kalmouke

ouh la la !!! tu crois que je vais savoir faire tout ça ??... je vais essayer de suivre toutes ces instructions les unes après les autres ! je laisse les désactivations actives (tes précédentes instructions) ? je n'ai rien vu sur le sujet dans ce dernier message. juste par curiosité, ça a fait quoi de désactiver ? Encore grand merci !

et voilà le rapport !!... cette fois du premier coup ! ComboFix 09-08-20.07 - Aline 21/08/2009 21:23.1.2 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.895.380 [GMT 2:00] Running from: c:\documents and settings\Aline\Bureau\ComboFix.exe AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: Pare-feu BitDefender *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Corinne\RavMonLog c:\documents and settings\Jacky\RavMonLog c:\windows\emMON.exe c:\windows\Installer\36f62.msi c:\windows\Installer\42813d.msp c:\windows\Installer\WMEncoder.msi c:\windows\jestertb.dll c:\windows\kb913800.exe F:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 ))))))))))))))))))))))))))))))) . 2009-08-21 17:39 . 2009-08-21 17:40 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-08-20 14:16 . 2009-08-20 14:16 -------- d-----w- C:\HJT 2009-08-20 13:59 . 2009-08-20 13:59 -------- d-----w- C:\UsbFix 2009-08-15 06:43 . 2009-08-15 06:43 -------- d-----w- c:\windows\system32\tmp00000bc3 2009-08-12 19:01 . 2009-08-12 19:01 -------- d-----w- c:\documents and settings\Corinne\Application Data\BitDefender 2009-08-12 07:09 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 10:18 . 2009-08-09 10:18 -------- d-----w- c:\windows\system32\tmp0000009c 2009-08-08 18:55 . 2009-08-08 18:55 -------- d-----w- c:\windows\system32\tmp00005780 2009-08-08 14:10 . 2009-08-08 14:10 -------- d-----w- c:\program files\trend micro 2009-08-08 14:10 . 2009-08-08 14:10 -------- d-----w- C:\rsit 2009-08-08 07:05 . 2009-08-08 07:05 -------- d-----w- c:\windows\system32\tmp00004772 2009-08-07 12:31 . 2009-08-07 12:31 -------- d-----w- c:\windows\system32\tmp0000522e 2009-08-07 12:19 . 2009-08-07 12:19 -------- d-----w- c:\documents and settings\Aline\Application Data\BitDefender 2009-08-07 12:19 . 2009-08-07 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2009-08-07 11:19 . 2009-08-07 11:19 -------- d-----w- c:\windows\system32\tmp00005aad 2009-08-07 10:39 . 2009-08-07 10:39 -------- d-----w- c:\windows\system32\tmp00007dcd 2009-08-07 10:18 . 2009-08-07 10:18 -------- d-----w- c:\windows\softsec 2009-08-07 10:18 . 2009-08-07 10:18 -------- d-----w- c:\program files\Traceo IP 2009-08-07 10:11 . 2009-08-07 10:11 -------- d-----w- c:\windows\system32\Logs 2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-21 19:32 . 2008-09-15 08:35 81984 ----a-w- c:\windows\system32\bdod.bin 2009-08-21 18:53 . 2009-08-21 18:53 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys.upd 2009-08-07 11:04 . 2009-08-07 11:04 242184 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys.upd 2009-08-07 11:04 . 2009-08-07 11:04 111112 ----a-w- c:\windows\system32\drivers\bdfm.sys.upd 2009-08-07 11:04 . 2009-02-12 14:52 104328 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2009-08-07 11:04 . 2009-08-07 11:04 82696 ----a-w- c:\windows\system32\drivers\BDVEDISK.sys.upd 2009-08-05 09:00 . 2004-08-10 03:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 19:03 . 2004-08-10 03:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-10 03:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2006-01-09 18:02 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:40 . 2004-08-10 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:40 . 2004-08-10 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 10:44 . 2004-08-10 03:00 82944 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-15 10:44 . 2004-08-10 03:00 78848 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 19:05 . 2009-06-10 19:05 43532 ---ha-w- c:\windows\system32\mlfcache.dat 2009-06-10 14:14 . 2004-08-10 03:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 07:21 . 2004-08-10 03:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:15 . 2004-08-10 03:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:10 . 2005-06-29 01:56 1297408 ----a-w- c:\windows\system32\quartz.dll 2007-06-15 14:27 . 2007-06-15 14:27 251 ----a-w- c:\program files\wt3d.ini 2008-03-09 07:57 . 2008-03-09 07:57 8192 --sha-w- c:\windows\o2cLicStore.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PMCS"="c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-07-25 65536] "MCAnglais"="c:\program files\Micro Application\Micro Classic Anglais\LanceMCAnglais.exe" [2006-03-11 251904] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768] "PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-09-13 176128] "PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2003-11-10 406016] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-08-08 634880] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696] "ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272] "eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088] "Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584] "BisonBar"="c:\windows\BUtilityBar\BisonBar.exe" [2006-09-08 245760] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248] "Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896] "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-06-04 1838592] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-08-21 782336] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-4-2 45056] [HKLM\~\startupfolder\C:^Documents and Settings^Aline^Menu Démarrer^Programmes^Démarrage^FreeBot.lnk] path=c:\documents and settings\Aline\Menu Démarrer\Programmes\Démarrage\FreeBot.lnk backup=c:\windows\pss\FreeBot.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Aline^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] path=c:\documents and settings\Aline\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk backup=c:\windows\pss\Outil de notification Live Search.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk backup=c:\windows\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\System32\\FXSCLNT.exe"= "c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "17514:TCP"= 17514:TCP:NortonAV "13587:TCP"= 13587:TCP:NortonAV "12653:TCP"= 12653:TCP:NortonAV "13835:TCP"= 13835:TCP:NortonAV "15899:TCP"= 15899:TCP:NortonAV "16139:TCP"= 16139:TCP:NortonAV "13681:TCP"= 13681:TCP:NortonAV "13304:TCP"= 13304:TCP:NortonAV "13822:TCP"= 13822:TCP:NortonAV "18640:TCP"= 18640:TCP:NortonAV "18021:TCP"= 18021:TCP:NortonAV "18305:TCP"= 18305:TCP:NortonAV R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [06/10/2008 18:16 82696] R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [02/04/2007 21:35 17664] R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [02/04/2007 21:35 90112] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [02/03/2009 08:31 55152] R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360] R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?] R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [18/09/2008 12:09 111112] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [12/02/2009 16:52 104328] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 19:16 172032] S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [28/05/2008 19:53 21344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-08-21 c:\windows\Tasks\User_Feed_Synchronization-{6E50AC52-99FE-44DE-873E-1707FF2CB70A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-21 21:35 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,b3,36,06,bf,36, a5,a4,55,2e,e8,e1,00,eb,16,2b,de,44,de,55,ee,02,41,ff,61,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,3f,be,d0,2f,73, 85,77,35,46,47,15,b0,92,4b,c7,ef,3f,cc,56,0d,c6,40,a5,67,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f9,e4,69,ed,0e, 9b,02,d2,7a,45,05,fd,91,e8,6f,31,cf,2e,df,15,e7,2b,c3,fb,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,e5,95,cf,f5,43, 57,17,8a,6b,65,49,6a,7e,99,74,f7,4a,fe,b3,0f,06,53,04,37,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,52,6f,52,a3,c4, a6,ab,8c,e9,02,6c,fa,fb,1d,47,57,a7,da,51,0d,65,33,13,9e,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,d0,c3,d7,8a,b8, f0,4f,fa,50,93,e5,ab,ec,6a,4e,ab,b9,a7,7a,1f,6e,c4,29,32,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,bb,d4,4c,65,f4, 2e,43,2f,97,20,4e,9a,c7,f1,35,ee,b8,d3,3d,39,56,2b,ab,25,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,81,ae,e2,63,69, 45,ed,b3,aa,52,c6,00,84,3c,26,64,45,7e,3e,39,d1,e5,11,7d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,50,f1,98,87,6a, 9e,25,41,b2,46,9a,e2,1b,fe,1b,94,22,63,4a,6c,39,6a,f2,37,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,4c,8e,34,b4,80, da,7c,cb,37,a4,aa,c3,a6,15,56,0a,f6,43,25,ca,c4,cc,24,e2,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a4,66,44,7e,f2, 6a,f3,bc,f8,31,0f,a9,5f,a0,ec,fb,b7,ec,7e,b7,d5,e2,19,6d,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,69,a4,b6,21,6b, 0a,fc,07,05,73,21,dd,54,d8,4a,c5,a6,23,dc,c2,a2,19,08,e9,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5152) c:\windows\system32\MSNCHATHOOK.DLL c:\windows\system32\sysenv.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\MFC71U.DLL c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\windows\system32\nvwddi.dll c:\acer\Empowering Technology\ePower\SysHook.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE c:\program files\BitDefender\BitDefender 2009\vsserv.exe c:\acer\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE c:\windows\SYSTEM32\BGSVCGEN.EXE c:\windows\EHOME\EHRECVR.EXE c:\windows\EHOME\EHSCHED.EXE c:\program files\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE c:\acer\EMPOWERING TECHNOLOGY\ELOCK\LOCKSERV.EXE c:\program files\PINNACLE\MEDIASERVER\MICROSOFT SQL SERVER\MSSQL$PINNACLESYS\BINN\SQLSERVR.EXE c:\program files\LAUNCH MANAGER\LMANAGER.EXE c:\windows\SYSTEM32\NVSVC32.EXE c:\program files\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE c:\windows\SYSTEM32\RUNDLL32.EXE c:\acer\EMPOWERING TECHNOLOGY\ELOCK\MONITOR\LOCKMON.EXE c:\windows\SYSTEM32\HPZIPM12.EXE c:\windows\EHOME\EHMSAS.EXE c:\program files\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE c:\windows\SYSTEM32\FXSSVC.EXE c:\windows\EHOME\MCRDSVC.EXE c:\program files\PINNACLE\SHARED FILES\PROGRAMS\MEDIASERVER\PMSHOST.EXE c:\program files\WINDOWS MEDIA PLAYER\WMPNETWK.EXE c:\program files\Micro Application\Micro Classic Anglais\MCAnglais.EXE c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\dllhost.exe c:\program files\BitDefender\BitDefender 2009\seccenter.exe c:\windows\system32\wbem\wmiapsrv.exe c:\docume~1\Aline\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************** . Completion time: 2009-08-21 21:40 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-21 19:40 Pre-Run: 24 534 712 320 octets libres Post-Run: 24 500 699 136 octets libres 318 --- E O F --- 2009-08-12 07:20 -------------------------------------------------------------- qu'en penses-tu ? C'est grave ??

bonjour alors dans la série je suis certainement pas douée ... j'ai lancé l'option 2 : l'ordinateur s'est éteint automatiquement et a redémarré. là , fenêtre USBFIX se prépare à démarrer, veuillez patienter : environ un quart d'heure comme ça... j'aurais peut-être du continuer et ne pas perdre patience ? c'était normal ?? autre question, les désactivations dont tu me parles, ok je sais comment faire (j'ai trouvé !!) mais peux-tu me confirmer que je le fais bien après avoir lancé l'option 2 de usbfix et avoir posté le rapport ? encore désolée de ne rien comprendre..!!

Bonjour, j'ai enfin réussi à obtenir le rapport (relancé USBFIX 3 fois !). le voici : ############################## | UsbFix V6.020 | User : Aline (Administrateurs) # ALINE Update on 20/08/09 by Chiquitine29 Start at: 09:28:35 | 21/08/2009 Website : http://pagesperso-orange.fr/NosTools/index.html AMD Turion 64 X2 Mobile Technology TL-50 Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : Antivirus BitDefender 12.0 [ Enabled | Updated ] FW : Pare-feu BitDefender [ Enabled ]12.0 C:\ -> Disque fixe local # 53,19 Go (23,17 Go free) [ACER] # FAT32 D:\ -> Disque fixe local # 53,69 Go (25,97 Go free) [ACERDATA] # FAT32 E:\ -> Disque CD-ROM F:\ -> Disque fixe local # 465,64 Go (452,37 Go free) [My Book] # FAT32 ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\ehome\ehtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Micro Application\Micro Classic Anglais\MCAnglais.EXE C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\ehome\mcrdsvc.exe c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\DOCUME~1\Aline\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe ################## | Fichiers # Dossiers infectieux | Présent ! C:\autorun.inf Présent ! D:\autorun.inf Présent ! F:\autorun.inf ################## | Suspect ! ... | http://www.virustotal.com | ################## | Registre # Clés Run infectieuses | Présent ! HKLM\software\microsoft\security center "AntiVirusDisableNotify" ( 0x1 ) Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 ) Présent ! HKLM\software\microsoft\security center "FirewallDisableNotify" ( 0x1 ) Présent ! HKLM\software\microsoft\security center "UpdatesDisableNotify" ( 0x1 ) ################## | Registre # Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\D Shell\AutoRun\command =D:\setupSNK.exe HKCU\..\..\Explorer\MountPoints2\{3b48665c-bc79-11dc-bbd0-0016cf9f34f8} Shell\Auto\command =F:\AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{a80d4f08-bdfc-11dc-bbd2-0016cf9f34f8} Shell\Auto\command =F:\AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{eed2445a-5123-11de-8209-0016cf9f34f8} Shell\AutoRun\command =F:\setup.exe ################## | Cracks / Keygens / Serials | ################## | ! Fin du rapport # UsbFix V6.020 ! | ---------------------------------------------------- Merci de votre aide !

Argghhhh ! cette fois -ci usbfix s'arrête à "cle HKCU\software\microsoft\windows\currentversion\run : diagnostic manager" encore une botte magique, chère Angélique ? Merci !!

bon ben cette fois, usbfix s'arrête à clé : HKCU\software\microsoft\windows\currentversion\run : loader.exe. toujours pas de rapport... aurais-je encore fais qqchose de mal ?? Désolée merci de votre patience et à tout à l'heure !

voici le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:13:44, on 20/08/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\bgsvcgen.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\DOCUME~1\Aline\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Micro Application\Micro Classic Anglais\MCAnglais.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Aline\Bureau\UsbFix.exe C:\Documents and Settings\Aline\Local Settings\Temporary Internet Files\Content.IE5\NDQ2JM0E\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1025.0\msneshellx.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1025.0\msneshellx.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" O4 - HKCU\..\Run: [MCAnglais] C:\Program Files\Micro Application\Micro Classic Anglais\LanceMCAnglais.exe Lancement O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Acer Empowering Technology.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LockServ - Unknown owner - C:\Acer\Empowering Technology\eLock\LockServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 12467 bytes

la recherche de usbfx s'est arrêtée à HKLM\software\microsoft\windows\current version\run : winboot (60 % de la recherche) et ne semble pas vouloir continuer plus loin....!!! help !!

"ça ressemble à une infection qui se propage par support USB ..., vu que tu ne precises pas ton systeme d'exploitation , si c'est vista , il faut executer les programmes via clic droit executer en tant qu'administrateur." Bonjour, le système d'exploitation n'est pas Vista mais Windows XP. La manip est-elle identique ? Merci encore

je me rends compte que je n'ai pas été assez claire... j'ai toujours le virus...trojan.autorun.eu. quelqu'un peut-il m'aider à éradiquer ? Merci

Bonjour, J'ai vu sur le site que des réponses existent pour éradiquer "trojan.autorun.eu" qui est détecté par mon bitdefender total security 2009, acheté hier... mais qui n'arrive pas ni à le mettre en quarantaine ni à l'éliminer. Merci de votre aide ... attention, grande débutante !!

ok merci... désolée...débutante !!

Bonjour j'ai exactement le même soucis avec un logiciel Bit defender total security 2009 acheté Hier ! dois-je / puis-je suivre le même protocole ? Y at-til quelqu'un pour m'aider ensuite ???? Merci de l'aide que vous pourrez m'apporter....