petit pain

je n'ai pas réussi à mettre la protection antivir ce matin, il me disait qu'il me manquait des fichiers j'ai donc désinstallé puis tenté de réinstaller antivir mais il y a soit disant des fichiers d'installation corrompus d'après toi, c'est un problème hardware ou il reste encore un virus? edit: je viens de faire un scan MBAM: il n'a rien trouvé j'ai fait un scan toolbar S&D et là voici le rapport -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.00GHz ) BIOS : Default System BIOS USER : mickael ( Administrator ) BOOT : Normal boot A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:16 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (USB) - FAT32 - Total:3904 Mo (Free:1 Go) M:\ (Local Disk) - NTFS - Total:160 Go (Free:30 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 31/01/2009|10:38 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_ie.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\logger.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIE.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\allow.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\block.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\dontsend.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarstextrollover.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX16.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX48.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\send.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_emoticons.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eyeglass.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_gear.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_images.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_kiwee.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_msnlogo.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_news.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_text.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_videos.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_webshots.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_winks.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\X.bmp -----------\\ Extensions (mickael) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}" "Start Page"="http://fr.msn.com/" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=44406" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] 1 - "C:\ToolBar SD\TB_1.txt" - 31/01/2009|10:37 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 31/01/2009|10:39 - Option : [1] -----------\\ Fin du rapport a 10:39:05,64

ok, je récupère toutes mes clefs et je te tiens au courant quand c'est fait

merci pour ton aide, c'est sympa de m'avoir aidé en sachant que c'est de ma faute par contre quel est le mieux pour vérifier mes clefs usb et autre avant de les reconnecter sur mon PC? voici le rapport tcleaner [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\TB.txt: trouvé ! C:\Toolbar SD: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\mickael\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\mickael\Bureau\ToolBarSD.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\mickael\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\mickael\Bureau\ToolBarSD.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\TB.txt: supprimé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé ! C:\Toolbar SD: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé !

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:41:04, on 30/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\oopmagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe M:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O4 - HKLM\..\Run: [CloneCDTray] "M:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe (file missing) O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9528 bytes

j'avais installé VNC mais je ne m'en suis jamais servi car vous êtes beaucoup plus qualifiés que mes connaissances je viens donc de le désinstaller pour ma machine, comme je disais tout à l'heure: au démarrage, j'ai eu un écran bleu, antivir ne s'ouvre pas automatiquement et windows me propose de faire une mise à jour à chaque arrêt de la machine (il y a d'ailleurs l'icone en bas à droite qui m'indique que des màj sont disponibles) et j'ai aussi pas mal de plantages firefox pour mes cracks, comment savoir où ils sont car depuis le temps je ne sais plus trop quel logiciel les utilise?

bonjour, edit: au démarrage, j'ai eu un écran bleu, antivir ne s'ouvre pas automatiquement et windows me propose de faire une mise à jour à chaque arrêt de la machine (il y a d'ailleurs l'icone en bas à droite qui m'indique que des màj sont disponibles) j'ai viré la ligne que tu as indiqué, vérifié ma version de java et fait un scan avec kapersky dont voici le rapport: Friday, January 30, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, January 30, 2009 13:16:40 Records in database: 1728476 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ M:\ Scan statistics Files scanned 138929 Threat name 4 Infected objects 7 Suspicious objects 0 Duration of the scan 02:49:05 File name Threat name Threats count C:\Program Files\UltraVNC\WinVNC.exe//PE_Patch.UPX//UPX/C:\Program Files\UltraVNC\WinVNC.exe//PE_Patch.UPX//UPX Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1 C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1 C:\Program Files\UltraVNC\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1 C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1 C:\Qoobox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1 M:\logiciels\windows original\outils\XP.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2 The selected area was scanned.

bonjour, au démarrage, le parapluie d'antivir ne s'ouvre pas, je suppose que ce n'est pas bon signe voici le rapport HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:04:32, on 29/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\oopmagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe M:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [CloneCDTray] "M:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 9769 bytes

merci de m'avoir prévenu, je ne touche à rien au démarrage ce soir, j'ai eu 2 écrans bleus et des plantages firefox à gogo mais depuis le scan combo-fix plus rien je vous tiens au courant s'il y a du nouveau

bonjour, voici un rapport de plus ComboFix 09-01-24.01 - mickael 2009-01-28 18:24:34.10 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.404 [GMT 1:00] Lancé depuis: c:\documents and settings\mickael\Bureau\Combo-Fix.exe Commutateurs utilisés :: c:\documents and settings\mickael\Bureau\CFScript.txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-28 au 2009-01-28 )))))))))))))))))))))))))))))))))))) . 2009-01-28 18:10 . 2009-01-28 18:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar 2009-01-26 20:53 . 2009-01-27 20:48 <REP> d-------- C:\ToolBar SD 2009-01-18 09:06 . 2009-01-18 09:09 <REP> d-------- c:\program files\Windows Live 2009-01-18 08:58 . 2009-01-18 09:08 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller 2009-01-18 08:58 . 2009-01-18 09:06 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2009-01-06 09:17 . 2009-01-06 09:17 <REP> d-------- c:\documents and settings\NetworkService\Application Data\agi 2009-01-05 13:47 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-05 13:47 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-05 09:45 . 2009-01-05 09:45 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi 2009-01-05 09:44 . 2009-01-05 09:44 <REP> d-------- c:\program files\AGI 2009-01-05 09:44 . 2009-01-05 09:46 <REP> d-------- c:\documents and settings\mickael\Application Data\agi 2009-01-05 09:44 . 2009-01-05 09:44 <REP> d-------- c:\documents and settings\All Users\Application Data\agi 2009-01-05 09:44 . 2009-01-05 09:44 2,117,632 --a------ c:\windows\system32\python25.dll 2009-01-05 09:44 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip 2009-01-05 09:44 . 2009-01-05 09:44 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-01-05 09:44 . 2009-01-05 09:44 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-01-05 09:16 . 2009-01-18 08:24 <REP> d-------- c:\documents and settings\mickael\Tracing 2009-01-05 09:15 . 2009-01-05 09:15 <REP> d-------- c:\program files\Microsoft Silverlight 2009-01-05 09:15 . 2009-01-05 09:15 <REP> d-------- c:\program files\Microsoft Office Outlook Connector 2009-01-05 09:14 . 2009-01-05 09:14 <REP> d-------- c:\program files\Microsoft Sync Framework 2009-01-05 09:14 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-01-05 09:13 . 2009-01-05 09:13 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-05 09:11 . 2009-01-05 09:15 <REP> d-------- c:\program files\Microsoft 2009-01-05 09:10 . 2009-01-05 09:10 <REP> d-------- c:\program files\Windows Live SkyDrive 2009-01-05 08:50 . 2009-01-05 08:50 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2008-12-29 12:29 . 2008-12-29 12:29 664 --a------ c:\windows\system32\d3d9caps.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-28 17:47 --------- d-----w c:\documents and settings\mickael\Application Data\DMCache 2009-01-26 19:43 --------- d-----w c:\program files\Trend Micro 2009-01-25 21:05 --------- d-----w c:\program files\Warcraft III 2009-01-24 10:52 --------- d-----w c:\program files\JkDefrag 2009-01-24 08:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-14 22:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-17 22:00 --------- d-----w c:\program files\Avira 2008-12-17 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2008-12-12 20:11 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom 2008-12-07 14:09 --------- d-----w c:\documents and settings\mickael\Application Data\TomTom 2008-12-07 14:08 --------- d-----w c:\program files\TomTom HOME 2 2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR 2008-12-02 22:18 --------- d-----w c:\program files\Common Files 2003-02-21 02:42 348,160 --sha-r c:\windows\system32\msvcr71.dll 2008-08-24 08:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082420080825\index.dat 2008-06-01 21:17 51,232 --sha-w c:\windows\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-27_20.14.51.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-28 17:47:08 16,384 ----atw c:\windows\temp\Perflib_Perfdata_440.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-07 2606512] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-07-17 364544] "CloneCDTray"="m:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-21 57344] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416] "Acrobat Assistant 8.0"="m:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "ooquickpdfv7"="c:\windows\system32\oopmagent.exe" [2007-12-28 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\mickael\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-01-05 143360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.i420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "m:\\Program Files\\emule0.47c-Xtreme5.4_2\\emule.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2007-03-31 19478] R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2007-03-13 50606] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2007-03-31 635017] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2007-03-31 431236] R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [1980-01-01 296179] R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1980-01-01 231983] R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-05 10240] R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-05 55136] R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6f1f2e4-c468-11dd-b635-0020edb810a3}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . Contenu du dossier 'Tâches planifiées' 2009-01-28 c:\windows\Tasks\GlaryInitialize.job - m:\program files\Glary Utilities\initialize.exe [2008-04-09 12:22] . . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mWindow Title = uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\documents and settings\mickael\Application Data\Mozilla\Firefox\Profiles\9hh65mjb.default\ FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q= FF - component: c:\documents and settings\mickael\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-28 18:48:27 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe m:\program files\Glary Utilities\Integrator.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\documents and settings\mickael\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Heure de fin: 2009-01-28 18:51:13 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-28 17:51:06 ComboFix2.txt 2009-01-27 19:16:08 Avant-CF: 16 482 349 056 octets libres Après-CF: 16,471,040,000 octets libres 194 --- E O F --- 2009-01-27 22:02:25

de toute façon, il est temps pour moi d'aller coucher alors on verra demain bonne soirée/nuit

voici le rapport MBAM Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1699 Windows 5.1.2600 Service Pack 3 27/01/2009 22:18:26 mbam-log-2009-01-27 (22-18-26).txt Type de recherche: Examen complet (C:\|M:\|) Eléments examinés: 190523 Temps écoulé: 52 minute(s), 32 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

voici le rapport après suppression -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.00GHz ) BIOS : Default System BIOS USER : mickael ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go) D:\ (CD or DVD) E:\ (CD or DVD) M:\ (Local Disk) - NTFS - Total:160 Go (Free:35 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 27/01/2009|20:44 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_ie.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\logger.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIE.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\allow.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\block.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\dontsend.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarstextrollover.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX16.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX48.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\send.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_emoticons.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eyeglass.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_gear.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_images.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_kiwee.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_msnlogo.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_news.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_text.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_videos.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_webshots.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_winks.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\X.bmp -----------\\ Extensions (mickael) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}" "Start Page"="http://fr.msn.com/" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=44406" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] 1 - "C:\ToolBar SD\TB_1.txt" - 26/01/2009|20:54 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 26/01/2009|21:18 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 27/01/2009|20:45 - Option : [1] -----------\\ Fin du rapport a 20:45:40,25 et un rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:49:22, on 27/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe M:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\AGI\common\win32\PythonService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Java\jre6\bin\jqs.exe M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\oopmagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UltraVNC\WinVNC.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [CloneCDTray] "M:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 9779 bytes

voici mon rapport toolbar sd -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.00GHz ) BIOS : Default System BIOS USER : mickael ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go) D:\ (CD or DVD) E:\ (CD or DVD) M:\ (Local Disk) - NTFS - Total:160 Go (Free:35 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 27/01/2009|20:44 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_ie.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\logger.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIE.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\allow.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\block.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\dontsend.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarstextrollover.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX16.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX48.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\send.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_emoticons.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eyeglass.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_gear.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_images.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_kiwee.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_msnlogo.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_news.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_text.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_videos.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_webshots.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_winks.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\X.bmp -----------\\ Extensions (mickael) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}" "Start Page"="http://fr.msn.com/" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=44406" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] 1 - "C:\ToolBar SD\TB_1.txt" - 26/01/2009|20:54 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 26/01/2009|21:18 - Option : [2] 3 - "C:\ToolBar SD\TB_3.txt" - 27/01/2009|20:45 - Option : [1] -----------\\ Fin du rapport a 20:45:40,25

j'ai téléchargé le lien d'oGu et utilisé combo-fix en mode normal voici le rapport: ComboFix 09-01-24.01 - mickael 2009-01-27 20:08:48.9 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.767.438 [GMT 1:00] Lancé depuis: c:\documents and settings\mickael\Bureau\Combo-Fix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-27 au 2009-01-27 )))))))))))))))))))))))))))))))))))) . 2009-01-26 21:43 . 2009-01-26 21:43 <REP> d-------- c:\documents and settings\All Users\Application Data\Kiwee Toolbar 2009-01-26 20:53 . 2009-01-26 21:18 <REP> d-------- C:\ToolBar SD 2009-01-18 09:06 . 2009-01-18 09:09 <REP> d-------- c:\program files\Windows Live 2009-01-18 08:58 . 2009-01-18 09:08 <REP> d--hsc--- c:\program files\Fichiers communs\WindowsLiveInstaller 2009-01-18 08:58 . 2009-01-18 09:06 <REP> d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2009-01-06 09:17 . 2009-01-06 09:17 <REP> d-------- c:\documents and settings\NetworkService\Application Data\agi 2009-01-05 13:47 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-05 13:47 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-05 09:45 . 2009-01-05 09:45 <REP> d-------- c:\documents and settings\LocalService\Application Data\agi 2009-01-05 09:44 . 2009-01-05 09:44 <REP> d-------- c:\program files\AGI 2009-01-05 09:44 . 2009-01-05 09:46 <REP> d-------- c:\documents and settings\mickael\Application Data\agi 2009-01-05 09:44 . 2009-01-05 09:44 <REP> d-------- c:\documents and settings\All Users\Application Data\agi 2009-01-05 09:44 . 2009-01-05 09:44 2,117,632 --a------ c:\windows\system32\python25.dll 2009-01-05 09:44 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\system32\pythondll.zip 2009-01-05 09:44 . 2009-01-05 09:44 339,968 --a------ c:\windows\system32\pythoncom25.dll 2009-01-05 09:44 . 2009-01-05 09:44 114,688 --a------ c:\windows\system32\pywintypes25.dll 2009-01-05 09:16 . 2009-01-18 08:24 <REP> d-------- c:\documents and settings\mickael\Tracing 2009-01-05 09:15 . 2009-01-05 09:15 <REP> d-------- c:\program files\Microsoft Silverlight 2009-01-05 09:15 . 2009-01-05 09:15 <REP> d-------- c:\program files\Microsoft Office Outlook Connector 2009-01-05 09:14 . 2009-01-05 09:14 <REP> d-------- c:\program files\Microsoft Sync Framework 2009-01-05 09:14 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys 2009-01-05 09:13 . 2009-01-05 09:13 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition 2009-01-05 09:11 . 2009-01-05 09:15 <REP> d-------- c:\program files\Microsoft 2009-01-05 09:10 . 2009-01-05 09:10 <REP> d-------- c:\program files\Windows Live SkyDrive 2009-01-05 08:50 . 2009-01-05 08:50 <REP> d-------- c:\program files\Fichiers communs\Windows Live 2008-12-29 12:29 . 2008-12-29 12:29 664 --a------ c:\windows\system32\d3d9caps.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-27 19:13 --------- d-----w c:\documents and settings\mickael\Application Data\DMCache 2009-01-26 19:43 --------- d-----w c:\program files\Trend Micro 2009-01-25 21:05 --------- d-----w c:\program files\Warcraft III 2009-01-24 10:52 --------- d-----w c:\program files\JkDefrag 2009-01-24 08:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-14 22:28 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-14 15:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-14 15:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-17 22:00 --------- d-----w c:\program files\Avira 2008-12-17 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\Avira 2008-12-12 20:12 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-12-12 20:11 --------- d-----w c:\program files\Java 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 19:00 --------- d-----w c:\documents and settings\All Users\Application Data\TomTom 2008-12-07 14:09 --------- d-----w c:\documents and settings\mickael\Application Data\TomTom 2008-12-07 14:08 --------- d-----w c:\program files\TomTom HOME 2 2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR 2008-12-02 22:18 --------- d-----w c:\program files\Common Files 2003-02-21 02:42 348,160 --sha-r c:\windows\system32\msvcr71.dll 2008-08-24 08:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008082420080825\index.dat 2008-06-01 21:17 51,232 --sha-w c:\windows\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-11-27 234856] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-11-07 2606512] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2006-07-17 364544] "CloneCDTray"="m:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-21 57344] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 188416] "Acrobat Assistant 8.0"="m:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "ooquickpdfv7"="c:\windows\system32\oopmagent.exe" [2007-12-28 90112] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Config"="c:\windows\system32\run.cmd" [2006-02-14 248] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544] c:\documents and settings\mickael\Menu D‚marrer\Programmes\D‚marrage\ Outil de notification Live Search.lnk - c:\documents and settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-01-05 143360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "vidc.i420"= i420vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "m:\\Program Files\\emule0.47c-Xtreme5.4_2\\emule.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2007-03-31 19478] R1 DCDisk;DCDisk;c:\windows\system32\drivers\DCDisk.sys [2007-03-13 50606] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2007-03-31 635017] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2007-03-31 431236] R3 STAC97NA;SigmaTel 3D Environmental Audio;c:\windows\system32\drivers\stac97na.sys [1980-01-01 296179] R3 STAC97NH;STAC97NH;c:\windows\system32\drivers\stac97nh.sys [1980-01-01 231983] R4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2009-01-05 10240] R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-01-05 55136] R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6f1f2e4-c468-11dd-b635-0020edb810a3}] \Shell\AutoRun\command - F:\InstallTomTomHOME.exe . Contenu du dossier 'Tâches planifiées' 2009-01-27 c:\windows\Tasks\GlaryInitialize.job - m:\program files\Glary Utilities\initialize.exe [2008-04-09 12:22] . - - - - ORPHELINS SUPPRIMES - - - - WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - c:\program files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll SafeBoot-sglfb.sys SafeBoot-tga.sys SafeBoot-wd.sys SafeBoot-sacsvr . ------- Examen supplémentaire ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mWindow Title = uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\documents and settings\mickael\Application Data\Mozilla\Firefox\Profiles\9hh65mjb.default\ FF - prefs.js: browser.search.selectedEngine - Search the Web FF - prefs.js: browser.startup.homepage - www.google.fr FF - prefs.js: keyword.URL - hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01bf93043ede&q= FF - component: c:\documents and settings\mickael\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-27 20:13:16 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0e436da6-c14b-4b81-aea4-618f1c1335a8}] @Denied: (Full) (Everyone) "Model"=dword:0000000a "Therad"=dword:0000000a "MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a, 4b,7b,ad,04,7a,b1,b5,76,9b,27,47,ad,91,56,c8,52,62,22,f2,49,f5,68,62,d0,c2,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3e4e00c6-9382-48d6-b1ad-81c13f05e0f8}] @Denied: (Full) (Everyone) "Model"=dword:00000087 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,40,02,13,ad,75,b8,fc,03,ad,37,b7,4f,7b,18,f7,51,98,ae,29,b0,ce,15,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):15,54,9f,84,5e,5f,98,63,91,5a,c0,06,b2,d1,8d,27,d7,e4,e9,ab,1d, c3,18,e2,f4,8d,61,20,99,b1,1f,44,cf,1d,fc,85,71,a6,7b,c9,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):2b,e9,7e,2c,05,3f,6f,17,d3,f8,bb,e5,78,1b,67,6e,fc,d4,a4,af,7e, 12,9f,31,bc,d8,1c,ff,a9,23,c3,56,1e,93,59,f0,da,b2,2d,76,00,00,00,00,00,00,\ . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe m:\program files\Glary Utilities\Integrator.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\documents and settings\mickael\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe c:\program files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Heure de fin: 2009-01-27 20:16:06 - La machine a redémarré [mickael] ComboFix-quarantined-files.txt 2009-01-27 19:15:58 Avant-CF: 16,205,824,000 octets libres Après-CF: 16,196,005,888 octets libres 218 --- E O F --- 2009-01-26 21:33:49

le lien renommé n'est plus valide

je crois que c'est ça: ComboFix 08-06-29.3 - mickael 2008-06-29 22:41:20.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.482 [GMT 2:00] Endroit: C:\Documents and Settings\mickael\Bureau\Combo-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-28 to 2008-06-29 )))))))))))))))))))))))))))))))))))) . 2008-06-18 21:39 . 2008-06-18 21:39 <REP> d-------- C:\Program Files\CCleaner 2008-06-17 23:15 . 2006-12-15 03:09 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl 2008-06-16 22:41 . 2008-06-16 22:41 <REP> d-------- C:\Program Files\xp-AntiSpy 2008-06-15 18:31 . 2008-06-17 17:24 <REP> d-------- C:\Program Files\JkDefrag 2008-06-15 18:31 . 2007-09-25 17:34 241,664 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-06-15 18:31 . 2007-09-25 17:34 106,496 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-06-15 17:04 . 2008-06-15 17:04 <REP> d-------- C:\Program Files\hpHosts 2008-06-11 09:43 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 09:43 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-03 21:41 . 2008-06-03 21:41 <REP> drahs---- C:\MS32DLL.dll.vbs 2008-06-03 21:41 . 2008-06-03 21:41 <REP> drahs---- C:\found.000 2008-06-03 21:41 . 2008-06-03 21:41 <REP> drahs---- C:\desktop.ini 2008-06-03 21:41 . 2008-06-03 21:41 <REP> drahs---- C:\comment.htt 2008-06-03 21:41 . 2008-06-03 21:41 <REP> drahs---- C:\adober.exe 2008-06-03 21:40 . 2008-06-03 21:40 <REP> drahs---- C:\winfile.exe 2008-06-03 21:40 . 2008-06-03 21:40 <REP> drahs---- C:\msvcr71.dll 2008-06-03 21:40 . 2008-06-03 21:40 <REP> drahs---- C:\host.exe 2008-06-03 21:40 . 2008-06-03 21:40 <REP> drahs---- C:\copy.exe 2008-06-03 21:38 . 2008-06-03 21:38 <REP> drahs---- C:\ravmon.exe 2008-06-03 21:38 . 2008-06-16 21:03 <REP> d--h----- C:\bdtmp 2008-06-03 21:37 . 2008-06-03 21:37 54,726 --a------ C:\VaccinUSB.exe 2008-06-02 18:06 . 2008-02-26 14:00 294,912 -----c--- C:\WINDOWS\system32\dllcache\msctf.dll 2008-06-01 20:53 . 2008-06-01 23:17 51,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-06-01 20:53 . 2008-06-01 23:17 1,676 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-06-01 19:18 . 2008-06-01 19:18 <REP> d-------- C:\Documents and Settings\mickael\Application Data\Malwarebytes 2008-06-01 19:17 . 2008-06-21 17:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-01 19:17 . 2008-06-01 19:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-01 19:17 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-01 19:17 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-01 17:30 . 2008-06-01 17:31 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-06-01 17:24 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-06-01 17:24 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-06-01 17:24 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-06-01 17:24 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-06-01 17:24 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-06-01 17:24 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-06-01 17:24 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-01 17:23 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-06-01 17:23 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-05-31 11:28 . 2008-05-31 11:28 <REP> d-------- C:\Program Files\Trend Micro 2008-05-30 19:41 . 2008-06-27 22:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-28 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-28 17:27 --------- d-----w C:\Program Files\MSN Messenger 2008-05-26 21:11 --------- d-----w C:\Program Files\AVG 2008-05-26 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg8 2008-05-25 12:28 --------- d-----w C:\Program Files\ESET 2008-05-25 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-05-25 11:00 --------- d-----w C:\Program Files\Yahoo! 2008-05-25 10:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-05-08 20:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-03 20:33 --------- d-----w C:\Program Files\Xilisoft 2008-05-03 20:33 --------- d-----w C:\Program Files\QuickTime 2003-02-21 02:42 348,160 --sha-r C:\WINDOWS\system32\msvcr71.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-29_22.35.04.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-29 20:33:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-29 20:43:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2006-07-17 16:44 364544] "CloneCDTray"="M:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-10-22 00:41 57344] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-10 02:24 188416] "Acrobat Assistant 8.0"="M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248] "SunJavaUpdateSched"="M:\Program Files\bin\jusched.exe" [2006-12-15 03:23 75520] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoStrCmpLogical"= 0 (0x0) "NoInstrumentation"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "DisablePagingExecutive"=dword:00000001 "SecondLevelDataCache"=dword:00000200 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "M:\\Program Files\\emule0.47c-Xtreme5.4_2\\emule.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server R0 sonypvl2;sonypvl2;C:\WINDOWS\system32\drivers\sonypvl2.sys [2003-07-25 15:02] R1 DCDisk;DCDisk;C:\WINDOWS\system32\drivers\DCDisk.sys [2007-03-13 20:35] R1 sonypvf2;sonypvf2;C:\WINDOWS\system32\drivers\sonypvf2.sys [2004-04-08 11:04] R1 sonypvt2;sonypvt2;C:\WINDOWS\system32\drivers\sonypvt2.sys [2003-08-20 10:44] R3 STAC97NA;SigmaTel 3D Environmental Audio;C:\WINDOWS\system32\drivers\stac97na.sys [2002-09-20 19:42] R3 STAC97NH;STAC97NH;C:\WINDOWS\system32\drivers\stac97nh.sys [2002-09-20 19:43] . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-29 20:44:01 C:\WINDOWS\Tasks\GlaryInitialize.job" - M:\Program Files\Glary Utilities\initialize.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-29 22:44:17 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\Program Files\Fichiers communs\Adobe\Adobe PCD\cache\cache.db-journal 3608 bytes Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe M:\Program Files\Glary Utilities\Integrator.exe C:\WINDOWS\system32\oopmagent.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-29 22:46:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-29 20:46:02 ComboFix2.txt 2008-06-29 20:35:46 Pre-Run: 17,647,517,696 octets libres Post-Run: 17,635,766,272 octets libres 176 --- E O F --- 2008-06-20 22:29:53

bonjour oGu, on va en revenir à la même discution mais je ne me rappelle pas avoir installé quoi que ce soit (en même temps la mémoire c'est pas mon fort) mais bon ce que j'ai choppé n'est surement pas arrivé tout seul !!! pour revenir à combofix, mon PC a redémarré en mode normal a la demande du logiciel mais c'est figé quand il était écrit création du rapport là je suis en mode normal et le parapluie d'antivir est fermé

je vais réessayer en mode normal

j'ai bien fait l'option 2 par contre quand je double clique sur l'icone de combofix, une fenêtre m'indique en anglais qu'il me manque des composants pourtant j'ai pris le bon lien et téléchargé sur mon bureau il me reste un "icone" combofix dans la barre de tache que je n'arrive pas à fermer

le problème c'est que je ne sais plus où ils sont on peut savoir quel est le plus récent? car je n'ai rien installé depuis longtemps

voici le rapport (j'aime pas les dernières lignes) -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.00GHz ) BIOS : Default System BIOS USER : mickael ( Administrator ) BOOT : Fail-safe with network boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:29 Go (Free:15 Go) D:\ (CD or DVD) E:\ (CD or DVD) M:\ (Local Disk) - NTFS - Total:160 Go (Free:23 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 26/01/2009|20:53 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_ie.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\content_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\logger.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIE.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_a.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_m.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\config\toolbarIM_y.xml C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\allow.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\block.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\dontsend.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbardropdownmenu.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsHelprolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_bg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm1rolloverbase_dp.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarsm2rolloverbase.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\im_toolbarstextrollover.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX16.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\kiwee_iconX48.ico C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\send.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eg.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_emoticons.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_eyeglass.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_gear.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_images.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_kiwee.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_msnlogo.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_news.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_text.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_videos.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_webshots.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\toolbar_winks.bmp C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kiwee Toolbar\images\X.bmp C:\Program Files\Kiwee Toolbar C:\Program Files\Kiwee Toolbar\2.8.167 C:\Program Files\Kiwee Toolbar\2.8.167\AGTBCore.dll C:\Program Files\Kiwee Toolbar\2.8.167\AolIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\firefox C:\Program Files\Kiwee Toolbar\2.8.167\FlashCOM.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeCommonCtrls.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeContentHost.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.dll C:\Program Files\Kiwee Toolbar\2.8.167\KiweeTBCore.tlb C:\Program Files\Kiwee Toolbar\2.8.167\kiweetoolbar.zip C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe C:\Program Files\Kiwee Toolbar\2.8.167\mfc80u.dll C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.CRT.manifest C:\Program Files\Kiwee Toolbar\2.8.167\Microsoft.VC80.MFC.manifest C:\Program Files\Kiwee Toolbar\2.8.167\msimg32.dll C:\Program Files\Kiwee Toolbar\2.8.167\MsnIMToolbar.dll C:\Program Files\Kiwee Toolbar\2.8.167\msvcp80.dll C:\Program Files\Kiwee Toolbar\2.8.167\msvcr80.dll C:\Program Files\Kiwee Toolbar\2.8.167\RemoteLib.dll C:\Program Files\Kiwee Toolbar\2.8.167\Riched20.dll C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome.manifest C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults C:\Program Files\Kiwee Toolbar\2.8.167\firefox\firefox.xpi C:\Program Files\Kiwee Toolbar\2.8.167\firefox\install.rdf C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF C:\Program Files\Kiwee Toolbar\2.8.167\firefox\chrome\kiweetoolbar.jar C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\AGCore.xpt C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\KiweeSearchHistory.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\components\SearchProtection.xpt C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences C:\Program Files\Kiwee Toolbar\2.8.167\firefox\defaults\preferences\defaults.js C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\manifest.mf C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.rsa C:\Program Files\Kiwee Toolbar\2.8.167\firefox\META-INF\zigbert.sf C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Kiwee Toolbar -----------\\ Extensions (mickael) - {3d7eb24f-2740-49df-8937-200b1cc08f8a} => flashblock -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}" "Start Page"="http://fr.msn.com/" "First Home Page"="http://go.microsoft.com/fwlink/?LinkId=54843" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=44406" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA] Rootkit Bagle ! .. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa] 1 - "C:\ToolBar SD\TB_1.txt" - 26/01/2009|20:54 - Option : [1] -----------\\ Fin du rapport a 20:54:34,32

ça me permet d'utiliser mon PC sans qu'il s'arrête à cause de l'écran bleu

oops je ne savais pas voici mon nouveau rapport Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:43:22, on 26/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [CloneCDTray] "M:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 9566 bytes

bonjour, voici mon rapport hijackthis quelqu'un peut y jeter un oeil s'il vous plait? désolé, je suis bref mais mon systeme est très instable Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:24:13, on 26/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Download Manager\IDMan.exe C:\DOCUME~1\mickael\LOCALS~1\Temp\Rar$EX26.734\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - M:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - M:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file) O3 - Toolbar: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar\2.8.167\KiweeIEToolbar.dll O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [CloneCDTray] "M:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "M:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [ooquickpdfv7] "C:\WINDOWS\system32\oopmagent.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KiweeHook] "C:\Program Files\Kiwee Toolbar\2.8.167\kwtbaim.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\mickael\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_...geUploader4.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...OCX/flashax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 9527 bytes

c'est si simple que ça merci pour ta réponse