:29 . 2009-11-20 16:30 49152 d-----w- C:\cm13658c
2009-11-20 15:52 . 2009-11-20 15:54 -------- d-----w- C:\ToolBar SD
2009-11-20 14:36 . 2009-11-20 14:36 262144 ----a-w- C:\ntuser.dat
2009-11-20 14:16 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-20 14:16 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-20 13:15 . 2009-11-20 13:54 -------- d-----w- C:\cm
2009-11-20 12:17 . 2009-11-20 12:17 -------- d-sh--w- c:\users\rose\AppData\Roaming\%APPDATA%
2009-11-20 10:23 . 2009-10-29 14:39 679936 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-11-20 10:23 . 2009-10-29 14:39 614400 ----a-w- c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-11-19 11:52 . 2009-11-19 11:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-11-19 11:34 . 2009-11-20 16:09 -------- d-----w- c:\program files\Panda Security
2009-11-19 11:24 . 2009-11-20 16:56 -------- d--h--w- c:\users\rose\AppData\Roaming\drivers
2009-11-17 02:20 . 2009-11-17 02:20 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 02:02 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-17 02:00 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 02:00 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 02:00 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\users\rose\AppData\Local\TechSmith
2009-11-11 16:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 16:23 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-06 08:49 . 2009-11-06 08:49 -------- d-----w- c:\program files\Microsoft
2009-11-06 08:48 . 2009-11-06 08:48 -------- d-----w- c:\windows\PCHEALTH
2009-10-28 08:04 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 08:04 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 16:10 . 2008-11-28 09:28 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-20 14:15 . 2009-05-21 09:36 -------- d-----w- c:\program files\CCleaner
2009-11-20 14:05 . 2008-11-28 06:18 -------- d-----w- c:\users\rose\AppData\Roaming\Audacity
2009-11-20 13:48 . 2006-11-02 15:48 669566 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-20 13:48 . 2006-11-02 15:48 123556 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-20 09:26 . 2009-10-13 17:19 183356 ----a-w- c:\users\rose\AppData\Roaming\HouseCall 6.6\Uninstaller.exe
2009-11-18 13:44 . 2008-04-03 09:49 81592 ----a-w- c:\users\rose\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-18 13:39 . 2007-04-18 07:04 8192 d-----w- c:\program files\Common Files\Adobe
2009-11-18 13:01 . 2007-04-18 05:56 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-17 02:20 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 02:20 . 2009-11-17 02:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 02:19 . 2009-11-17 02:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-11 20:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-06 08:49 . 2008-04-05 13:51 4096 d-----w- c:\program files\Windows Live
2009-11-02 19:42 . 2009-10-03 08:33 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 17:08 . 2009-10-19 17:08 -------- d-----w- c:\programdata\TechSmith
2009-10-17 14:10 . 2009-10-17 14:10 653560 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-16 19:40 . 2009-10-16 19:40 -------- d-----w- c:\programdata\eMule
2009-10-16 19:32 . 2009-10-15 14:30 4096 d-----w- c:\program files\Canon
2009-10-16 10:57 . 2009-10-16 10:57 -------- d-----w- c:\users\rose\AppData\Roaming\Canon
2009-10-15 14:29 . 2009-10-15 14:29 -------- d-----w- c:\program files\Common Files\Canon
2009-10-15 11:45 . 2009-10-15 11:45 -------- d-----w- c:\users\rose\AppData\Roaming\Ulead Systems
2009-10-14 06:34 . 2009-10-14 06:34 4096 d-----w- c:\program files\eMule
2009-10-13 22:41 . 2009-10-13 22:39 4096 d-----w- c:\program files\Common Files\DVDVideoSoft
2009-10-13 22:24 . 2009-10-13 06:16 -------- d-----w- c:\users\rose\AppData\Roaming\GeoVid
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\users\rose\AppData\Roaming\Malwarebytes
2009-10-13 16:49 . 2009-10-13 16:49 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-13 16:49 . 2009-10-13 16:49 -------- d-----w- c:\programdata\Malwarebytes
2009-10-13 15:50 . 2009-05-21 08:34 -------- d-----w- c:\program files\MSECACHE
2009-10-13 15:42 . 2009-01-04 17:55 -------- d-----w- c:\program files\Gadwin Systems
2009-10-13 06:15 . 2009-10-13 06:15 -------- d-----w- c:\program files\Common Files\GeoVid
2009-10-12 10:10 . 2009-10-03 10:13 -------- d-----w- c:\users\rose\AppData\Roaming\Eltima Software
2009-10-11 15:25 . 2009-10-11 15:25 4096 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-10-10 16:22 . 2009-10-10 16:22 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-10-10 16:22 . 2009-10-10 16:22 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-10-06 10:22 . 2009-10-06 10:22 101376 ----a-w- c:\windows\system32\drivers\ACEDRV07.sys
2009-10-06 06:44 . 2009-10-06 06:44 4096 d-----w- c:\program files\DAEMON Tools Lite
2009-10-02 10:28 . 2008-04-12 14:27 4096 d-----w- c:\program files\QuickTime
2009-10-02 10:25 . 2009-05-20 09:34 -------- d-----w- c:\programdata\Apple Computer
2009-10-01 09:04 . 2006-08-20 10:18 4096 d-----w- c:\users\rose\AppData\Roaming\dvdcss
2009-10-01 09:02 . 2006-08-20 10:30 4096 d-----w- c:\programdata\DVD Shrink
2009-10-01 01:02 . 2009-11-17 02:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 02:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 02:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 02:02 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 02:02 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 02:02 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 02:02 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 02:02 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 02:02 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 02:02 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 02:02 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 02:02 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 02:02 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 02:02 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 08:58 . 2009-09-25 08:58 -------- d-----w- c:\users\rose\AppData\Roaming\AVS4YOU
2009-09-25 02:10 . 2009-11-17 02:03 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 02:03 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 02:03 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 02:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-17 02:03 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-17 02:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-17 02:03 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-17 02:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-17 02:03 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-17 02:03 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-17 02:03 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-17 02:03 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-17 02:03 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-17 02:03 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-17 02:03 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-17 02:03 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-17 02:03 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-17 02:03 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-17 02:03 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-17 02:03 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-17 02:03 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-17 02:03 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-17 02:03 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-17 02:03 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-17 02:03 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-17 02:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-17 02:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-22 17:58 . 2008-04-14 15:04 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-22 11:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-09-22 11:54 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-22 11:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-09-22 11:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-09-22 11:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-09-22 11:54 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-15 11:59 . 2009-08-17 15:56 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:55 . 2009-08-17 15:56 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-09-15 11:54 . 2009-08-17 15:57 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-08-17 15:57 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-08-17 15:57 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-14 09:29 . 2009-10-16 06:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-16 06:02 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2009-10-13 16:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2009-10-13 16:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"flec003.exe"="c:\users\rose\AppData\Roaming\hidires\flec003.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"MacDrive application"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2008-09-23 201304]
"Getting started with MacDrive"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2008-09-02 141312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-09-03 4702208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2005-04-13 774144]

c:\users\rose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):58,31,25,6c,94,3b,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-458629341-677713502-4177817849-1000]
"EnableNotificationsRef"=dword:0000000d

R0 MDFSYSNT;MacDrive file system driver;c:\windows\System32\drivers\MDFSYSNT.SYS [04/02/2009 10:14 284160]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\System32\drivers\MDPMGRNT.SYS [04/02/2009 10:22 19456]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [20/11/2009 15:16 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [20/11/2009 15:16 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/08/2009 16:56 53328]
S3 CSTUZW;CSTUZW;c:\users\rose\AppData\Local\Temp\CSTUZW.exe --> c:\users\rose\AppData\Local\Temp\CSTUZW.exe [?]
S3 CTCUDPPG;CTCUDPPG;c:\users\rose\AppData\Local\Temp\CTCUDPPG.exe --> c:\users\rose\AppData\Local\Temp\CTCUDPPG.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe --> c:\magix\Common\Database\bin\fbserver.exe [?]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [26/06/2008 07:27 21504]
S4 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [06/03/2007 14:01 14848]
S4 MacDriveService;MacDrive service;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [26/11/2008 08:23 150528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'

2009-11-20 c:\windows\Tasks\User_Feed_Synchronization-{3C344CFD-6236-42D8-AFD4-7E13B3A8F08A}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]

2009-11-20 c:\windows\Tasks\User_Feed_Synchronization-{E8F29879-B394-4A81-85B0-C216262EFFA3}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4
IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR
FF - ProfilePath - c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q=
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 17:59
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x852161F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x82f11d24
\Driver\ACPI -> acpi.sys @ 0x807c2d68
\Driver\atapi -> 0x852161f8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\CCleaner\CCleaner.exe
.
**************************************************************************
.
Heure de fin: 2009-11-20 18:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-20 17:10
ComboFix2.txt 2009-11-20 13:54

Avant-CF: 23 951 265 792 octets libres
Après-CF: 23 663 636 480 octets libres

- - End Of File - - 1DBAC6F2FCF6DF335ADD5DFA11E72EF8

alors voici le premier rapport exécuté avec RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by rose at 2009-11-20 20:04:26
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:05:32, on 20/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\rose\Desktop\RSIT.exe
C:\Program Files\trend micro\rose.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CSTUZW - Unknown owner - C:\Users\rose\AppData\Local\Temp\CSTUZW.exe (file missing)
O23 - Service: CTCUDPPG - Unknown owner - C:\Users\rose\AppData\Local\Temp\CTCUDPPG.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

• /!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : http://www.commentcamarche.net/faq/sujet-8343-vista-desactiver-l-uac
/!\ Déconnecte-toi et ferme toutes applications en cours /!\

Télécharge de AD-Remover (Merci à Cyrildu17 / C_XX) sur ton Bureau.
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Miroir:

http://forum-aide-contre-virus.be/download/C_XX/AD-R.exe


- Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
/!\Utilisateur de Vista : Clique droit sur le logo de AD-Remover, « exécuter en tant qu’Administrateur »
- Au menu principal, choisis l'option « L ».
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Tuto : http://pagesperso-orange.fr/NosTools/tuto_adr_3.html

euh par contre impossible de poster le rapport info.log

bien un grand merci je vais tenter Ad remover!

j'étais trop rapide ;-)

bien alors voici le rapport de Ad Report:


.
======= RAPPORT D'AD-REMOVER 1.1.4.6_D | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 20.11.2009 à 7:00
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 20:28:54, 20/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 2 v6.0.6002
Nom du PC: PC-DE-ROSE | Utilisateur actuel: rose
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
C:\Users\rose\AppData\Roaming\EoRezo
C:\Users\rose\AppData\Roaming\ItsLabel
C:\Users\rose\AppData\Roaming\Mozilla\Firefox\Profiles\48i1t3ox.default\searchplugins\ask.xml
.
HKCU\software\EoRezo
HKCU\software\ItsLabel
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.15 [fr] *
.
Nom du profil: 48i1t3ox.default (rose)
.
(rose, prefs.js) Browser.download.dir, C:\Users\rose\Downloads
(rose, prefs.js) Browser.download.lastDir, C:\Users\rose\Desktop
(rose, prefs.js) Browser.search.selectedEngine, Ask
(rose, prefs.js) Browser.startup.homepage, hxxp://www.google.fr
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Start Page Redirect Cache AcceptLangs: fr
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache_TIMESTAMP: NARY 1ff7ede16ac5c601
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\rose\AppData\Roaming\HouseCall 6.6\patch.exe
.
===================================
.
2716 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
0 Fichier(s) - C:\Users\rose\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
.
20 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
12 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 20:38:20 | 20/11/2009 - CLEAN[1]
.
============== E.O.F ==============
.
merci et c plutôt moi qui suit un peu lente :)

alors heu je sais pas si c'est bon ou pas.....?
^^

Alors déjà mon Pc rame beaucoup moins, par contre avast est toujours endommagé, peut-être faut-il que je le désinstalle?

Je reste à votre écoute, en vous remerciant grandement pour votre aide!
j

la suite :

•/!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : http://www.commentcamarche.net/faq/sujet-8343-vista-desactiver-l-uac

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

http://www.toofiles.com/fr/oip/documents/exe/tbsd.html
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
/!\Utilisateur de Vista : Clique droit sur le logo de Toolbar-S&D, « exécuter en tant qu’Administrateur »

* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Tuto :
http://www.malekal.com/tutorial_ToolBar_SD.php

voici le rapport obtenu avec tooblar:


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Ver 1.00PARTTBL
USER : rose ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:21 Go)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:23 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 21/11/2009|10:14 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="http://fr.msn.com/"
"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Search bar"="http://search.msn.com/spbasic.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\rose\Desktop\racourcis\adobe\Crack et Keygen
C:\Users\rose\Desktop\racourcis\adobe\Crack et Keygen\Consignes D'installation.txt


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 21/11/2009|10:14 - Option : [1]

-----------\\ Fin du rapport a 10:14:46,29

en vous remerciant!

voici en tant qu'administrateur:


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Ver 1.00PARTTBL
USER : rose ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:21 Go)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:23 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 21/11/2009|10:21 )

[ UAC => 0 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="http://fr.msn.com/"
"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Search bar"="http://search.msn.com/spbasic.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\rose\Desktop\racourcis\adobe\Crack et Keygen
C:\Users\rose\Desktop\racourcis\adobe\Crack et Keygen\Consignes D'installation.txt


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 21/11/2009|10:14 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 21/11/2009|10:17 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 21/11/2009|10:22 - Option : [1]

-----------\\ Fin du rapport a 10:22:54,37

merci et si vous pouviez me conseiller pour la suite! :=)

bonjour,
supprimes ces cracks en manuel :

C:\Users\rose\Desktop\racourcis\adobe\Crack et Keygen
C:\Users\rose\Desktop\racourcis\adobe\Crack et Keygen\Consignes D'installation.txt

puis relance toolbar s&d en option 2 et poste son rapport

merci

Bonjour,

Voici le rapport de Toolbar avec l'option2:


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz )
BIOS : Ver 1.00PARTTBL
USER : rose ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:74 Go (Free:21 Go)
E:\ (Local Disk) - NTFS - Total:73 Go (Free:23 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 21/11/2009|10:31 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="http://fr.msn.com/"
"Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="http://go.microsoft.com/fwlink/?linkid=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Search bar"="http://search.msn.com/spbasic.htm"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 21/11/2009|10:14 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 21/11/2009|10:17 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 21/11/2009|10:22 - Option : [1]
4 - "C:\ToolBar SD\TB_4.txt" - 21/11/2009|10:31 - Option : [2]

-----------\\ Fin du rapport a 10:31:46,68

merci!

repasse un autre rsit et poste son rapport
note :
tu n'auras qu'un seul rapport log.txt

bien voici le rapport avec RSIT, merci beaucoup pour toute votre aide!:


Logfile of random's system information tool 1.06 (written by random/random)
Run by rose at 2009-11-21 10:38:58
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 22 GB (29%) free of 76 GB
Total RAM: 2046 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:11, on 21/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\rose\Desktop\RSIT.exe
C:\Program Files\trend micro\rose.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MacDrive application] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [Getting started with MacDrive] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing)
O9 - Extra button: Amazon.fr - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.fr/exec/obidos/redirect-home?tag=Toshibafrbholink-21&site=home (file missing)
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?FR (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CSTUZW - Unknown owner - C:\Users\rose\AppData\Local\Temp\CSTUZW.exe (file missing)
O23 - Service: CTCUDPPG - Unknown owner - C:\Users\rose\AppData\Local\Temp\CTCUDPPG.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

reste-t-il des problèmes?
merci pour tout n tous cas!
:=)

on va arriver à bout de cette chose :-)

fais une mise à jour de ces programmes ou si inutile, tu les supprimes vais ajout suppression de programmes :
Adobe Acrobat Reader 7.0
Sun Microsystem Java Runtime
Sun®Java Runtime


/!\ Utilisateur de Vista : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : http://www.commentcamarche.net/faq/sujet-8343-vista-desactiver-l-uac

Télécharge Malwarebytes' Anti-Malware:
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

ou ici : http://www.malwarebytes.org/mbam/program/mbam-setup.exe


. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
/!\Utilisateur de Vista : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu’Administrateur »

. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php