Virus : Virtumonde apparemment...

S'il vous plait...

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".

Afin de lancer la recherche, clic sur"Rechercher".

Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

AIDE : Tuto en images sur MBAM

Bonjour, et merci !
J'ai oublié de cliquer sur Afficher les résultats...
Voilà le rapport :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1076
Windows 6.0.6001 Service Pack 1

22:19:20 21/08/2008
mbam-log-08-21-2008 (22-19-20).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 111711
Temps écoulé: 22 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{b3102264-d09d-4322-b625-503fbf18dd7e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcr4oj0e34e (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcr4oj0e34e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcv4oj0e34e (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\Titi\AppData\Roaming\rhcr4oj0e34e\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Windows\System32\phcv4oj0e34e.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

Et effectivement il a demandé de redémarrer j'ai fait ok mais mon pare feu l'a bloqué, je lui ai dit de l'activer mais je n'ai plus entendu parlé de lui...

S'il vous plait  

Reposte un rapport Hijackthis. Et sois patient.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:17, on 24/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\MES PROGRAMMES\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 5630 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.

Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

ComboFix 08-08-24.02 - Titi 2008-08-25 7:51:25.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1315 [GMT 2:00]
Endroit: C:\Users\Titi\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))))))))
.

2008-08-22 10:10 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-22 09:31 . 2008-08-22 09:31 <REP> d-------- C:\Users\Titi\AppData\Roaming\ItsLabel
2008-08-22 09:10 . 2008-08-22 09:10 <REP> d-------- C:\Users\All Users\WindowsSearch
2008-08-22 09:10 . 2008-08-22 09:10 <REP> d-------- C:\ProgramData\WindowsSearch
2008-08-21 23:01 . 2008-08-24 20:39 <REP> d-------- C:\Users\Titi\AppData\Roaming\EoRezo
2008-08-21 20:30 . 2008-08-21 20:30 <REP> d-------- C:\Users\Titi\AppData\Roaming\Malwarebytes
2008-08-21 20:29 . 2008-08-21 20:29 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-08-21 20:29 . 2008-08-21 20:29 <REP> d-------- C:\ProgramData\Malwarebytes
2008-08-21 20:29 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-21 20:29 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-20 09:10 . 2008-08-20 09:10 <REP> d----c--- C:\Program Files\Realtek AC97
2008-08-20 08:46 . 2008-08-20 08:46 <REP> d----c--- C:\Program Files\Intel
2008-08-20 08:46 . 2008-05-01 16:35 53,248 --a------ C:\Windows\System32\CSVer.dll
2008-08-20 08:45 . 2008-08-20 08:45 <REP> d----c--- C:\Intel
2008-08-19 18:33 . 2008-08-19 18:33 94,208 --a------ C:\Windows\System32\BE28.tmp
2008-08-15 16:18 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-15 16:13 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-15 16:13 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-15 16:12 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-15 16:12 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-15 16:11 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-11 21:31 . 2008-08-20 19:02 <REP> d-------- C:\Users\Titi\AppData\Roaming\Hamachi
2008-08-11 21:30 . 2008-08-11 21:30 25,280 --a------ C:\Windows\System32\drivers\hamachi.sys
2008-08-11 21:06 . 2008-08-11 21:06 <REP> d-------- C:\Users\Titi\AppData\Roaming\Auslogics
2008-08-11 20:55 . 2008-08-11 21:40 <REP> d----c--- C:\Program Files\NeoSmart Technologies
2008-08-11 20:54 . 2008-08-11 20:54 <REP> d-------- C:\Windows\TweakVI
2008-08-11 17:36 . 2008-08-24 20:38 <REP> d----c--- C:\Downloads
2008-08-10 17:44 . 2008-08-10 17:44 <REP> d-------- C:\Windows\System32\Adobe
2008-08-08 20:31 . 2006-09-12 12:46 227,328 -r-hs---- C:\Windows\System32\ac3DX.ax
2008-08-08 20:31 . 2008-03-16 14:30 216,064 -r-hs---- C:\Windows\System32\nbDX.dll
2008-08-08 20:31 . 2006-03-10 22:48 169,472 -r-hs---- C:\Windows\System32\MatroskaDX.ax
2008-08-08 20:31 . 2006-05-03 11:06 163,328 -r-hs---- C:\Windows\System32\flvDX.dll
2008-08-08 20:31 . 2005-11-25 21:46 161,792 -r-hs---- C:\Windows\System32\RealMediaDX.ax
2008-08-08 20:31 . 2006-01-13 00:23 123,904 -r-hs---- C:\Windows\System32\AVCDX.ax
2008-08-08 20:31 . 2003-11-21 00:00 54,784 -r-hs---- C:\Windows\System32\RLAPEDec.ax
2008-08-08 20:31 . 2004-04-27 00:00 37,888 -r-hs---- C:\Windows\System32\RLMPCDec.ax
2008-08-08 20:31 . 2007-02-21 12:47 31,232 -r-hs---- C:\Windows\System32\msfDX.dll
2008-08-08 19:45 . 2008-08-08 19:46 <REP> dr-h----- C:\Program Files\rnamfler
2008-08-08 10:15 . 2008-08-08 10:16 <REP> d-------- C:\Users\All Users\Adobe
2008-08-08 10:14 . 2008-08-08 10:15 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-08-07 11:45 . 2008-08-07 11:45 <REP> d-------- C:\Users\All Users\TEMP
2008-08-07 11:45 . 2008-08-07 11:45 <REP> d-------- C:\ProgramData\TEMP
2008-08-06 20:32 . 2008-03-12 22:21 678,408 --a------ C:\Windows\System32\gpprefcl.dll
2008-08-06 20:29 . 2008-08-19 17:01 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-08-05 16:10 . 2008-08-05 16:10 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-05 09:01 . 2008-05-10 05:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-08-05 09:01 . 2008-05-10 00:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-08-05 09:01 . 2008-05-10 00:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-08-04 20:57 . 2008-08-04 20:57 <REP> d-------- C:\Users\Titi\AppData\Roaming\teamspeak2
2008-08-04 20:57 . 2008-08-04 20:57 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-08-04 11:43 . 2008-08-25 07:54 <REP> d-------- C:\Windows\System32\drivers
2008-08-04 11:02 . <REP> C:\Windows\System32\??I;????
2008-08-04 09:22 . 2008-08-11 20:44 <REP> d----c--- C:\PerfLogs
2008-08-03 19:26 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-03 19:26 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-08-03 19:26 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-08-03 19:26 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-03 19:26 . 2008-01-19 09:35 2,643,456 --a------ C:\Windows\System32\NlsData000c.dll
2008-08-03 19:26 . 2008-01-19 09:35 1,965,056 --a------ C:\Windows\System32\NlsData0c1a.dll
2008-08-03 19:26 . 2008-01-19 09:35 1,965,056 --a------ C:\Windows\System32\NlsData081a.dll
2008-08-03 19:26 . 2008-01-19 09:35 1,965,056 --a------ C:\Windows\System32\NlsData0002.dll
2008-08-03 19:26 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 05:38 --------- d-----w C:\Program Files\LogMeIn
2008-08-20 12:52 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-20 07:10 319,488 ----a-w C:\Windows\HideWin.exe
2008-08-20 07:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 06:43 --------- d-----w C:\ProgramData\ma-config.com
2008-08-20 06:43 --------- d-----w C:\Program Files\ma-config.com
2008-08-15 14:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-15 14:15 --------- d-----w C:\Program Files\Windows Mail
2008-08-11 18:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-04 07:59 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-04 07:35 174 --sha-w C:\Program Files\desktop.ini
2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Journal
2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Defender
2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-04 07:24 --------- d-----w C:\Program Files\Windows Calendar
2008-08-04 07:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-04 07:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-17 16:36 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-06-17 16:35 988,216 ----a-w C:\Windows\System32\winload.exe
2008-06-17 16:35 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-06-17 16:35 615,992 ----a-w C:\Windows\System32\ci.dll
2008-06-17 16:35 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-06-17 16:35 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-06-17 16:35 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-06-17 16:35 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-06-17 16:35 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-06-17 16:35 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-06-17 16:30 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-06-17 16:28 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-06-17 16:22 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-06-17 16:20 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-17 16:20 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-06-17 16:20 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-17 16:20 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-17 16:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-17 16:20 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-06-17 16:15 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-28 10:33 83,288 ----a-w C:\Windows\System32\LMIRfsClientNP.dll
2008-05-28 10:33 24,608 ----a-w C:\Windows\System32\LMIport.dll
2008-05-28 10:32 87,352 ----a-w C:\Windows\System32\LMIinit.dll
2008-05-28 10:32 23,736 ----a-w C:\Windows\System32\lmimirr.dll
2008-05-28 10:32 10,040 ----a-w C:\Windows\System32\lmimirr2.dll
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\Windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

C:\Users\Titi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
OneNote Table Of Contents.onetoc2 [2008-08-05 13:22:15 3656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2F650E6D-4A7F-4148-BA56-53382CCB3095}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F8B1F7AB-F8F3-4C29-9F96-C4CFA425C165}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{538BA76C-653F-40EC-A31B-015FE510A85E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CE4E84B5-EC9C-4C99-B04D-50F7EB667054}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{166F418C-08A1-47B7-90E6-A0CDD97DDF47}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{646FB569-A344-4B29-90BE-3E800B6E6787}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4F205916-A67A-4A71-B333-62710397871B}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8BFE6C5C-7061-4203-8DB1-ABFCADA1E570}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4A45D589-46CC-4C35-B9DB-56C3C8B72815}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{06B4B988-3A49-4767-BB6E-3ACC3DFABBB2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6A82D74E-3C92-46C5-ACBA-41EC6C6E2288}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{2AC431DC-CB60-4E35-8B3F-341A0D2F9437}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{FC85B988-DAAA-4C6C-A9F1-5C05FF197168}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{1F848870-A569-42DB-BC07-6772777A1A1A}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{D6175555-E466-4EB7-B887-C924E2E0BA55}D:\\programmes\\cossacks - back to war\\dmcr.exe"= UDP :\programmes\cossacks - back to war\dmcr.exe mcr
"UDP Query User{CBF652DD-A192-40F9-BE08-46909EC2E075}D:\\programmes\\cossacks - back to war\\dmcr.exe"= TCP :\programmes\cossacks - back to war\dmcr.exe mcr
"TCP Query User{0DE4C93F-7A73-4E87-A5FC-E2DA960E1B31}C:\\program files\\postal2stp\\system\\postal2.exe"= UDP:C:\program files\postal2stp\system\postal2.exe ostal2
"UDP Query User{7B278C3B-A8E5-4A43-B482-5E476BD095D7}C:\\program files\\postal2stp\\system\\postal2.exe"= TCP:C:\program files\postal2stp\system\postal2.exe ostal2
"TCP Query User{5B580438-F097-4E4A-A1C6-D0D34F6F2C56}D:\\program files\\cossacks - back to war\\dmcr.exe"= UDP :\program files\cossacks - back to war\dmcr.exe mcr
"UDP Query User{5EB48241-5E6F-4636-8B3E-81A62EE81AC6}D:\\program files\\cossacks - back to war\\dmcr.exe"= TCP :\program files\cossacks - back to war\dmcr.exe mcr
"TCP Query User{0E16137C-3D36-4A08-AFCD-661729545BEE}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{D4BE2AE1-76CC-4759-8E3D-2C8B3A8FA33A}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{03B8F32A-4DE4-404F-8180-CEBBBABFCD4C}D:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= UDP :\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"UDP Query User{826C2253-DC19-43CB-ADC9-5DCA39B66215}D:\\program files\\gsc game world\\cossacks ii\\data\\engine.exe"= TCP :\program files\gsc game world\cossacks ii\data\engine.exe:Cossacks 2: Napoleonic Wars
"TCP Query User{A1090B17-1F62-45DF-998E-7D79C535E038}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F3620D73-30B5-41D3-8943-42A0456A57AD}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{DD231EC0-B9A6-47E1-93C1-618EA0CBA36F}"= UDP :\Program Files\GSC Game World\Cossacks II\Cossacks2.exe:Cossacks II
"{7296672D-1721-4E5C-A1C7-98D95A03D4CC}"= TCP :\Program Files\GSC Game World\Cossacks II\Cossacks2.exe:Cossacks II
"{7A375E82-B00B-4901-9598-D5CFB6423491}"= UDP :\Program Files\Hamachi\hamachi.exe:Hamachi
"{40D5080F-AF20-4970-AE6A-0F4B68A432D0}"= TCP :\Program Files\Hamachi\hamachi.exe:Hamachi
"TCP Query User{A7355058-0E86-493A-9140-D8B97A29C7ED}D:\\program files\\cossacks - back to war\\dmcr.exe"= UDP :\program files\cossacks - back to war\dmcr.exe mcr
"UDP Query User{21B7D01C-774F-4F1B-91DC-F985A6DB6399}D:\\program files\\cossacks - back to war\\dmcr.exe"= TCP :\program files\cossacks - back to war\dmcr.exe mcr
"{6753A723-E1DB-4389-9498-7EA54EAEAF1E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{CD332D3F-868B-4C29-98AD-2CC129E13AEA}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EC05753D-63DB-49E0-8AFA-1B1EB8D3C4C1}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{622C8BEB-76C6-4B82-8110-AE349EAF0BE1}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{1C50F353-BFC6-4F62-A92B-FA922058BF53}D:\\program files\\bitcomet\\bitcomet.exe"= UDP :\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{701449E3-555A-43E3-AE94-E6BC1EB6C294}D:\\program files\\bitcomet\\bitcomet.exe"= TCP :\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 20:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-24 C:\Windows\Tasks\User_Feed_Synchronization-{D32AD5B0-C9B7-442E-9F41-92ABAC3D5EB4}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Titi\AppData\Roaming\Mozilla\Firefox\Profiles\46l8o9yi.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://lo.st
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 07:55:51
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-25 7:58:41
ComboFix-quarantined-files.txt 2008-08-25 05:58:26

Pre-Run: 14,923,460,608 octets libres
Post-Run: 22,727,208,960 octets libres

236 --- E O F --- 2008-08-21 21:09:46



( Ps : Merci infiniment de vote aide, et cependant Avast et Spybot ne s'ouvre plus à l'ouverture de mon PC... Et donc je n'ai plus que le pare feu Windows qui est opérationnelle ! Cordialement !!!! )

On va remplacer Avast!.

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Je sais, mais Antivir ne passe pas sur mon Vista...

Comment ça ?

Ah, bah je ne comprends plus rien, j'ai essayé de le remettre pour vous montrer comment il ne passe pas mais je n'ai rien à vous montrer...
Ensuite ?

T'as fait le scan ?

Avira AntiVir Personal
Report file date: mardi 26 août 2008 18:14

Scanning for 1572484 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-TITI

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 06:35:20
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 06:35:28
ANTIVIR3.VDF : 7.0.6.69 51712 Bytes 26/08/2008 06:35:29
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 26/08/2008 06:35:47
AESCN.DLL : 8.1.0.23 119156 Bytes 26/08/2008 06:35:46
AERDL.DLL : 8.1.0.20 418165 Bytes 26/08/2008 06:35:45
AEPACK.DLL : 8.1.2.1 364917 Bytes 26/08/2008 06:35:43
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 26/08/2008 06:35:42
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 26/08/2008 06:35:41
AEHELP.DLL : 8.1.0.15 115063 Bytes 26/08/2008 06:35:39
AEGEN.DLL : 8.1.0.36 315764 Bytes 26/08/2008 06:35:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 26/08/2008 06:35:36
AECORE.DLL : 8.1.1.8 172406 Bytes 26/08/2008 06:35:33
AEBB.DLL : 8.1.0.1 53617 Bytes 26/08/2008 06:35:30
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.2 98344 Bytes 26/08/2008 06:35:30
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 26 août 2008 18:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'BitComet.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned
Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned
Scan process 'ramaint.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '2' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: mardi 26 août 2008 18:44
Used time: 29:55 min

The scan has been done completely.

13936 Scanning directories
170265 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
170265 Files not concerned
1557 Archives were scanned
2 Warnings
0 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:55, on 27/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\taskeng.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\MES PROGRAMMES\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 5250 bytes

Encore des soucis ?

Fond d'écran bleu et rame...

Tu peux faire un screen de ton bureau ?

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

Le fond bureau :





Et le rapport :

SmitFraudFix v2.339

Scan done at 20:25:17,85, 27/08/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Titi


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Titi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Titi\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, following keys are not inevitably infected!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Impossible de le changer maintenant ?

Si, c'est bon et je l'ai redémarrer et il s'est mis...
Merci beaucoup !!!
Vous pensez qu'il n'y a plus rien du tout d'infecté ??

Ouaip, c'est ok pour moi.

Eu, non...
J'ai mon fond qui a disparu, et j'ai eu un écran bleu Windows, j'ai du attendre qu'il reboot 3 ou 4 fois jusqu'à temps qu'il marche il rebooter tout le temps....

On peut regarder en profondeur si tu veux.

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.

Voilà, pour information toutes les cases étaient cochés :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-30 16:52:09
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 8A908314 ZwCreateThread
SSDT 8A908300 ZwOpenProcess
SSDT 8A908305 ZwOpenThread
SSDT 8A90830F ZwTerminateProcess
SSDT 8A90830A ZwWriteVirtualMemory

INT 0x52 ? 857E3BF8
INT 0x72 ? 857E3BF8
INT 0x92 ? 849D4BF8
INT 0xA2 ? 849D4BF8
INT 0xB3 ? 857E3BF8

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!KeInsertQueue + 411 81C759C8 4 Bytes [ 14, 83, 90, 8A ]
.text ntoskrnl.exe!KeInsertQueue + 5E1 81C75B98 4 Bytes [ 00, 83, 90, 8A ]
.text ntoskrnl.exe!KeInsertQueue + 5FD 81C75BB4 4 Bytes [ 05, 83, 90, 8A ]
.text ntoskrnl.exe!KeInsertQueue + 811 81C75DC8 4 Bytes [ 0F, 83, 90, 8A ]
.text ntoskrnl.exe!KeInsertQueue + 871 81C75E28 4 Bytes [ 0A, 83, 90, 8A ]
? System32\Drivers\spcn.sys Le fichier spécifié est introuvable. !
.text USBPORT.SYS!DllUnload 8BC3046F 5 Bytes JMP 857E31D8

---- User code sections - GMER 1.0.14 ----

.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtOpenProcess 76F58868 5 Bytes JMP 002F0010
.text C:\Windows\system32\lsm.exe[640] ntdll.dll!NtTerminateProcess 76F59128 5 Bytes JMP 00380010

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 849D32D8
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoDetachDevice] [87A63C4C] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [87A63CA0] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [87A336D2] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [87A33040] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [87A337FC] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [87A330BE] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [87A3313C] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\drivers\ataport.SYS[ntoskrnl.exe!DbgBreakPoint] 849D42D8
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 857E32D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [87A43048] \SystemRoot\System32\Drivers\spcn.sys
IAT \SystemRoot\system32\DRIVERS\storport.sys[ntoskrnl.exe!DbgBreakPoint] 857142D8

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 849D91F8
Device \Driver\volmgr \Device\VolMgrControl 849D61F8
Device \Driver\usbuhci \Device\USBPDO-0 856841F8
Device \Driver\usbuhci \Device\USBPDO-1 856841F8
Device \Driver\usbuhci \Device\USBPDO-2 856841F8
Device \Driver\usbehci \Device\USBPDO-3 8567D1F8
Device \Driver\volmgr \Device\HarddiskVolume1 849D61F8
Device \Driver\volmgr \Device\HarddiskVolume2 849D61F8
Device \Driver\cdrom \Device\CdRom0 856901F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 849D81F8
Device \Driver\atapi \Device\Ide\IdePort0 849D81F8
Device \Driver\atapi \Device\Ide\IdePort1 849D81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 849D81F8
Device \Driver\netbt \Device\NetBT_Tcpip_{86352F6B-5036-44FE-A872-6B93C2773082} 85E9E500
Device \Driver\netbt \Device\NetBt_Wins_Export 85E9E500
Device \Driver\Smb \Device\NetbiosSmb 85DD0500
Device \Driver\iScsiPrt \Device\RaidPort0 8568E500
Device \Driver\netbt \Device\NetBT_Tcpip_{986AC586-03BC-49B3-8843-E366D5BD3A65} 85E9E500
Device \Driver\usbuhci \Device\USBFDO-0 856841F8
Device \Driver\netbt \Device\NetBT_Tcpip_{5F2F8E3B-92BE-40B3-AD02-F9FFA3FDB227} 85E9E500
Device \Driver\usbuhci \Device\USBFDO-1 856841F8
Device \Driver\usbuhci \Device\USBFDO-2 856841F8
Device \Driver\usbehci \Device\USBFDO-3 8567D1F8
Device \FileSystem\cdfs \Cdfs 867D01F8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x31 0x12 0x08 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x31 0x12 0x08 ...

---- EOF - GMER 1.0.14 ----

Et une avec file et system :

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-30 17:05:50
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT 8A908314 ZwCreateThread
SSDT 8A908300 ZwOpenProcess
SSDT 8A908305 ZwOpenThread
SSDT 8A90830F ZwTerminateProcess
SSDT 8A90830A ZwWriteVirtualMemory

INT 0x52 ? 857E3BF8
INT 0x72 ? 857E3BF8
INT 0x92 ? 849D4BF8
INT 0xA2 ? 849D4BF8
INT 0xB3 ? 857E3BF8

---- EOF - GMER 1.0.14 ----

Je pense plus à un problème Hardware.

Ah, et donc je fais quoi moi... Lol
Sachez que mon problème viens d'un logiciel téléchargé sur le net que j'ai désinstaller de suite après !!

Bah tu devrais voir dans la section Hardware.

Et je dis quoi ?

Bah que tu as des BSoD.

D'accord...