[Résolu] Virus lié à MSN

Bonjour,

MSNFix n'est plus à jour actuellement.

Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix pour l'exécuter.

Choisis l'option 1 (Recherche).

Laisse travailler l'outil.

Poste le rapport UsbFix.txt.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Bonjour,


############################## | UsbFix V6.071 |

User : Gladys (Administrateurs) # PC-DE-GLADYS
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 08:48:13 | 07/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
AV : Norton AntiVirus 15.0.0.58 [ Enabled | Updated ]
FW : Norton AntiVirus[ Enabled ]15.0.0.58

C:\ -> Disque fixe local # 137,05 Go (57,04 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe 468
C:\Windows\system32\csrss.exe 588
C:\Windows\system32\csrss.exe 652
C:\Windows\system32\wininit.exe 660
C:\Windows\system32\winlogon.exe 708
C:\Windows\system32\services.exe 740
C:\Windows\system32\lsass.exe 752
C:\Windows\system32\lsm.exe 764
C:\Windows\system32\svchost.exe 892
C:\Windows\system32\svchost.exe 964
C:\Windows\System32\svchost.exe 1004
C:\Windows\system32\Ati2evxx.exe 1088
C:\Windows\System32\svchost.exe 1144
C:\Windows\System32\svchost.exe 1172
C:\Windows\system32\svchost.exe 1184
C:\Windows\system32\SLsvc.exe 1288
C:\Windows\system32\svchost.exe 1316
C:\Windows\system32\svchost.exe 1520
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1660
C:\Windows\system32\Ati2evxx.exe 1720
C:\Windows\System32\spoolsv.exe 1764
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 1788
C:\Windows\system32\svchost.exe 2012
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 1280
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 1988
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 1612
C:\Windows\system32\rundll32.exe 2172
C:\Windows\system32\oodag.exe 2276
C:\Windows\system32\svchost.exe 2324
C:\Windows\system32\svchost.exe 2344
C:\Windows\System32\svchost.exe 2372
C:\Windows\system32\SearchIndexer.exe 2412
C:\Windows\system32\taskeng.exe 2728
C:\Windows\system32\Dwm.exe 3120
C:\Windows\system32\taskeng.exe 3172
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3464
C:\Windows\RtHDVCpl.exe 3488
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe 3504
C:\Program Files\ATK Hotkey\Hcontrol.exe 3516
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe 3532
C:\Program Files\CyberLink\PlayMovie\PMVService.exe 3572
C:\Program Files\ATK Hotkey\ATKOSD.exe 3760
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE 3780
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 3788
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe 3852
C:\Program Files\Java\jre6\bin\jusched.exe 3880
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe 3920
C:\Windows\rndll.exe 3928
C:\Program Files\DAEMON Tools Lite\daemon.exe 3976
C:\Program Files\Windows Media Player\wmpnscfg.exe 4008
C:\Windows\system32\wbem\unsecapp.exe 4020
C:\Windows\system32\wbem\wmiprvse.exe 2164
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 1496
C:\Program Files\Windows Media Player\wmpnetwk.exe 3432
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4560
C:\Program Files\Windows Live\Contacts\wlcomm.exe 4896
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 5120
C:\Program Files\Windows Live\Mail\wlmail.exe 5540
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe 3640
C:\Windows\system32\conime.exe 4240
C:\Windows\system32\csrss.exe 5968
C:\Windows\system32\winlogon.exe 4140
C:\Windows\system32\Ati2evxx.exe 2104
C:\Windows\system32\rundll32.exe 1348
C:\Windows\system32\Dwm.exe 2964
C:\Program Files\ATK Hotkey\Hcontrol.exe 3208
C:\Windows\system32\taskeng.exe 3644
C:\Windows\Explorer.EXE 4856
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 5132
C:\Windows\RtHDVCpl.exe 4476
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe 3352
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe 4304
C:\Program Files\CyberLink\PlayMovie\PMVService.exe 4936
C:\Program Files\ATK Hotkey\ATKOSD.exe 5176
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 6124
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 4720
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe 5328
C:\Program Files\Java\jre6\bin\jusched.exe 3600
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 5576
C:\Windows\rndll.exe 3864
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 4716
C:\Program Files\Cheat Engine\Cheat Engine.exe 5864
C:\Nostale(FR)\nostalex.dat 4576
C:\Program Files\Mumble\dbus-daemon.exe 9664
C:\Nostale(FR)\nostalex.dat 9084
C:\Windows\explorer.exe 3664
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 12028
C:\Program Files\Mozilla Firefox\firefox.exe 8508
C:\Windows\system32\wbem\wmiprvse.exe 10916

################## | Elements infectieux |

C:\Windows\rndll.exe

################## | MD5 |

C:\Users\Gladys\AppData\Local\Temp\IXP000.TMP\ggdfgd.exe
C:\Windows\rndll.exe

################## | Registre |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Firevall Administrating"

################## | Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{563ce601-26b6-11de-84af-002354a76aa1}
shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ

################## | Cracks > Keygens > Serials |

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg\setup.exe"
02/02/2002 01:02 |Size 1750952 |Crc32 a07f5e4f |Md5 5dec3cee03923a44c99701aaf5cece9b

"C:\Program Files\Cracklock\unins000.exe"
11/04/2009 19:33 |Size 72164 |Crc32 53f881c3 |Md5 fe6fc2b661d05ad066c684fdba90c0ae

"C:\Program Files\Cracklock\Bin\CLINJECT.exe"
01/08/2001 23:53 |Size 2560 |Crc32 ac457405 |Md5 09d843c716c8d5f00b6c82a9df993f02

"C:\Program Files\Cracklock\Bin\CLMNGR.exe"
01/08/2001 23:53 |Size 151552 |Crc32 420baaef |Md5 cdfa95e9a387a38ef9a14ec9d9b8d3c2

"C:\Program Files\Cracklock\Bin\MCL.exe"
01/08/2001 23:53 |Size 27136 |Crc32 1cb844b2 |Md5 42e1a7601c0a25185174c5bb090f3e04

"C:\Program Files\Cracklock\Examples\VBDate.exe"
30/05/1998 12:02 |Size 8704 |Crc32 db2ba782 |Md5 13d7d709cabc7e88e5c4a435a8221142

"C:\Program Files\Cracklock\Examples\VCDATE.EXE"
20/08/1999 13:46 |Size 25088 |Crc32 6007c824 |Md5 c962d099e1a319c12f9047506b66b5c8

"C:\Users\Gladys\AppData\Local\Temp\keygen_noUPX.exe"
09/07/2009 11:48 |Size 172032 |Crc32 7d560217 |Md5 d32d0321660d1db330311d2e75e56c76

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_...\--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\norton2009_trialreset.exe"
08/07/2009 20:43 |Size 861588 |Crc32 e5dff9cc |Md5 54f7e3c33bb751a942ff5e38f17a9fc7

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_...\--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\NortonInternetSecurity2009.exe"
19/10/2008 12:55 |Size 59011584 |Crc32 db865371 |Md5 2e556cea877707fefec7dcf05ff40812

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\Stub.exe"
09/07/2009 11:48 |Size 778080 |Crc32 8eccdd4a |Md5 3daed7fd0244fc5f85ba99cb408d93f3

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\N360\Setup\FWCfg.exe"
09/07/2009 11:36 |Size 31576 |Crc32 c8448bd4 |Md5 ba158815f5157e786d0234b6cea94ad9

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\N360\Setup\COH32\COH32.exe"
09/07/2009 11:39 |Size 1250656 |Crc32 40328126 |Md5 6717b32429dc473ef257a4b1d038c07a

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\N360\Setup\COH64\COH64.exe"
09/07/2009 11:39 |Size 1996336 |Crc32 a559cc3b |Md5 b784d3e820859bd09bbead21e980af8e

"C:\Users\Gladys\Downloads\Norton Antivirus 2008 FR\keygen_noUPX.exe"
30/07/2008 17:47 |Size 172032 |Crc32 7d560217 |Md5 d32d0321660d1db330311d2e75e56c76

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg.rar"
-> contain : keygen.exe

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg.rar"
-> contain : patch.exe

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg.rar"
-> contain : setup.exe

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_..."
-> contain : *--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\Norton2009_TrialReset.exe

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_..."
-> contain : *--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\NortonInternetSecurity2009.exe


################## | ! Fin du rapport # UsbFix V6.071 ! |



Voici le rapport UsbFix

Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.

Double-clique sur UsbFix présent sur ton Bureau pour le lancer.

Choisis l'option 2 (Suppression).

Ton Bureau disparaîtra et le PC redémarrera.

Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.

Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).

Bonjour, voici le rapport après l'option Suppression.



############################## | UsbFix V6.071 |

User : Gladys (Administrateurs) # PC-DE-GLADYS
Update on 06/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 10:19:50 | 08/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

AMD Athlon(tm) 64 X2 Dual-Core Processor TK-57
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 7.0.6002.18005
Windows Firewall Status : Enabled
AV : Norton AntiVirus 15.0.0.58 [ Enabled | Updated ]
FW : Norton AntiVirus[ Enabled ]15.0.0.58

C:\ -> Disque fixe local # 137,05 Go (57,26 Go free) [HDD] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe 512
C:\Windows\system32\csrss.exe 588
C:\Windows\system32\wininit.exe 652
C:\Windows\system32\csrss.exe 660
C:\Windows\system32\services.exe 696
C:\Windows\system32\winlogon.exe 724
C:\Windows\system32\lsass.exe 760
C:\Windows\system32\lsm.exe 768
C:\Windows\system32\svchost.exe 912
C:\Windows\system32\svchost.exe 972
C:\Windows\System32\svchost.exe 1008
C:\Windows\system32\LogonUI.exe 1048
C:\Windows\system32\Ati2evxx.exe 1104
C:\Windows\System32\svchost.exe 1160
C:\Windows\System32\svchost.exe 1204
C:\Windows\system32\svchost.exe 1216
C:\Windows\system32\SLsvc.exe 1328
C:\Windows\system32\svchost.exe 1364
C:\Windows\system32\svchost.exe 1556
C:\Windows\system32\Ati2evxx.exe 1652
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1676
C:\Windows\System32\spoolsv.exe 1772
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 1796
C:\Windows\system32\svchost.exe 124
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe 1284
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 372
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 2064
C:\Windows\system32\rundll32.exe 2212
C:\Windows\system32\oodag.exe 2268
C:\Windows\system32\svchost.exe 2404
C:\Windows\system32\svchost.exe 2432
C:\Windows\System32\svchost.exe 2464
C:\Windows\system32\SearchIndexer.exe 2500
C:\Windows\system32\taskeng.exe 2824
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 3892
C:\Windows\system32\wbem\wmiprvse.exe 2428
C:\Windows\servicing\TrustedInstaller.exe 2368
C:\Windows\system32\taskeng.exe 224
C:\Windows\system32\Dwm.exe 3192
C:\Windows\Explorer.EXE 3272
C:\Program Files\ATK Hotkey\Hcontrol.exe 2356
C:\Program Files\ATK Hotkey\ATKOSD.exe 1144
C:\Windows\system32\runonce.exe 3256
C:\Windows\system32\conime.exe 3628

################## | Elements infectieux |

Supprimé ! C:\Windows\rndll.exe
Supprimé ! C:\$Recycle.Bin\S-1-5-21-1073457273-1273766430-2797484330-500
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2532158372-3583300359-1391360984-1000
Supprimé ! C:\$Recycle.Bin\S-1-5-21-2532158372-3583300359-1391360984-1001

################## | MD5 |

Supprimé ! C:\Users\Gladys\AppData\Local\Temp\IXP000.TMP\ggdfgd.exe

################## | Registre |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Firevall Administrating"

################## | Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{563ce601-26b6-11de-84af-002354a76aa1}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[11/04/2009 07:36|-rahs----|333257] C:\bootmgr
[26/11/2008 03:25|-ra-s----|8192] C:\BOOTSECT.BAK
[05/01/2010 08:58|--a------|957] C:\cleannavi.txt
[25/10/2009 16:39|--a------|74] C:\CMLoader.log
[18/09/2006 22:43|--a------|10] C:\config.sys
[23/04/2008 16:10|--a------|2916] C:\files.crc
[?|?|?] C:\hiberfil.sys
[?|?|?] C:\pagefile.sys
[25/11/2008 19:21|--a------|426] C:\RHDSetup.log
[25/11/2008 19:22|--a------|86] C:\setup.log
[25/11/2008 20:12|--a------|0] C:\temp_ig.txt
[08/01/2010 10:35|--a------|3873] C:\UsbFix.txt

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.

################## | Crack > Keygen > Serial |

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg\setup.exe"
02/02/2002 01:02 |Size 1750952 |Crc32 a07f5e4f |Md5 5dec3cee03923a44c99701aaf5cece9b

"C:\Program Files\Cracklock\unins000.exe"
11/04/2009 19:33 |Size 72164 |Crc32 53f881c3 |Md5 fe6fc2b661d05ad066c684fdba90c0ae

"C:\Program Files\Cracklock\Bin\CLINJECT.exe"
01/08/2001 23:53 |Size 2560 |Crc32 ac457405 |Md5 09d843c716c8d5f00b6c82a9df993f02

"C:\Program Files\Cracklock\Bin\CLMNGR.exe"
01/08/2001 23:53 |Size 151552 |Crc32 420baaef |Md5 cdfa95e9a387a38ef9a14ec9d9b8d3c2

"C:\Program Files\Cracklock\Bin\MCL.exe"
01/08/2001 23:53 |Size 27136 |Crc32 1cb844b2 |Md5 42e1a7601c0a25185174c5bb090f3e04

"C:\Program Files\Cracklock\Examples\VBDate.exe"
30/05/1998 12:02 |Size 8704 |Crc32 db2ba782 |Md5 13d7d709cabc7e88e5c4a435a8221142

"C:\Program Files\Cracklock\Examples\VCDATE.EXE"
20/08/1999 13:46 |Size 25088 |Crc32 6007c824 |Md5 c962d099e1a319c12f9047506b66b5c8

"C:\Users\Gladys\AppData\Local\Temp\keygen_noUPX.exe"
09/07/2009 11:48 |Size 172032 |Crc32 7d560217 |Md5 d32d0321660d1db330311d2e75e56c76

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_...\--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\norton2009_trialreset.exe"
08/07/2009 20:43 |Size 861588 |Crc32 e5dff9cc |Md5 54f7e3c33bb751a942ff5e38f17a9fc7

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_...\--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\NortonInternetSecurity2009.exe"
19/10/2008 12:55 |Size 59011584 |Crc32 db865371 |Md5 2e556cea877707fefec7dcf05ff40812

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\Stub.exe"
09/07/2009 11:48 |Size 778080 |Crc32 8eccdd4a |Md5 3daed7fd0244fc5f85ba99cb408d93f3

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\N360\Setup\FWCfg.exe"
09/07/2009 11:36 |Size 31576 |Crc32 c8448bd4 |Md5 ba158815f5157e786d0234b6cea94ad9

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\N360\Setup\COH32\COH32.exe"
09/07/2009 11:39 |Size 1250656 |Crc32 40328126 |Md5 6717b32429dc473ef257a4b1d038c07a

"C:\Users\Gladys\Downloads\Norton 360v3.0 2009 [Include Keygen from XR21]\Norton 360v3.0\N360\Setup\COH64\COH64.exe"
09/07/2009 11:39 |Size 1996336 |Crc32 a559cc3b |Md5 b784d3e820859bd09bbead21e980af8e

"C:\Users\Gladys\Downloads\Norton Antivirus 2008 FR\keygen_noUPX.exe"
30/07/2008 17:47 |Size 172032 |Crc32 7d560217 |Md5 d32d0321660d1db330311d2e75e56c76

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg.rar"
-> contain : keygen.exe

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg.rar"
-> contain : patch.exe

"C:\logiciels\mIRC.v6.34.Incl.KeyGen.and.Server\mIRC.v6.34.Incl.KeyGen.and.Server\f4123501\f4cg.rar"
-> contain : setup.exe

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_..."
-> contain : *--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\Norton2009_TrialReset.exe

"C:\Users\Gladys\Downloads\--www.dl4all.com--Norton_AntiVirus_2009__Norton_Internet_..."
-> contain : *--www.dl4all.com--Norton AntiVirus 2009 +Norton Internet Security 2009 + Crack\NortonInternetSecurity2009.exe


################## | Upload |

Veuillez envoyer le fichier : C:\Users\Gladys\Desktop\UsbFix_Upload_Me_PC-de-Gladys.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.071 ! |

Le virus MSN est effacé.

Relance UsbFix et choisis l'option 6 pour le désinstaller.

Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.

Double-clique sur le fichier téléchargé pour lancer le processus d'installation.

Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.

Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.

Sélectionne Exécuter un examen rapide.

Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.

Ferme tes navigateurs.

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Voici le rapport de MBAM :


Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3517
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08/01/2010 16:19:15
mbam-log-2010-01-08 (16-19-15).txt

Type de recherche: Examen rapide
Eléments examinés: 108447
Temps écoulé: 9 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Gladys\AppData\Local\Temp\keygen_noUPX.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Windows\System32\ovfsthtlfnmyvcxsmsqtemxcfwauwuckfidtpd.dat (Rootkit.TDSS) -> Quarantined and deleted successfully.

Relance MBAM, va dans Quarantaine et supprime tout.

Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Alors voici le rapport de info.txt :


info.txt logfile of random's system information tool 1.06 2010-01-08 21:55:38

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\Setup.exe" -uninstall
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0-->msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Photoshop Elements 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobePE6*
Adobe Reader 8.1.7 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
ADSL Neuf-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NEUF_FR*
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\setup.exe -runfromtemp -l0x040c -removeonly
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files\Google\Google_BAE\BAE.dll"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
CyberLink PowerCinema-->"C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" /z-uninstall
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dragonica(FR)-->C:\Program Files\gPotato.eu\Dragonica\FR\uninst.exe
EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Encyclopaedia Universalis-->"C:\Program Files\Encyclopaedia Universalis\Encyclopaedia Universalis\Uninstall_Encyclopaedia Universalis\Désinstaller Encyclopaedia Universalis 2009.exe"
EPSON Logiciel imprimante-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Google BAE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *GoogleBAE*
HDReg France-->MsiExec.exe /I{0ED40D2A-7131-4FE7-941E-5C329336F712}
HijackThis 2.0.2-->"C:\Users\Gladys\Downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Infocentre Rev. 2.0.0.1-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
IPcute version 0.605-->"C:\Program Files\IPcute\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Mega Codec Pack 5.0.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c
Ma-Config.com-->MsiExec.exe /X{FACFAAB3-1443-427D-A0B0-1B55BB4F7FB2}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
MicroBest Cracklock 3.8.4-->"C:\Program Files\Cracklock\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 9 SE-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *works9se*
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_FR*
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Nero 8 Essentials-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Nero8*
Nero 8 Essentials-->MsiExec.exe /X{980B9958-1239-4FC5-8C88-AC5650321036}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955}
Nokia Multimedia Common Components 2.4-->MsiExec.exe /I{6EB6C056-02BB-453E-8448-EC90B9794180}
Norton AntiVirus (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_0_0_58\Setup.exe" /X
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Internet Security-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *NIS2008_FR*
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.0.0.125\InstStub.exe /X
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
Nostale Online FR (Remove)-->"C:\Nostale(FR)\unins000.exe"
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}
Power Cinema 6-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *PowerCinema6*
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_FR*
Shareaza 2.4.0.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
USB 2.0 VGA UVC WebCam-->C:\Windows\Uninstvga.bat
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}

======Security center information======

AV: Norton AntiVirus
FW: Norton AntiVirus
AS: Windows Defender
AS: Norton AntiVirus

======System event log======

Computer Name: PC-de-Gladys
Event Code: 1002
Message: Échec de la publication de l’élément Provider\Microsoft.Base.Publication/Publication/Computer. Vérifiez que PKEY_PUBSVCS_METADATA et PKEY_PUBSVCS_TYPE sont définis correctement avec l’instance de la fonction et qu’il n’y a pas eu d’erreurs lors de l’ajout de l’instance de la fonction.
Record Number: 35183
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090709092903.079154-000
Event Type: Erreur
User: AUTORITE NT\SERVICE LOCAL

Computer Name: PC-de-Gladys

Et voici celui de lod.txt :


Logfile of random's system information tool 1.06 (written by random/random)
Run by Gladys at 2010-01-08 22:02:51
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2
System drive C: has 59 GB (42%) free of 140 GB
Total RAM: 2686 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:57, on 08/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe
C:\Program Files\CyberLink\PlayMovie\PMVService.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBIE.EXE
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Nostale(FR)\nostalex.dat
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
C:\Users\Gladys\Downloads\RSIT.exe
C:\Users\Gladys\Downloads\Gladys.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9136
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\CyberLink\PlayMovie\PMVService.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_S4F19.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{6EC9E8EE-E280-4EAA-BC2C-5E6B6CD9040C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6EC9E8EE-E280-4EAA-BC2C-5E6B6CD9040C}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6EC9E8EE-E280-4EAA-BC2C-5E6B6CD9040C}: NameServer = 192.168.1.1
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: CLKERN.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\Windows\system32\IoctlSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 9795 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Extension de garantie-Gladys.job
C:\Windows\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Gladys.job
C:\Windows\tasks\Norton Internet Security - Effectuer une analyse complète du système - Gladys.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2009-07-09 116088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Google\Google_BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-03-01 857648]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-17 4702208]
"Skytel"=C:\Windows\Skytel.exe [2007-08-03 1826816]
"PCMAgent"=C:\Program Files\CyberLink\PowerCinema\PCMAgent.exe [2008-03-21 143360]
"CLMLServer"=C:\Program Files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe [2008-04-11 196608]
"PlayMovie"=C:\Program Files\CyberLink\PlayMovie\PMVService.exe [2008-03-31 172032]
"toolbar_eula_launcher"=C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
"OODefragTray"=C:\Windows\system32\oodtray.exe [2007-06-28 2512128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
"EPSON Stylus DX6000 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE [2006-02-13 131072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"=C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [2008-02-04 1038136]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="CLKERN.DLL,C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\system32\EZUPBH~1.DLL [2009-04-11 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=128
"NoDriveTypeAutoRun"=128
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Gladys\AppData\Local\Temp\IXP000.TMP\ggdfgd.exe"="C:\Users\Gladys\AppData\Local\Temp\IXP000.TMP\ggdfgd.exe:*:Enabled:Firevall Administrating"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2010-01-08 21:55:10 ----D---- C:\rsit
2010-01-08 21:55:10 ----D---- \rsit
2010-01-08 16:06:12 ----D---- C:\ProgramData\Malwarebytes
2010-01-08 16:06:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 10:35:28 ----RASHD---- C:\autorun.inf
2010-01-08 10:35:28 ----RASHD---- \autorun.inf
2010-01-07 08:46:56 ----D---- C:\UsbFix
2010-01-07 08:46:56 ----D---- \UsbFix
2010-01-05 09:31:57 ----D---- C:\Program Files\Mumble
2010-01-05 08:58:14 ----A---- C:\cleannavi.txt
2010-01-05 08:58:14 ----A---- \cleannavi.txt
2010-01-05 08:57:55 ----D---- C:\Program Files\Navilog1
2010-01-01 19:44:19 ----D---- C:\Program Files\AxBx
2009-12-20 21:15:46 ----A---- C:\Windows\system32\d3dx9.dll
2009-12-20 21:15:46 ----A---- C:\Windows\system32\D3DX81ab.dll
2009-12-17 17:04:01 ----SHD---- C:\Config.Msi
2009-12-17 17:04:01 ----SHD---- \Config.Msi
2009-12-11 07:25:37 ----A---- C:\Windows\system32\wininet.dll
2009-12-11 07:25:36 ----A---- C:\Windows\system32\mshtml.dll
2009-12-11 07:25:35 ----A---- C:\Windows\system32\urlmon.dll
2009-12-11 07:25:33 ----A---- C:\Windows\system32\ieframe.dll
2009-12-11 07:25:31 ----A---- C:\Windows\system32\ieui.dll
2009-12-11 07:25:29 ----A---- C:\Windows\system32\ieencode.dll
2009-12-11 07:25:27 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-10 10:13:30 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 10:13:26 ----A---- C:\Windows\system32\httpapi.dll
2009-12-10 04:30:59 ----A---- C:\Windows\system32\winhttp.dll
2009-12-10 04:29:54 ----A---- C:\Windows\system32\rastls.dll

======List of files/folders modified in the last 1 months======

2010-01-08 22:02:55 ----D---- C:\Windows\Temp
2010-01-08 16:22:33 ----D---- C:\Program Files\mIRC
2010-01-08 16:20:14 ----D---- C:\Program Files\Mozilla Firefox
2010-01-08 16:19:27 ----D---- C:\Windows\system32\drivers
2010-01-08 16:19:27 ----D---- C:\Windows\Branding
2010-01-08 16:19:15 ----AD---- C:\Windows\System32
2010-01-08 16:06:12 ----HD---- C:\ProgramData
2010-01-08 16:06:12 ----HD---- \ProgramData
2010-01-08 16:06:11 ----RD---- C:\Program Files
2010-01-08 16:06:11 ----RD---- \Program Files
2010-01-08 10:52:26 ----D---- C:\Windows\inf
2010-01-08 10:52:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-08 10:47:12 ----D---- C:\Nostale(FR)
2010-01-08 10:47:12 ----D---- \Nostale(FR)
2010-01-08 10:35:12 ----SHD---- C:\$Recycle.Bin
2010-01-08 10:35:12 ----SHD---- \$Recycle.Bin
2010-01-08 10:21:25 ----D---- C:\Windows
2010-01-08 10:21:25 ----D---- \Windows
2010-01-08 01:44:39 ----SHD---- C:\System Volume Information
2010-01-08 01:44:39 ----SHD---- \System Volume Information
2010-01-07 08:47:02 ----D---- C:\Windows\prefetch
2010-01-05 09:32:35 ----D---- C:\Windows\winsxs
2010-01-02 22:41:30 ----D---- C:\Program Files\Cheat Engine
2010-01-02 10:32:52 ----A---- C:\Windows\msnfix.txt
2009-12-19 22:32:43 ----D---- C:\Windows\system32\WDI
2009-12-19 22:31:38 ----D---- C:\Program Files\McAfee
2009-12-19 19:30:12 ----D---- C:\Windows\system32\catroot
2009-12-17 17:04:31 ----SHD---- C:\Windows\Installer
2009-12-17 17:04:27 ----D---- C:\Program Files\Nokia
2009-12-17 17:04:23 ----D---- C:\Program Files\Common Files\Nokia
2009-12-17 17:04:23 ----D---- C:\Program Files\Common Files
2009-12-17 16:35:48 ----SD---- C:\Windows\Downloaded Program Files
2009-12-16 17:58:56 ----RD---- C:\Users
2009-12-16 17:58:56 ----RD---- \Users
2009-12-11 03:44:17 ----D---- C:\Windows\rescache
2009-12-11 03:28:16 ----D---- C:\Windows\system32\catroot2
2009-12-11 03:25:04 ----D---- C:\Windows\system32\fr-FR
2009-12-11 03:25:04 ----D---- C:\Program Files\Windows Mail
2009-12-11 03:09:21 ----D---- C:\ProgramData\Microsoft Help
2009-12-11 03:07:33 ----RSD---- C:\Windows\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248]
R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091230.001\IDSvix86.sys [2009-11-20 286768]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2009-03-17 447024]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-10-25 5632]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-02-19 24112]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2009-02-19 184496]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\CyberLink\PlayMovie\000.fcl [2008-03-31 41456]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-25 4385792]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-22 1950552]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100108.002\NAVENG.SYS [2009-08-25 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100108.002\NAVEX15.SYS [2009-08-25 1323568]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-01-23 50176]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2009-02-19 13616]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-07-09 124464]
R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2009-02-19 96560]
R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2009-02-19 22320]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-03-01 182456]
S3 av2csm62;av2csm62; C:\Windows\system32\drivers\av2csm62.sys []
S3 catchme;catchme; \??\C:\Users\Gladys\AppData\Local\Temp\catchme.sys []
S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-05-14 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-04-07 36608]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-02-05 94208]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-25 733184]
R2 Automatic LiveUpdate Scheduler;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-06-28 1049856]
R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-07-09 1251720]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-25 647680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-05-13 234864]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-14 447784]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-03-19 2739229]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]

-----------------EOF-----------------

Désinstalle DAEMON Tools Toolbar.

Télécharge OTM (OldTimer) sur ton Bureau.

Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.

Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Gladys\AppData\Local\Temp\IXP000.TMP\ggdfgd.exe"=-

:commands
[purity]
[emptytemp]
[reboot]

Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

Clique maintenant sur le bouton MoveIt! puis ferme OTM.

---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log

Voici le rapport de OTM


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Users\Gladys\AppData\Local\Temp\IXP000.TMP\ggdfgd.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: AncolieMag
-> No Temporary Internet Files cache folder defined!

User: Default
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Gladys
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 31532292 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87596 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 30,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01092010_082629

Files moved on Reboot...
File C:\Windows\temp\JETBE2.tmp not found!

Registry entries deleted on Reboot...

Plus de souci ?

Mets à jour Adobe Reader.

Non plus aucun soucis pour l'instant. Merci infiniment je croise les doigts pour que ca continue  

Bonne continuation à toi  

1/

Désinstalle HijackThis.

Télécharge ToolsCleaner2 sur ton Bureau.

Clique droit sur ToolsCleaner2.exe et choisis Exécuter en tant qu'administrateur.

Clique sur Recherche et laisse le scan agir.

Clique sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options Facultatives.

Clique sur Quitter pour obtenir le rapport.

Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


2/

Télécharge et installe CCleaner Slim.

Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....

Va dans Nettoyeur, choisis Analyser. Une fois terminé, lance le nettoyage.


3/

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.


==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :

Clique, dans ton premier message, sur le bouton Editer .

Ajoute la mention [Résolu] devant le titre.

Clique ensuite sur Valider votre message.


Sois plus vigilant(e) sur Internet  

Voici le rapport Tcleaner :

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\cleannavi.txt: trouvé !
C:\_OTM: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Users\Gladys\AppData\Local\Temp\*.msnfix: trouvé !
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Recent\MSNFix.lnk: trouvé !
C:\Users\Gladys\Desktop \Navilog1.exe: trouvé !
C:\Users\Gladys\Desktop\catchme.log: trouvé !
C:\Users\Gladys\Desktop\MsnFix: trouvé !
C:\Users\Gladys\Desktop\MSNFix\incl\catchme.exe: trouvé !
C:\Users\Gladys\Downloads\Msnfix.zip: trouvé !
C:\Users\Gladys\Downloads\OTM.exe: trouvé !
atrouvé !
C:\Users\Gladys\Downloads\hijackthis.log: trouvé !
C:\Users\Gladys\Downloads\UsbFix.exe: trouvé !
C:\Users\Gladys\Downloads\Rsit.exe: trouvé !
C:\Users\Gladys\Downloads\MsnFix: trouvé !
C:\Users\Gladys\Downloads\MSNFix\MsnFix: trouvé !
C:\Users\Gladys\Downloads\MSNFix\MSNFix\incl\catchme.exe: trouvé !
C:\Windows\msnfix.txt: trouvé !
C:\Windows\System32\*.msnfix: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Users\Gladys\AppData\Roaming\Microsoft\Windows\Recent\MSNFix.lnk: supprimé !
C:\Users\Gladys\Desktop\Navilog1.exe: supprimé !
C:\Users\Gladys\Desktop\MSNFix\incl\catchme.exe: supprimé !
C:\Users\Gladys\Downloads\Msnfix.zip: supprimé !
C:\Users\Gladys\Downloads\OTM.exe: supprimé !
C:\Users\Gladys\Downloads\HijackThis.exe: supprimé !
C:\Users\Gladys\Downloads\MSNFix\MSNFix\incl\catchme.exe: supprimé !
C:\cleannavi.txt: supprimé !
C:\Users\Gladys\AppData\Local\Temp\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Users\Gladys\Desktop\catchme.log: supprimé !
C:\Users\Gladys\Downloads\hijackthis.log: supprimé !
C:\Users\Gladys\Downloads\UsbFix.exe: supprimé !
C:\Users\Gladys\Downloads\Rsit.exe: supprimé !
C:\Windows\msnfix.txt: supprimé !
C:\Windows\System32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\_OTM: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Users\Gladys\Desktop\MsnFix: supprimé !
C:\Users\Gladys\Downloads\MsnFix: supprimé !

Tu peux supprimer ToolsCleaner.

Bonne nuit