A NOUVEAU DES PROBLEME DE VIRUS CHEVAL DE TROY

Bonjour,

JE SUIS A NOUVEAU EMBETE A CAUSE DE VIRUS OU CHEVAL DE TROY J AI FAIS UN SCAN AVEC ANTIVIR ET VOILA CE QUI EN SORT DIT MOI CE QUE TU PEUX FAIRE MERCI


[AntiVir PersonalEdition Classic
Report file date: lundi, 24. décembre 2007 10:50

Scanning for 985864 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-3704C32DB7A

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:53:05
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 12:53:05
ANTIVIR3.VDF : 7.0.1.142 194048 Bytes 22/12/2007 12:51:01
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 20/12/2007 12:51:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 20/12/2007 12:51:56
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi, 24. décembre 2007 10:50

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'imapi.exe' - '1' Module(s) have been scanned
Scan process 'Shareaza.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WinButler.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '18' files ).


Starting the file scan:

Begin scan in 'C:\' <439760>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\alexandre\Application Data\Microsoft\Windows\dahgjrf.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjg.1
[INFO] The file was moved to '47d78170.qua'!
C:\Documents and Settings\alexandre\Local Settings\Temp\WinBrec.VIR
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjg.1
[INFO] The file was moved to '47dd81e8.qua'!
C:\System Volume Information\_restore{B2B7DEDB-6830-47C2-BB13-F1B397484110}\RP581\A0146177.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.fjg.1
[INFO] The file was moved to '47a0863b.qua'!
Begin scan in 'D:\' <000000>


End of the scan: lundi, 24. décembre 2007 11:31
Used time: 41:16 min

The scan has been done completely.

5865 Scanning directories
320980 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
320977 Files not concerned
7544 Archives were scanned
4 Warnings
10 Notes

[spoiler]


Ajout du 24-12-2007 à 16:48:

LE PC RALENTI ET M A DIT QU IL Y AVAIT DANS C.\SYSTEME VOLUME INFORMATION\...\A0146177.EXE


Ajout du 24-12-2007 à 16:50:

S EST UN TR\DLDR.AGENT.FJG.1 SI CA PEUT T AIDER


Ajout du 24-12-2007 à 17:01:

J AI FAIS UN SCAN AVEC HIJACK ET VOILA CE QUI EN SORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:48, on 24.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\alexandre\Application Data\WinButler\WinButler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\utilitaires\TESTE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\alexandre\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\alexandre\Application Data\Microsoft\Windows\dahgjrf.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - http://driveragent.com/files/driveragent.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 4892 bytes



Ajout du 24-12-2007 à 17:12:

j ai aussi fais un combofix voila le resultat
ComboFix 07-12-21.4 - alexandre 2007-12-24 17:04:15.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.531 [GMT 1:00]
Running from: D:\utilitaires\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\alexandre\Favoris\Online Security Guide.lnk
C:\Documents and Settings\alexandre\ResErrors.log
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\carine\Bureau\Live Safety Center.lnk
C:\Documents and Settings\carine\Bureau\Online Security Guide.lnk
C:\Documents and Settings\carine\Favoris\Online Security Guide.lnk
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))))))))
.

2007-12-23 15:08 . 2007-12-24 10:03 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-23 12:39 . 2007-12-23 12:39 <REP> d-------- C:\Program Files\MSECache
2007-12-19 23:06 . 2007-12-19 23:06 <REP> d-------- C:\Program Files\Panicware
2007-12-19 22:30 . 2007-12-19 22:30 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-19 22:26 . 2007-12-19 22:33 <REP> d-------- C:\Program Files\Windows Live
2007-12-19 22:26 . 2007-12-19 22:28 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-19 22:25 . 2007-12-19 22:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-19 09:02 . 2007-12-19 09:02 <REP> d-------- C:\WINDOWS\system32\IOSUBSYS
2007-12-19 09:02 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-19 09:02 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-18 23:04 . 2007-12-19 09:02 <REP> d-------- C:\Program Files\Picasa2
2007-12-17 17:03 . 2007-12-17 17:03 <REP> d-------- C:\Program Files\Common Files
2007-12-16 17:45 . 2007-12-16 17:32 3,377 --a------ C:\WINDOWS\msnchk.exe
2007-12-15 21:14 . 2007-12-19 22:31 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-15 18:18 . 2007-12-15 18:18 <REP> d-------- C:\Program Files\PDFCreator Toolbar
2007-12-15 18:18 . 2007-12-15 18:18 264,097 --a------ C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_6843.exe
2007-12-15 18:17 . 1998-06-24 01:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2007-12-15 18:17 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-12-15 18:17 . 1998-07-13 02:08 59,904 --a------ C:\WINDOWS\system32\MSCC2FR.DLL
2007-12-15 18:17 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-12-15 16:07 . 2007-12-15 16:07 <REP> d---s---- C:\Documents and Settings\carine\UserData
2007-12-15 14:11 . 2007-12-16 08:34 <REP> d-------- C:\Program Files\IncrediMail
2007-12-15 13:50 . 2007-12-15 13:50 <REP> d-------- C:\Program Files\Avira
2007-12-15 13:50 . 2007-12-15 13:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-15 13:39 . 2007-12-15 13:41 37 --a------ C:\WINDOWS\ù7ë

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-23 12:01 2,750 ----a-w C:\Documents and Settings\alexandre\Application Data\wklnhst.dat
2007-12-22 10:46 --------- d-----w C:\Documents and Settings\alexandre\Application Data\WinButler
2007-12-21 18:01 --------- d-----w C:\Program Files\Shareaza
2007-12-21 17:54 --------- d-----w C:\Documents and Settings\alexandre\Application Data\Shareaza
2007-12-20 20:41 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-19 18:19 --------- d-----w C:\Program Files\Ahead
2007-12-17 16:03 --------- d-----w C:\Program Files\Yahoo!
2007-12-16 18:17 --------- d-----w C:\Program Files\Navilog1
2007-12-15 17:18 --------- d-----w C:\Program Files\PDFCreator
2007-12-15 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 03:04 --------- d-----w C:\Program Files\Warcraft III
2007-12-07 22:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-22 15:11 --------- d-----w C:\Program Files\Shareaza Turbo Accelerator
2007-11-21 16:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-21 16:18 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
2007-11-21 15:44 --------- d-----w C:\Program Files\Trend Micro
2007-11-21 14:57 --------- d-----w C:\Documents and Settings\alexandre\Application Data\Dcads Advanced Toolbar
2007-11-20 17:36 --------- d-----w C:\Program Files\Eurobarre
2007-11-20 11:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-20 11:09 --------- d-----w C:\Documents and Settings\alexandre\Application Data\InterTrust
2007-11-19 17:22 --------- d-----w C:\Program Files\Google
2007-11-17 20:08 --------- d-----w C:\Program Files\Panda Software
2007-11-17 16:36 2,015 ---h--r C:\WINDOWS\system32\drivers\hosts
2007-11-17 16:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-17 13:45 --------- d-----w C:\Program Files\AxBx
2007-11-17 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 13:29 --------- d-----w C:\Documents and Settings\alexandre\Application Data\Grisoft
2007-11-17 10:08 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-11-16 18:27 --------- d-----w C:\Documents and Settings\alexandre\Application Data\LimeWire
2007-11-16 18:24 8,243 ----a-w C:\Documents and Settings\alexandre\x.dat
2007-11-16 18:24 365,574 ----a-w C:\Documents and Settings\alexandre\z.dat
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 09:53 --------- d-----w C:\Documents and Settings\carine\Application Data\LimeWire
2007-11-06 12:37 --------- d-----w C:\Program Files\eMule
2007-11-05 12:08 --------- d-----w C:\Program Files\Java
2007-11-04 20:34 --------- d-----w C:\Program Files\Sensual Poker 5000
2007-11-04 20:34 --------- d-----w C:\Program Files\AVS4YOU
2007-11-04 20:34 --------- d-----w C:\Documents and Settings\alexandre\Application Data\dvdcss
2007-11-04 20:33 --------- d-----w C:\Documents and Settings\alexandre\Application Data\Canon
2007-11-04 20:32 --------- d-----w C:\Program Files\BoontyGames
2007-11-04 20:31 --------- d-----w C:\Program Files\Retour à Actarius
2007-11-04 20:31 --------- d-----w C:\Program Files\Dungeon Master Java
2007-11-04 20:31 --------- d-----w C:\Program Files\Depths of Peril demo
2007-11-04 20:31 --------- d-----w C:\Program Files\BillP Studios
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-01-31 16:47 47,360 ----a-w C:\Documents and Settings\alexandre\Application Data\pcouffin.sys
2006-07-03 04:06 0 ----a-w C:\Documents and Settings\carine\Application Data\wklnhst.dat
2006-06-06 19:41 4,096 ----a-w C:\Documents and Settings\alexandre\log.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 12:23]
"WinButler"="C:\Documents and Settings\alexandre\Application Data\WinButler\WinButler.exe" [2007-11-29 21:00]
"SfKg6wIPu"="C:\Documents and Settings\alexandre\Application Data\Microsoft\Windows\dahgjrf.exe" []
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-15 13:53]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-06-20 08:12]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-05-02 10:00]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 17:09:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 17:10:09 - machine was rebooted
.
2007-12-22 10:47:20 --- E O F ---
[/spoiler]


[ Ce message a été modifié par : : GrosSabots le 24-12-2007 17:51 ]

Salut ,

Bah si sa vient de comme tu nous la dit , c'est un pount de restauration !! Donc fait ceci :

Clic-Droit sur Poste de Travail==> Propriétés==> Restauration du système==>Cocher : désactiver la restauration système sur tous les lecteurs ==>Appliquer==>OK
Note : cela supprime les points de restauration antérieurs et qui peuvent être infectés
-----------
Même manœuvre en décochant pour rétablir la restauration
------------
Puis Démarrer==> tous les programmes ==>Accessoires==>outils Système==> Restauration système
==> créer un nouveau point de restauration
=============


Voila A+

alors je l ai fais je te redis ca plus tard merci
a oui encore une chose tu connais comment avoir des jeu pour mon natel et comment les telecharger afin de les metres sur mon natel merci a plus

Re!!

Bahh heuresment que j'habite a la frontiere suisse !! quelle et le modele et la marque de ton mobile ?

++

Bonjour il faudrait refais un rapport hijackthis

des infection n'ont peut etre pas été nettoyé