01net    Web


Actuellement en ligne : 1258 Utilisateurs dont 132 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Malekal_morte, IL-MAFIOSO  
01net > Forum de 01net > Sécurité, virus et assimilés > Trojan et spywares
> Processus MSServer impossible a supprimer [RESOLU]
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
EternalFlame
  
   
      ?   @     Posté le 01/07/2008 23:00:42  
Voter pour ce message
Bonjour,

Je fais appel a vos services car me voila embarassée d'un petit probleme:
Sans aucune modifications de mon systeme,sans aucune alerte de Kaspersky j'ai un processus MSServer qui apparait accompagné d'un autre processus qui est 5a778983.
J'ai fait un scan Kaspersky:rien
J'ai fait un scan SpyBot et Ad-Aware et j'ai toujours "Virtumonde" et "Virtumonde.dll",de plus Spybot se lance au demarrage et mon systeme c'est drolement ralenti
Je tourne sous Vista 32
Dans l'attente d'une réponse,je me tiens a votre disposition pour tout autre renseignement
Cordialement
-->Message édité par EternalFlame le 20/07/2008 23:58:18<--
Laddy
  
   
      ?   @     Posté le 02/07/2008 08:00:22  
Voter pour ce message
Bonjour
nous allons regarder ensemble ton problème.

Deckard's System Scanner

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

1. ferme toutes les applications et fenêtres
2. fais un clic droit sur dss.exe choisis executer en tant qu'administrateur

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

3. s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
* tu devras cliquer 2 fois sur le OK des boîtes de dialogue
Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
* quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :
* tu n'auras pas de boîte de dialogue (pas de OK)
* quand le traitement est terminé, un fichier texte s'affiche :
main.txt <- ouvert en premier plan et en plein écran[
4. copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
5. copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
6. n'oublie pas de réactiver les protections si elles ont été stoppées.

Aide : http://bibou0007.com/outils-specifiques-f78/tutorial-deckard-s-system-scanner(...)

Poste les rapports de DSS (un rapport hijackthis est inclus dans les rapports DSS).

-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com
EternalFlame
  
   
      ?   @     Posté le 02/07/2008 10:20:51  
Voter pour ce message
Bonjour merci de me repondre voila le rapport main.txt de DSS:
Deckard's System Scanner v20071014.68
Run by Bibi on 2008-07-02 10:10:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-07-01 19:22:27 UTC - RP467 - Programme d’installation pour les modules Windows
3: 2008-07-01 17:23:19 UTC - RP466 - Windows Defender Checkpoint
2: 2008-07-01 17:18:56 UTC - RP464 - Installed Ad-Aware
1: 2008-07-01 16:32:58 UTC - RP463 - Last known good configuration


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Bibi.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:10:51, on 02/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.EXE
C:\Users\Bibi\Desktop\dss.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Bibi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {281BF17A-4C8C-40FB-8A4A-2E77604B7CD7} - C:\Windows\system32\cbXRHxXp.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {75F41C01-8243-4D1C-B6D5-F5360C1E258A} - C:\Windows\system32\d3dx10`33.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C05CD05D-5E13-406A-AC62-FF18F57455F7} - C:\Windows\system32\fccywVPF.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\Windows\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [5a778983] rundll32.exe "C:\Windows\system32\dffjhrqr.dll",b
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnkjIbc.dll,#1
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-(...)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B748EAC-C087-4B81-9782-6491B788C857}: NameServer = 80.10.246.1,80.10.246.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: okmdepgb - {408CC725-F1D2-414E-990E-4C3C09F58425} - (no file)
O21 - SSODL: axrfgvek - {CF4563B7-517A-4B6A-ADE3-10160661056F} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

--
End of file - 9449 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R1 SysTool (SysTool Overclocking Utility) - c:\windows\system32\drivers\systool.sys <Not Verified; ; Low-Level Driver>
R3 RivaTuner32 - \??\c:\program files\rivatuner v2.06\rivatuner32.sys

S3 ovt519 (Eye Toy) - c:\windows\system32\drivers\ov519vid.sys <Not Verified; OmniVision Technologies, Inc.; Dual Mode USB Camera 519>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 09:29:00 252 --a------ C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2008-07-01 14:47:22 416 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{2FAEE276-5FEC-4F8B-BC82-39582AE23929}.job


-- Files created between 2008-06-02 and 2008-07-02 -----------------------------

2008-07-01 22:43:44 28288 --a------ C:\Windows\system32\opnkjIbc.dll
2008-07-01 22:28:01 92032 --a------ C:\Windows\system32\dffjhrqr.dll
2008-07-01 22:27:01 960 --ahs---- C:\Windows\system32\pXxHRXbc.ini2
2008-07-01 21:18:29 0 d-------- C:\Windows\pss
2008-07-01 19:19:56 0 d-------- C:\Program Files\Lavasoft
2008-07-01 19:19:55 0 d-------- C:\Users\All Users\Lavasoft
2008-07-01 19:15:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-01 18:41:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-01 18:35:25 92032 -----n--- C:\Windows\system32\fywwimfx.dll
2008-07-01 17:31:51 872 --ahs---- C:\Windows\system32\FPVwyccf.ini2
2008-07-01 17:17:47 94208 --a------ C:\Windows\eolk.exe
2008-07-01 17:16:21 0 d-------- C:\Program Files\VirtualDJ
2008-07-01 17:11:01 0 d-------- C:\Program Files\BitComet Turbo Accelerator
2008-07-01 17:07:06 0 d-------- C:\Program Files\DNA
2008-07-01 17:07:06 0 d-------- C:\Program Files\BitTorrent
2008-06-28 15:04:25 0 d--h----- C:\Windows\msdownld.tmp
2008-06-28 14:44:44 2560 --a------ C:\Windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-28 04:45:33 0 d-------- C:\Program Files\Trend Micro
2008-06-27 17:27:09 0 d-------- C:\Program Files\BitComet
2008-06-27 04:23:03 14848 --a------ C:\Windows\system32\d3dx10`33.dll
2008-06-27 04:20:55 0 d-------- C:\Users\All Users\Ubisoft
2008-06-27 04:14:25 0 -rahs---- C:\MSDOS.SYS
2008-06-27 04:14:25 0 -rahs---- C:\IO.SYS
2008-06-25 19:52:38 0 d-------- C:\Program Files\Notepad++
2008-06-25 17:40:05 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-06-25 17:27:48 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-06-25 16:28:10 717296 --a------ C:\Windows\system32\drivers\sptd.sys
2008-06-22 15:32:38 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-10 00:04:35 0 d-------- C:\Windows\nvidia icons


-- Find3M Report ---------------------------------------------------------------

2008-07-01 23:07:56 669340 --a------ C:\Windows\system32\perfh00C.dat
2008-07-01 23:07:56 123350 --a------ C:\Windows\system32\perfc00C.dat
2008-07-01 20:21:30 0 d-------- C:\Program Files\City of Heroes
2008-07-01 19:15:06 0 d-------- C:\Program Files\Common Files
2008-07-01 17:09:18 0 d-------- C:\Users\Bibi\AppData\Roaming\BitTorrent
2008-06-30 16:40:17 0 d-------- C:\Program Files\Audacity
2008-06-30 16:38:11 0 d-------- C:\Users\Bibi\AppData\Roaming\LimeWire
2008-06-30 16:37:04 0 d-------- C:\Program Files\LimeWire
2008-06-28 15:07:27 0 d-------- C:\Program Files\Google
2008-06-28 04:38:42 0 d-------- C:\Users\Bibi\AppData\Roaming\Real
2008-06-28 04:38:42 0 d-------- C:\Program Files\Real
2008-06-28 04:38:42 0 d-------- C:\Program Files\Common Files\Real
2008-06-27 17:34:53 0 d-------- C:\Program Files\Electronic Arts
2008-06-27 17:30:05 0 d-------- C:\Users\Bibi\AppData\Roaming\Free Download Manager
2008-06-27 04:23:03 0 d-------- C:\Users\Bibi\AppData\Roaming\Ubisoft
2008-06-27 04:12:04 0 d-------- C:\Program Files\UbiSoft
2008-06-27 04:12:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-25 19:55:08 0 d-------- C:\Users\Bibi\AppData\Roaming\Notepad++
2008-06-25 17:42:02 0 dr-h----- C:\Users\Bibi\AppData\Roaming\SecuROM
2008-06-25 17:27:20 0 d-------- C:\Program Files\Lx_cats
2008-06-25 16:27:26 0 d-------- C:\Users\Bibi\AppData\Roaming\DAEMON Tools
2008-06-15 20:32:38 0 d-------- C:\Users\Bibi\AppData\Roaming\Skype
2008-05-05 23:46:38 0 d-------- C:\Program Files\Lavalys
2008-05-04 22:01:24 0 d-------- C:\Program Files\Plugins
2008-05-04 21:58:40 0 d-------- C:\Program Files\AnalogX
2008-04-27 15:52:10 12896 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-04-27 15:45:39 3107 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{281BF17A-4C8C-40FB-8A4A-2E77604B7CD7}]
C:\Windows\system32\cbXRHxXp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75F41C01-8243-4D1C-B6D5-F5360C1E258A}]
27/06/2008 04:23 14848 --a------ C:\Windows\system32\d3dx10`33.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C05CD05D-5E13-406A-AC62-FF18F57455F7}]
C:\Windows\system32\fccywVPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [10/05/2007 17:10 C:\Windows\RtHDVCpl.exe]
"LXCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [22/02/2007 05:20]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [06/03/2006 17:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 13:01]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [30/10/2007 20:05]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [03/05/2008 05:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [03/05/2008 05:46]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [19/05/2007 22:36]
"5a778983"="C:\Windows\system32\dffjhrqr.dll" [01/07/2008 22:28]
"MSServer"="C:\Windows\system32\opnkjIbc.dll" [01/07/2008 17:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 00:33]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 11:39]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"= C:\Windows\system32\opnkjIbc.dll [01/07/2008 17:25 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\Windows\system32\cbXRHxXp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bibi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitComet Turbo Accelerator.lnk]
path=C:\Users\Bibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitComet Turbo Accelerator.lnk
backup=C:\Windows\pss\BitComet Turbo Accelerator.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
"C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07548904-42cb-11dd-ac36-0019dbc6f648}]
AutoRun\command- J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91de22e9-43e6-11dd-801d-0019dbc6f648}]
AutoRun\command- K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4520d63-443d-11dd-801d-0019dbc6f648}]
AutoRun\command- L:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8756 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-02 10:12:17 ------------

Et enfin voici le extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Familiale Premium (build 6001) SP 1.0
Architecture: X86; Language: French

CPU 0: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 3325.45 MiB / 2232.81 MiB
Pagefile Memory (total/avail): 6866.89 MiB / 5797.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1896.5 MiB

C: is Fixed (NTFS) - 911.96 GiB total, 663.26 GiB free.
D: is Fixed (FAT32) - 19.55 GiB total, 15.45 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is CDROM (CDFS)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)
M: is Fixed (FAT32) - 298.02 GiB total, 122.8 GiB free.

\\.\PHYSICALDRIVE0 - RAID_Volume0 - 931.51 GiB - 2 partitions
\PARTITION0 - Étendu avec Inter. 13 étendue - 19.56 GiB - D:
\PARTITION1 (bootable) - Système de fichiers installable - 911.96 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE5 - WDC WD32 00AAJB-00TYA0 USB Device - 298.09 GiB - 1 partition
\PARTITION0 - Unknown - 298.09 GiB - M:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Kaspersky Internet Security v7.0.0.119 (Kaspersky Lab) Disabled
AV: Kaspersky Internet Security v7.0.0.119 (Kaspersky Lab) Disabled
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v7.0.0.119 (Kaspersky Lab) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Bibi\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC-DE-BIBI
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Bibi
LOCALAPPDATA=C:\Users\Bibi\AppData\Local
LOGONSERVER=\\PC-DE-BIBI
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Samsung\Samsung PC Studio 3\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Bibi\AppData\Local\Temp
TMP=C:\Users\Bibi\AppData\Local\Temp
USERDOMAIN=PC-de-Bibi
USERNAME=Bibi
USERPROFILE=C:\Users\Bibi
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Bibi [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Alexandra Ledermann 3 - Équitation Aventure --> C:\Windows\IsUn040c.exe -f"C:\Program Files\PAN vision\Alexandra Ledermann 3 - Équitation Aventure\Uninst.isu"
Alexandra Ledermann 5 --> C:\Program Files\UbiSoft\Lexis Numérique\Alexandra Ledermann 5\Desinst.exe
AnalogX Vocal Remover --> C:\Program Files\AnalogX\VocalRemover\vremu.exe
AnalogX Vocal Remover (WinAmp) --> C:\Program Files\Plugins\wavremu.exe
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Assassin's Creed --> C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
AtomixMP3 v2.3 Trial --> C:\PROGRA~1\ATOMIX~1\UNWISE.EXE C:\PROGRA~1\ATOMIX~1\INSTALL.LOG
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BitComet 1.02 --> C:\Program Files\BitComet\uninst.exe
BitComet Turbo Accelerator --> C:\Program Files\BitComet Turbo Accelerator\uninstall.exe
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
CamfrogWEB Advanced ActiveX Plugin (www.bobtv.fr) --> "C:\Program Files\CFWebAdvancedU_BOBTV.FR\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3 --> MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Crysis(R) --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Crysis(R) SP Demo --> MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
D-Link VGA Webcam --> C:\Windows\CleanDev.exe C:\Windows\ov519.TXT
dBpoweramp Monkeys Audio Codec --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Music Converter --> "C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EVEREST Corporate Edition v4.20 --> "C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
EVEREST Ultimate Edition v4.50 --> "C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Exteel --> C:\Program Files\InstallShield Installation Information\{CF12E77B-E986-434C-8905-A292A8BF901E}\setup.exe -runfromtemp -l0x0009 -removeonly
Extension de Windows Live Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Fable - The Lost Chapters --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Fantasy Wars Demo --> "C:\Program Files\Nobilis\Fantasy Wars Demo\unins000.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HeroStats --> C:\Program Files\HeroStats\Uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Intel(R) PRO Network Connections 12.1.12.0 --> MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Lexmark 2300 Series --> C:\Program Files\Lexmark 2300 Series\Install\x86\Uninst.exe
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech G-series Keyboard Software --> MsiExec.exe /X{5A080213-5AEC-4BF2-BB32-796EB0E421EC}
Logitech Motion Detector Gadget --> MsiExec.exe /X{8D5B8F9D-00F6-4F71-87E0-C43C043A018E}
Menus intelligents (Windows Live Toolbar) --> MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft Office Excel Viewer 2003 --> MsiExec.exe /I{9084040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB925672) --> MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Need for Speed™ ProStreet --> MsiExec.exe /X{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}
Nero 7 Essentials --> MsiExec.exe /X{81AB1374-098A-43CB-BE57-31CEB5EB1036}
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
PlayNC Launcher --> C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
RamBoost XP 4.0.6 --> "C:\Program Files\RamBoost XP\unins000.exe"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
RivaTuner v2.06 --> "C:\Program Files\RivaTuner v2.06\uninstall.exe"
Samsung Mobile phone USB driver Software --> C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
Samsung PC Studio 3 --> "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3 USB Driver Installer --> "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Eyetoy USB Webcam Drivers and Software --> "C:\Program Files\SEUCDaS\0.8\unins001.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareIsolator 1.0 --> "C:\Program Files\SpywareIsolator\unins000.exe"
Surligneur (Windows Live Toolbar) --> MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
SysTool Overclocking Utility --> "C:\Program Files\SysTool\Uninstall.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TweakVI --> "C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files\TweakVI\Uninstall\uninstall.xml"
VidiotMaps Map Overlay --> C:\Program Files\InstallShield Installation Information\{4DD84B63-015C-41EA-9E34-A46DAA8318F3}\setup.exe -runfromtemp -l0x0009
VidiotMaps Map Overlay --> C:\Program Files\InstallShield Installation Information\{BCB6B9C3-AEEE-4DE4-B954-F3FD5DD34C6F}\setup.exe -runfromtemp -l0x0009
VidiotMaps Map Overlay --> C:\Program Files\InstallShield Installation Information\{D3346FC1-8B88-4E80-8B95-B7908BBB37A9}\setup.exe -runfromtemp -l0x0009
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Windows Live Favorites pour Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Windows Live Toolbar --> MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type13388 / Error
Event Submitted/Written: 07/01/2008 11:17:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante Explorer.EXE, version 6.0.6001.18000, horodatage 0x47918e5d, module défaillant dffjhrqr.dll, version 0.0.0.0, horodatage 0x4847fdbe, code d’exception 0xc0000005, décalage d’erreur 0x00010d6b,
ID du processus 0xea8, heure de début de l’application 0xExplorer.EXE0.

Event Record #/Type13385 / Error
Event Submitted/Written: 07/01/2008 11:04:37 PM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante Explorer.EXE, version 6.0.6001.18000, horodatage 0x47918e5d, module défaillant adialhk.dll, version 7.0.0.119, horodatage 0x464f4286, code d’exception 0xc0000005, décalage d’erreur 0x0000ba8c,
ID du processus 0xccc, heure de début de l’application 0xExplorer.EXE0.

Event Record #/Type13382 / Success
Event Submitted/Written: 07/01/2008 10:50:59 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13372 / Success
Event Submitted/Written: 07/01/2008 10:42:39 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type13371 / Success
Event Submitted/Written: 07/01/2008 10:42:38 PM
Event ID/Source: 5615 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type57514 / Error
Event Submitted/Written: 07/01/2008 10:43:33 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
i8042prt

Event Record #/Type57450 / Error
Event Submitted/Written: 07/01/2008 10:42:28 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type57409 / Error
Event Submitted/Written: 07/01/2008 10:14:40 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
i8042prt

Event Record #/Type56836 / Error
Event Submitted/Written: 07/01/2008 10:13:47 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type56805 / Warning
Event Submitted/Written: 07/01/2008 10:07:07 PM
Event ID/Source: 3004 / WinDefend
Event Description:
L’agent de protection en temps réel %PC-de-Bibi27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Bibi27 ne peut pas annuler les modifications que vous autorisez.

Pour plus d’informations, consultez les données suivantes :
%PC-de-Bibi275

ID d’analyse : {FC18C28E-2885-425C-9280-FAAAD1459577}

Utilisateur : PC-de-Bibi\Bibi

Nom : %PC-de-Bibi271

ID : %PC-de-Bibi272

ID de gravité : %PC-de-Bibi273

ID de catégorie : %PC-de-Bibi274

Chemin d’accès trouvé : %PC-de-Bibi276

Type d’alerte : %PC-de-Bibi278

Type de détection : 1.1.1600.02



-- End of Deckard's System Scanner: finished at 2008-07-02 10:12:17 ------------

Et voila en esperant qu'une solution sera trouvée!:)
Petite nouveauté a mon ordinateur:Selon le centre de securité Kaspersky est activé mais je ne vois plus le petit symbole dans la barre d'outils!
Cordialement
Laddy
  
   
      ?   @     Posté le 02/07/2008 10:37:06  
Voter pour ce message
Désactive l'UAC-User Account Control -contrôle des comptes utilisateurs (surtout, bien penser à le réactiver après la désinfection).

* Démarrer > Panneau de Configuration
* Clique sur Comptes d'utilisateurs
* Clique à nouveau sur Comptes d'utilisateurs
*En mode d'affichage "Classique" : Panneau de configuration >> double-clique sur "Comptes d'utilisateurs")
* Clique sur Activer ou désactiver le contrôle des comptes d'utilisateurs (au bas)
* Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur
* Clique Ok pour valider
(**Si l'UAC était déjà désactivé, clique "Annuler", quitte le Panneau de configuration et passe à l'étape suivante - pas de redémarrage requis)
* Tu seras invité à redémarrer l'ordinateur ; clique Ok. Ton ordinateur doit maintenant redémarrer.


Désactive TeaTimer le résident de Spybot
[list]
- Démarre Spybot clique sur Mode coche Mode avancé
- A gauche clique sur Outils/ Résident
- Décoche la case devant Résident "TeaTimer"
- Quitte Spybot [/list]




Attention à être bien attentif.





Combofix :
Télécharge Combofix (by sUbs) sur ton bureau pas ailleurs !


NOTE Désactive tes protections résidentes durant son utilisation (antivirus et antispyware / Déconnecte toi de Internet.


- Double Clic sur Combofix.
- Quand une question te sera posée, réponds par la touche 1 et valide par Entrée.
- Laisse toi guider et ne touche à rien, sinon le PC risque de freezer.

- Lorsque l'analyse est terminée, un rapport sera créé.
- Poste-le (C:\Combofix.txt).

Aide: Un guide et un tutoriel sur l'utilisation de ComboFix

J'attends :
ton rapport combofix ;)


-->Message édité par Laddy le 02/07/2008 10:38:36<--
-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com
EternalFlame
  
   
      ?   @     Posté le 02/07/2008 11:47:00  
Voter pour ce message
Alors l'UAC et TeaTimer étaient déjà désactivés je suis en train de télécharger ComboFix des que j'ai fini je te poste le rapport
Cordialement
EternalFlame
  
   
      ?   @     Posté le 02/07/2008 12:08:00  
Voter pour ce message
J'ai un souci avec ComboFix lorsque je le lance il me dit:

"Current date is 02/07/2008.

This Copy of ComboFix has expired
Please download an update copy"
Dans l'attente!:)
Cordialement
Laddy
  
   
      ?   @     Posté le 02/07/2008 12:28:16  
Voter pour ce message
tu l'as déjà telecharger une fois avant ?

Supprime les versions telecharger et recommence
-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com
EternalFlame
  
   
      ?   @     Posté le 02/07/2008 13:06:15  
Voter pour ce message
Ben non je l'ai jamais telecharger avant j'ai retenté mais c'est toujours pareil!:'(
Laddy
  
   
      ?   @     Posté le 02/07/2008 13:19:52  
Voter pour ce message
effectivement il doit y avoir un biz avec l'outil je vais me renseigner.


edit : effectivement il y a un problème, je vais tout faire manuellement soit patient il faut que je rédige
-->Message édité par Laddy le 02/07/2008 13:21:53<--
-------
Offrez vous une bonne protection avec Antivir.
Bibou0007.com
Laddy
  
   
      ?   @     Posté le 02/07/2008 13:44:34  
Voter pour ce message
Rends toi dans le panneau de configuration

Démarrer/panneau de configuration/programme et fonctionnalité.
désinstalle si présent :
Antivirus20008 pro


Clique sur l'icone hijackthis sur ton bureau en faisant un clic droit dessus et en choisissant executer en tant qu'administrateur.

clique sur Do a system scan only

Coche ses lignes :

O2 - BHO: (no name) - {75F41C01-8243-4D1C-B6D5-F5360C1E258A} - C:\Windows\system32\d3dx10`33.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {C05CD05D-5E13-406A-AC62-FF18F57455F7} - C:\Windows\system32\fccywVPF.dll (file missing)
O4 - HKLM\..\Run: [5a778983] rundll32.exe "C:\Windows\system32\dffjhrqr.dll",b
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnkjIbc.dll,#1
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O21 - SSODL: okmdepgb - {408CC725-F1D2-414E-990E-4C3C09F58425} - (no file)
O21 - SSODL: axrfgvek - {CF4563B7-517A-4B6A-ADE3-10160661056F} - (no file)

Ferme toutes les fenetres sauf hijackthis

clique sur fix checked.

Redemarre ton pc

Ensuite


Désactive L'antivirus, antispyware....

  • Télécharge OTMoveIt de OldTimer.
  • Sauvegarde le sur ton Bureau.
  • Double-Clique sur OTMoveIt.exe pour le lancer.
  • Copie le chemin des fichiers suivants en selectionnant TOUT et en appuyant sur CTRL+C (ou, après avoir sélectionner, clique-droit et choisis Copier) :


    [kill explorer]
    C:\Windows\system32\fccywVPF.dll
    C:\Windows\system32\dffjhrqr.dll
    C:\Windows\system32\opnkjIbc.dll
    C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
    C:\Program Files\Antivirus 2008 PRO
    C:\Windows\system32\d3dx10`33.dll
    C:\Windows\system32\opnkjIbc.dll
    C:\Windows\system32\dffjhrqr.dll
    C:\Windows\system32\pXxHRXbc.ini2
    C:\Windows\system32\fywwimfx.dll
    C:\Windows\system32\FPVwyccf.ini2
    C:\Windows\system32\cbXRHxXp.dll
    [start explorer]



  • Retourne dans OTMoveit, fais un clique-droit dans la fenêtre "Paste List of Files/Folders to be moved" et choisis Coller.
  • Clique sur le bouton rouge Moveit!.
  • Ferme OTMoveIt.

    Note : Si un fichier ou un dossier ne peut être déplacer immédiatement il te sera demander de redémarrer ta machine pour finir le processus. Si c'est le cas, choisis Yes.

    Poste le rapport de OTMoveIT dispo ici : C:\_OTMoveIt\MovedFiles

    puis

    reposte moi un rapport dss main.txt
    -------
    Offrez vous une bonne protection avec Antivir.
    Bibou0007.com
    • EternalFlame
      
       
          ?   @     Posté le 02/07/2008 15:03:57  
    Voter pour ce message
    Alors voila le rapport OTMoveIt:
    File/Folder C:\Windows\system32\fccywVPF.dll not found.
    File/Folder C:\Windows\system32\dffjhrqr.dll not found.
    File/Folder C:\Windows\system32\opnkjIbc.dll not found.
    File/Folder C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe not found.
    File/Folder C:\Program Files\Antivirus 2008 PRO not found.
    C:\Windows\system32\d3dx10`33.dll unregistered successfully.
    C:\Windows\system32\d3dx10`33.dll moved successfully.
    File/Folder C:\Windows\system32\opnkjIbc.dll not found.
    File/Folder C:\Windows\system32\dffjhrqr.dll not found.
    C:\Windows\system32\pXxHRXbc.ini2 moved successfully.
    DllUnregisterServer procedure not found in C:\Windows\system32\fywwimfx.dll
    C:\Windows\system32\fywwimfx.dll NOT unregistered.
    C:\Windows\system32\fywwimfx.dll moved successfully.
    C:\Windows\system32\FPVwyccf.ini2 moved successfully.
    File/Folder C:\Windows\system32\cbXRHxXp.dll not found.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_145502

    Et le rapport main.txt:
    Deckard's System Scanner v20071014.68
    Run by Bibi on 2008-07-02 14:57:05
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Bibi.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:57:09, on 02/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Bibi\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Bibi.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {281BF17A-4C8C-40FB-8A4A-2E77604B7CD7} - C:\Windows\system32\cbXRHxXp.dll (file missing)
    O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\Windows\system32\pmnmjKAq.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {664A50B7-BA24-45B4-AEE1-3FDF832FB4AD} - C:\Windows\system32\awttsTlI.dll
    O2 - BHO: (no name) - {75F41C01-8243-4D1C-B6D5-F5360C1E258A} - C:\Windows\system32\d3dx10`33.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {C05CD05D-5E13-406A-AC62-FF18F57455F7} - C:\Windows\system32\fccywVPF.dll (file missing)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: nqgpedlr - {08E11E95-E8E4-43DD-B762-43F2159C8759} - C:\Windows\nqgpedlr.dll (file missing)
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\pmnmjKAq.dll,#1
    O4 - HKLM\..\Run: [5a778983] rundll32.exe "C:\Windows\system32\ynqqktmn.dll",b
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
    O13 - Gopher Prefix:
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-(...)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7B748EAC-C087-4B81-9782-6491B788C857}: NameServer = 80.10.246.1,80.10.246.129
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

    --
    End of file - 9688 bytes

    -- Files created between 2008-06-02 and 2008-07-02 -----------------------------

    2008-07-02 14:56:08 91520 --a------ C:\Windows\system32\ynqqktmn.dll
    2008-07-02 14:47:20 91520 -----n--- C:\Windows\system32\htgkwsdh.dll
    2008-07-02 14:40:57 28288 --a------ C:\Windows\system32\pmnmjKAq.dll
    2008-07-02 11:47:53 91520 --a------ C:\Windows\system32\mdtaqtlv.dll
    2008-07-02 11:47:14 129540 --ahs---- C:\Windows\system32\IlTsttwa.ini2
    2008-07-02 11:47:11 318720 --a------ C:\Windows\system32\awttsTlI.dll
    2008-07-01 21:18:29 0 d-------- C:\Windows\pss
    2008-07-01 19:19:56 0 d-------- C:\Program Files\Lavasoft
    2008-07-01 19:19:55 0 d-------- C:\Users\All Users\Lavasoft
    2008-07-01 19:15:06 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-07-01 18:41:56 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-07-01 17:17:47 94208 --a------ C:\Windows\eolk.exe
    2008-07-01 17:16:21 0 d-------- C:\Program Files\VirtualDJ
    2008-07-01 17:11:01 0 d-------- C:\Program Files\BitComet Turbo Accelerator
    2008-07-01 17:07:06 0 d-------- C:\Program Files\DNA
    2008-07-01 17:07:06 0 d-------- C:\Program Files\BitTorrent
    2008-06-28 15:04:25 0 d--h----- C:\Windows\msdownld.tmp
    2008-06-28 14:44:44 2560 --a------ C:\Windows\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
    2008-06-28 04:45:33 0 d-------- C:\Program Files\Trend Micro
    2008-06-27 17:27:09 0 d-------- C:\Program Files\BitComet
    2008-06-27 04:20:55 0 d-------- C:\Users\All Users\Ubisoft
    2008-06-27 04:14:25 0 -rahs---- C:\MSDOS.SYS
    2008-06-27 04:14:25 0 -rahs---- C:\IO.SYS
    2008-06-25 19:52:38 0 d-------- C:\Program Files\Notepad++
    2008-06-25 17:40:05 669184 --a------ C:\Windows\system32\pbsvc.exe
    2008-06-25 17:27:48 0 d-------- C:\Program Files\DAEMON Tools Lite
    2008-06-25 16:28:10 717296 --a------ C:\Windows\system32\drivers\sptd.sys
    2008-06-22 15:32:38 0 d-------- C:\Program Files\Common Files\Adobe
    2008-06-10 00:04:35 0 d-------- C:\Windows\nvidia icons


    -- Find3M Report ---------------------------------------------------------------

    2008-07-02 14:47:56 669340 --a------ C:\Windows\system32\perfh00C.dat
    2008-07-02 14:47:56 123350 --a------ C:\Windows\system32\perfc00C.dat
    2008-07-01 20:21:30 0 d-------- C:\Program Files\City of Heroes
    2008-07-01 19:15:06 0 d-------- C:\Program Files\Common Files
    2008-07-01 17:09:18 0 d-------- C:\Users\Bibi\AppData\Roaming\BitTorrent
    2008-06-30 16:40:17 0 d-------- C:\Program Files\Audacity
    2008-06-30 16:38:11 0 d-------- C:\Users\Bibi\AppData\Roaming\LimeWire
    2008-06-30 16:37:04 0 d-------- C:\Program Files\LimeWire
    2008-06-28 15:07:27 0 d-------- C:\Program Files\Google
    2008-06-28 04:38:42 0 d-------- C:\Users\Bibi\AppData\Roaming\Real
    2008-06-28 04:38:42 0 d-------- C:\Program Files\Real
    2008-06-28 04:38:42 0 d-------- C:\Program Files\Common Files\Real
    2008-06-27 17:34:53 0 d-------- C:\Program Files\Electronic Arts
    2008-06-27 17:30:05 0 d-------- C:\Users\Bibi\AppData\Roaming\Free Download Manager
    2008-06-27 04:23:03 0 d-------- C:\Users\Bibi\AppData\Roaming\Ubisoft
    2008-06-27 04:12:04 0 d-------- C:\Program Files\UbiSoft
    2008-06-27 04:12:04 0 d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-25 19:55:08 0 d-------- C:\Users\Bibi\AppData\Roaming\Notepad++
    2008-06-25 17:42:02 0 dr-h----- C:\Users\Bibi\AppData\Roaming\SecuROM
    2008-06-25 17:27:20 0 d-------- C:\Program Files\Lx_cats
    2008-06-25 16:27:26 0 d-------- C:\Users\Bibi\AppData\Roaming\DAEMON Tools
    2008-06-15 20:32:38 0 d-------- C:\Users\Bibi\AppData\Roaming\Skype
    2008-05-05 23:46:38 0 d-------- C:\Program Files\Lavalys
    2008-05-04 22:01:24 0 d-------- C:\Program Files\Plugins
    2008-05-04 21:58:40 0 d-------- C:\Program Files\AnalogX
    2008-04-27 15:52:10 12896 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
    2008-04-27 15:45:39 3107 --a------ C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{281BF17A-4C8C-40FB-8A4A-2E77604B7CD7}]
    C:\Windows\system32\cbXRHxXp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
    01/07/2008 17:25 28288 --a------ C:\Windows\system32\pmnmjKAq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{664A50B7-BA24-45B4-AEE1-3FDF832FB4AD}]
    02/07/2008 11:47 318720 --a------ C:\Windows\system32\awttsTlI.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75F41C01-8243-4D1C-B6D5-F5360C1E258A}]
    C:\Windows\system32\d3dx10`33.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C05CD05D-5E13-406A-AC62-FF18F57455F7}]
    C:\Windows\system32\fccywVPF.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [10/05/2007 17:10 C:\Windows\RtHDVCpl.exe]
    "LXCGCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [22/02/2007 05:20]
    "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [06/03/2006 17:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [31/08/2007 13:01]
    "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [30/10/2007 20:05]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [03/05/2008 05:46]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [03/05/2008 05:46]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [19/05/2007 22:36]
    "MSServer"="C:\Windows\system32\pmnmjKAq.dll" [01/07/2008 17:25]
    "5a778983"="C:\Windows\system32\ynqqktmn.dll" [02/07/2008 14:56]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 00:33]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 11:39]
    "BitComet"="C:\Program Files\BitComet\BitComet.exe" [03/06/2008 05:42]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)
    "EnableLUA"=0 (0x0)
    "EnableUIADesktopToggle"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{28220052-D9A9-44B1-AB98-EDC594D238B6}"= C:\Windows\system32\pmnmjKAq.dll [01/07/2008 17:25 28288]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\Windows\system32\awttsTlI

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Bibi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BitComet Turbo Accelerator.lnk]
    path=C:\Users\Bibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitComet Turbo Accelerator.lnk
    backup=C:\Windows\pss\BitComet Turbo Accelerator.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    C:\Program Files\BitComet\BitComet.exe /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTuner]
    "C:\Program Files\RivaTuner v2.06\RivaTuner.exe" /T

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
    "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    rundll32.exe oobefldr.dll,ShowWelcomeCenter

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    C:\Program Files\Windows Media Player\WMPNSCFG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07548904-42cb-11dd-ac36-0019dbc6f648}]
    AutoRun\command- J:\autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91de22e9-43e6-11dd-801d-0019dbc6f648}]
    AutoRun\command- K:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4520d63-443d-11dd-801d-0019dbc6f648}]
    AutoRun\command- L:\Autorun.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-07-02 14:57:43 ------------
    P.S:Antivirus2008 était deja desinstallé et Spybot ne se lance plus au démarrage un bon signe!:)
    Laddy
      
       
          ?   @     Posté le 02/07/2008 15:13:40  
    Voter pour ce message
    MalwareByte's Anti-Malware

    télécharge MalwareByte's Anti-Malware et installe le.
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    - Assure toi qu'il se soit bien mis à jour avant de passer à la suite.

    - Aide : Tutoriel MABM
    Redémarre en mode sans échec :

    o Redémarre ton ordinateur
    o Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    o A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    o Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    o Choisis ton compte.

    * Lance MBAM et sélectionne "Exécuter un examen complet". Patiente le temps du scan.

    * Une fois le scan terminé,clique sur "Supprimer la sélection".

    Si MBAM a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok. Enregistre le rapport sur ton Bureau lorsqu'il s'affichera



    Poste moi ensuite un nouveau rapport main.txt de DSS
    -------
    Offrez vous une bonne protection avec Antivir.
    Bibou0007.com
    EternalFlame
      
       
          ?   @     Posté le 02/07/2008 16:54:18  
    Voter pour ce message
    Voila le nouveau rapport DSS main.txt:
    Deckard's System Scanner v20071014.68
    Run by Bibi on 2008-07-02 16:51:38
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Bibi.exe) ------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:51:44, on 02/07/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Logitech\G-series Software\LCDMon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Secur