tres UrGent SVP ...merci D'avance

[Jeanna88]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:10, on 23/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [chkgenapl] C:\ProgramData\chkgenapl\xcnofgzc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [c00148FE] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00148FE.mat", sh
O4 - HKCU\..\Run: [c0082240] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0082240.mat", sh
O4 - HKCU\..\Run: [c00A6900] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00A6900.mat", sh
O4 - HKCU\..\Run: [c0059A4A] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0059A4A.mat", sh
O4 - HKCU\..\Run: [c0081AA0] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0081AA0.mat", sh
O4 - HKCU\..\Run: [c00CB729] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CB729.mat", sh
O4 - HKCU\..\Run: [c0034D1] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0034D1.mat", sh
O4 - HKCU\..\Run: [c00E52AA] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E52AA.mat", sh
O4 - HKCU\..\Run: [c00D14C4] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00D14C4.mat", sh
O4 - HKCU\..\Run: [c00D4C8E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00D4C8E.mat", sh
O4 - HKCU\..\Run: [c00BEB10] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00BEB10.mat", sh
O4 - HKCU\..\Run: [Lsass Service] C:\Users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\lsass.exe
O4 - HKCU\..\Run: [c00A2690] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00A2690.mat", sh
O4 - HKCU\..\Run: [c0099DD8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0099DD8.mat", sh
O4 - HKCU\..\Run: [c004772B] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c004772B.mat", sh
O4 - HKCU\..\Run: [c00EC346] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00EC346.mat", sh
O4 - HKCU\..\Run: [c005F81E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c005F81E.mat", sh
O4 - HKCU\..\Run: [c00A8BE9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00A8BE9.mat", sh
O4 - HKCU\..\Run: [c003549C] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c003549C.mat", sh
O4 - HKCU\..\Run: [c00B156A] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00B156A.mat", sh
O4 - HKCU\..\Run: [c0076E64] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0076E64.mat", sh
O4 - HKCU\..\Run: [c0056690] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0056690.mat", sh
O4 - HKCU\..\Run: [c007D70] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c007D70.mat", sh
O4 - HKCU\..\Run: [c0040B99] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0040B99.mat", sh
O4 - HKCU\..\Run: [c00CA368] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CA368.mat", sh
O4 - HKCU\..\Run: [c00992C9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00992C9.mat", sh
O4 - HKCU\..\Run: [c0018157] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0018157.mat", sh
O4 - HKCU\..\Run: [c0065844] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0065844.mat", sh
O4 - HKCU\..\Run: [c009F6E4] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c009F6E4.mat", sh
O4 - HKCU\..\Run: [c00E07F8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E07F8.mat", sh
O4 - HKCU\..\Run: [c00DC9C3] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00DC9C3.mat", sh
O4 - HKCU\..\Run: [c006A3F8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c006A3F8.mat", sh
O4 - HKCU\..\Run: [c00F07C9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00F07C9.mat", sh
O4 - HKCU\..\Run: [c00CB411] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CB411.mat", sh
O4 - HKCU\..\Run: [c005E0F4] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c005E0F4.mat", sh
O4 - HKCU\..\Run: [c0039AA8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0039AA8.mat", sh
O4 - HKCU\..\Run: [c00C68E2] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00C68E2.mat", sh
O4 - HKCU\..\Run: [c0068E3E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0068E3E.mat", sh
O4 - HKCU\..\Run: [c0028CF1] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0028CF1.mat", sh
O4 - HKCU\..\Run: [c003095E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c003095E.mat", sh
O4 - HKCU\..\Run: [c008C650] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c008C650.mat", sh
O4 - HKCU\..\Run: [c00F5900] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00F5900.mat", sh
O4 - HKCU\..\Run: [c009B621] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c009B621.mat", sh
O4 - HKCU\..\Run: [c00E4AB9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E4AB9.mat", sh
O4 - HKCU\..\Run: [c0012D87] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0012D87.mat", sh
O4 - HKCU\..\Run: [c0049B2] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0049B2.mat", sh
O4 - HKCU\..\Run: [c0088490] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0088490.mat", sh
O4 - HKCU\..\Run: [c00D62D2] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00D62D2.mat", sh
O4 - HKCU\..\Run: [c001F6C0] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c001F6C0.mat", sh
O4 - HKCU\..\Run: [c0036694] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0036694.mat", sh
O4 - HKCU\..\Run: [c0059853] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0059853.mat", sh
O4 - HKCU\..\Run: [c008CF04] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c008CF04.mat", sh
O4 - HKCU\..\Run: [c00DA4AC] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00DA4AC.mat", sh
O4 - HKCU\..\Run: [c00237D8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00237D8.mat", sh
O4 - HKCU\..\Run: [c00CC689] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CC689.mat", sh
O4 - HKCU\..\Run: [c00281EE] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00281EE.mat", sh
O4 - HKCU\..\Run: [c00E9624] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E9624.mat", sh
O4 - HKCU\..\Run: [c001676B] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c001676B.mat", sh
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 212.25.53.252,212.27.54.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 18899 bytes

[bernard53]

Bonjour Jeanna88

fait ceci stp.


UAC désactivé[/color]
<<Désactiver l’UAC de VISTA>>


Télécharge Combofix.exe sur ton Bureau (et pas ailleurs).
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique Combofix.exe.

Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.
Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.

Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme
INFO
Si, par malchance, vous n'avez plus accès à votre connexion Internet après avoir fait tourner ComboFix, la première chose à essayer est de faire redémarrer votre ordinateur.
Cette seule manip devrait corriger la grande majorité des problèmes de non-connexion à Internet après l'utilisation de [/g]ComboFix.[/g] Si vous n'avez toujours pas de connexion Internet après avoir redémarré, exécutez les étapes suivantes:
1. Cliquez sur le bouton Démarrer.
2. Cliquez sur l'option de menu Paramètres.
3. Cliquez sur l'option Panneau de configuration.
4. Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau
5. . Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet. puis cliquez sur Connexions réseau .tout en bas.
6. Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
7. Vous verrez alors un menu similaire à celui de l'image ci-dessous. Cliquez simplement sur l'option de menu Réparer. .



8. Laissez le processus de réparation se dérouler, et lorsqu'il a terminé, votre connexion Internet devrait être de nouveau opérationnelle.
Sinon, si une icône de votre réseau apparaît aussi dans la barre des tâches Windows, vous pouvez la réparer en faisant un clic droit sur l'icône et en choisissant Réparer comme le montre l'image ci-dessous:

[Jeanna88]

pour bernard53 ...

désactiver l'UAC (je le fais ou je passe directement au téléchargement?)

[bernard53]

OUI

[Jeanna88]

ComboFix 08-11-22.02 - KOCHETSIAN 2008-11-23 17:41:17.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.455 [GMT 1:00]
Lancé depuis: c:\users\KOCHETSIAN\Desktop\ComboFix..exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FBrowserAdvisor
c:\program files\FBrowsingAdvisor
c:\program files\FBrowsingAdvisor\IXPCOMEvents.xpt
c:\program files\FBrowsingAdvisor\Logo.png
c:\program files\FBrowsingAdvisor\main.db
c:\program files\FBrowsingAdvisor\unins000.dat
c:\program files\FBrowsingAdvisor\unins000.exe
c:\program files\FBrowsingAdvisor\XPCOMEvents.dll
c:\program files\PlayMP3z
c:\program files\PlayMP3z\uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


((((((((((((((((((((((((((((( Fichiers créés du 2008-10-23 au 2008-11-23 ))))))))))))))))))))))))))))))))))))
.

2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00E0F4E.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00CEE83.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00CAED2.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00C9BAA.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00A967F.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c00A1836.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c0074E99.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c0061BA2.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c004DA21.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c002147A.mat
2008-11-23 17:49 . 2008-11-23 17:49 21,152 --ahs---- c:\windows\System32\c001A0AE.mat
2008-11-23 17:26 . 2008-11-23 17:26 21,152 --ahs---- c:\windows\System32\c00EE8CE.mat
2008-11-23 17:24 . 2008-11-23 17:24 21,152 --ahs---- c:\windows\System32\c0052EE2.mat
2008-11-23 16:09 . 2008-11-23 16:09 <REP> d-------- c:\program files\Trend Micro
2008-11-23 13:54 . 2008-11-23 13:58 <REP> d-------- c:\users\All Users\Lavasoft
2008-11-23 13:54 . 2008-11-23 13:58 <REP> d-------- c:\programdata\Lavasoft
2008-11-23 13:54 . 2008-11-23 13:54 <REP> d-------- c:\program files\Lavasoft
2008-11-23 13:39 . 2008-11-23 13:39 <REP> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-23 13:11 . 2008-11-23 15:39 <REP> d--h----- C:\$AVG8.VAULT$
2008-11-23 13:09 . 2008-11-23 13:09 69,128 --a------ c:\windows\System32\drivers\avgwfpx.sys
2008-11-23 13:09 . 2008-11-23 13:09 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-23 13:08 . 2008-11-23 13:11 <REP> d-------- c:\windows\System32\drivers\Avg
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\users\All Users\avg8
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\programdata\avg8
2008-11-23 13:08 . 2008-11-23 13:08 <REP> d-------- c:\program files\AVG
2008-11-23 13:08 . 2008-11-23 13:08 97,928 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-14 09:58 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-14 09:58 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-14 09:58 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-14 09:58 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-14 09:57 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-14 09:57 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-14 09:57 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-14 09:57 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-14 09:57 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-13 00:12 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-13 00:12 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-13 00:12 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 00:12 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-13 00:12 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-01 10:50 . 2008-11-01 10:50 <REP> d-------- c:\users\All Users\hps
2008-11-01 10:50 . 2008-11-01 10:50 <REP> d-------- c:\programdata\hps
2008-11-01 10:48 . 2008-11-01 10:48 <REP> d-------- c:\program files\SNAPFISH
2008-10-30 18:06 . 2008-08-06 04:27 1,244,672 --a------ c:\windows\System32\mcmde.dll
2008-10-30 18:06 . 2008-08-06 04:27 428,032 --a------ c:\windows\System32\EncDec.dll
2008-10-30 18:06 . 2008-08-06 04:27 292,352 --a------ c:\windows\System32\psisdecd.dll
2008-10-30 18:06 . 2008-08-06 04:26 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-30 18:06 . 2008-08-06 04:26 177,152 --a------ c:\windows\System32\mpg2splt.ax
2008-10-30 18:06 . 2008-08-06 04:26 80,896 --a------ c:\windows\System32\MSNP.ax
2008-10-30 18:06 . 2008-08-06 04:26 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2008-10-30 18:06 . 2008-08-06 04:26 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2008-10-30 18:05 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll
2008-10-30 18:05 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 16:50 --------- d-----w c:\program files\Lx_cats
2008-11-23 12:47 --------- d-----w c:\program files\Norton Internet Security
2008-11-23 12:16 --------- d-----w c:\programdata\gvudklsh
2008-11-23 12:15 --------- d-----w c:\programdata\Symantec
2008-11-23 12:15 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-21 22:32 --------- d-----w c:\users\KOCHETSIAN\AppData\Roaming\LimeWire
2008-11-17 10:24 --------- d-----w c:\programdata\Microsoft Help
2008-10-21 16:34 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-21 08:30 --------- d-----w c:\program files\Common Files\Adobe
2008-10-21 08:27 --------- d-----w c:\programdata\NOS
2008-10-21 08:25 --------- d-----w c:\program files\Google
2008-10-21 08:24 --------- d-----w c:\program files\NOS
2008-10-21 07:39 --------- d-----w c:\programdata\chkgenapl
2008-10-16 01:09 --------- d-----w c:\program files\Windows Mail
2008-10-14 19:40 --------- d-----w c:\program files\Sun
2008-10-14 19:39 --------- d-----w c:\program files\Java
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-09-26 12:18 --------- d-----w c:\programdata\WLInstaller
2008-09-04 10:14 3,310,392 ----a-w c:\users\Public\hotbar.exe
2008-07-09 15:53 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-17 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-21 171448]
"c00148FE"="c:\users\KOCHETSIAN\AppData\Roaming\c00148FE.mat" [2008-11-23 21152]
"c0082240"="c:\users\KOCHETSIAN\AppData\Roaming\c0082240.mat" [2008-11-23 21152]
"c00A6900"="c:\users\KOCHETSIAN\AppData\Roaming\c00A6900.mat" [2008-11-23 21152]
"c0059A4A"="c:\users\KOCHETSIAN\AppData\Roaming\c0059A4A.mat" [2008-11-23 21152]
"c0081AA0"="c:\users\KOCHETSIAN\AppData\Roaming\c0081AA0.mat" [2008-11-23 21152]
"c00CB729"="c:\users\KOCHETSIAN\AppData\Roaming\c00CB729.mat" [2008-11-23 21152]
"c0034D1"="c:\users\KOCHETSIAN\AppData\Roaming\c0034D1.mat" [2008-11-23 21152]
"c00E52AA"="c:\users\KOCHETSIAN\AppData\Roaming\c00E52AA.mat" [2008-11-23 21152]
"c00D14C4"="c:\users\KOCHETSIAN\AppData\Roaming\c00D14C4.mat" [2008-11-23 21152]
"c00D4C8E"="c:\users\KOCHETSIAN\AppData\Roaming\c00D4C8E.mat" [2008-11-23 21152]
"c00BEB10"="c:\users\KOCHETSIAN\AppData\Roaming\c00BEB10.mat" [2008-11-23 21152]
"c00A2690"="c:\users\KOCHETSIAN\AppData\Roaming\c00A2690.mat" [2008-11-23 21152]
"c0099DD8"="c:\users\KOCHETSIAN\AppData\Roaming\c0099DD8.mat" [2008-11-23 21152]
"c004772B"="c:\users\KOCHETSIAN\AppData\Roaming\c004772B.mat" [2008-11-23 21152]
"c00EC346"="c:\users\KOCHETSIAN\AppData\Roaming\c00EC346.mat" [2008-11-23 21152]
"c005F81E"="c:\users\KOCHETSIAN\AppData\Roaming\c005F81E.mat" [2008-11-23 21152]
"c00A8BE9"="c:\users\KOCHETSIAN\AppData\Roaming\c00A8BE9.mat" [2008-11-23 21152]
"c003549C"="c:\users\KOCHETSIAN\AppData\Roaming\c003549C.mat" [2008-11-23 21152]
"c00B156A"="c:\users\KOCHETSIAN\AppData\Roaming\c00B156A.mat" [2008-11-23 21152]
"c0076E64"="c:\users\KOCHETSIAN\AppData\Roaming\c0076E64.mat" [2008-11-23 21152]
"c0056690"="c:\users\KOCHETSIAN\AppData\Roaming\c0056690.mat" [2008-11-23 21152]
"c007D70"="c:\users\KOCHETSIAN\AppData\Roaming\c007D70.mat" [2008-11-23 21152]
"c0040B99"="c:\users\KOCHETSIAN\AppData\Roaming\c0040B99.mat" [2008-11-23 21152]
"c00CA368"="c:\users\KOCHETSIAN\AppData\Roaming\c00CA368.mat" [2008-11-23 21152]
"c00992C9"="c:\users\KOCHETSIAN\AppData\Roaming\c00992C9.mat" [2008-11-23 21152]
"c0018157"="c:\users\KOCHETSIAN\AppData\Roaming\c0018157.mat" [2008-11-23 21152]
"c0065844"="c:\users\KOCHETSIAN\AppData\Roaming\c0065844.mat" [2008-11-23 21152]
"c009F6E4"="c:\users\KOCHETSIAN\AppData\Roaming\c009F6E4.mat" [2008-11-23 21152]
"c00E07F8"="c:\users\KOCHETSIAN\AppData\Roaming\c00E07F8.mat" [2008-11-23 21152]
"c00DC9C3"="c:\users\KOCHETSIAN\AppData\Roaming\c00DC9C3.mat" [2008-11-23 21152]
"c006A3F8"="c:\users\KOCHETSIAN\AppData\Roaming\c006A3F8.mat" [2008-11-23 21152]
"c00F07C9"="c:\users\KOCHETSIAN\AppData\Roaming\c00F07C9.mat" [2008-11-23 21152]
"c00CB411"="c:\users\KOCHETSIAN\AppData\Roaming\c00CB411.mat" [2008-11-23 21152]
"c005E0F4"="c:\users\KOCHETSIAN\AppData\Roaming\c005E0F4.mat" [2008-11-23 21152]
"c0039AA8"="c:\users\KOCHETSIAN\AppData\Roaming\c0039AA8.mat" [2008-11-23 21152]
"c00C68E2"="c:\users\KOCHETSIAN\AppData\Roaming\c00C68E2.mat" [2008-11-23 21152]
"c0068E3E"="c:\users\KOCHETSIAN\AppData\Roaming\c0068E3E.mat" [2008-11-23 21152]
"c0028CF1"="c:\users\KOCHETSIAN\AppData\Roaming\c0028CF1.mat" [2008-11-23 21152]
"c003095E"="c:\users\KOCHETSIAN\AppData\Roaming\c003095E.mat" [2008-11-23 21152]
"c008C650"="c:\users\KOCHETSIAN\AppData\Roaming\c008C650.mat" [2008-11-23 21152]
"c00F5900"="c:\users\KOCHETSIAN\AppData\Roaming\c00F5900.mat" [2008-11-23 21152]
"c009B621"="c:\users\KOCHETSIAN\AppData\Roaming\c009B621.mat" [2008-11-23 21152]
"c00E4AB9"="c:\users\KOCHETSIAN\AppData\Roaming\c00E4AB9.mat" [2008-11-23 21152]
"c0012D87"="c:\users\KOCHETSIAN\AppData\Roaming\c0012D87.mat" [2008-11-23 21152]
"c0049B2"="c:\users\KOCHETSIAN\AppData\Roaming\c0049B2.mat" [2008-11-23 21152]
"c0088490"="c:\users\KOCHETSIAN\AppData\Roaming\c0088490.mat" [2008-11-23 21152]
"c00D62D2"="c:\users\KOCHETSIAN\AppData\Roaming\c00D62D2.mat" [2008-11-23 21152]
"c001F6C0"="c:\users\KOCHETSIAN\AppData\Roaming\c001F6C0.mat" [2008-11-23 21152]
"c0036694"="c:\users\KOCHETSIAN\AppData\Roaming\c0036694.mat" [2008-11-23 21152]
"c0059853"="c:\users\KOCHETSIAN\AppData\Roaming\c0059853.mat" [2008-11-23 21152]
"c008CF04"="c:\users\KOCHETSIAN\AppData\Roaming\c008CF04.mat" [2008-11-23 21152]
"c00DA4AC"="c:\users\KOCHETSIAN\AppData\Roaming\c00DA4AC.mat" [2008-11-23 21152]
"c00237D8"="c:\users\KOCHETSIAN\AppData\Roaming\c00237D8.mat" [2008-11-23 21152]
"c00CC689"="c:\users\KOCHETSIAN\AppData\Roaming\c00CC689.mat" [2008-11-23 21152]
"c00281EE"="c:\users\KOCHETSIAN\AppData\Roaming\c00281EE.mat" [2008-11-23 21152]
"c00E9624"="c:\users\KOCHETSIAN\AppData\Roaming\c00E9624.mat" [2008-11-23 21152]
"c001676B"="c:\users\KOCHETSIAN\AppData\Roaming\c001676B.mat" [2008-11-23 21152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-05-31 326440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 106496]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 c:\windows\RtHDVCpl.exe]

c:\users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\microsoft shared\Works Shared\WkCalRem.exe [2005-08-19 21504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-07-10 535336]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]
2008-11-23 17:23 21152 c:\windows\System32\c0047749.mat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
2008-11-23 17:23 21152 c:\windows\System32\c00ADB6B.mat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\c00ADB6B.mat
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3815E209-4DF2-4CF0-964F-63927FBFE08A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0C32ACE3-DA1F-469C-8D0C-C4C84671DB56}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9AB5D548-055F-46CC-AEBD-1CE92040AD12}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{502682E7-90CF-4F26-BE2C-4F130217E089}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{C813634F-E083-42C3-8D99-43CCF431AB68}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{9748B18D-317B-4A5D-BC20-2D901242E061}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{4F268D44-BCDD-41BF-ADE1-48D7DE77657C}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{16D8DD22-0B97-4C7B-9FCA-950951B0419E}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{1559055D-B1E4-4576-B221-EC793993CEC3}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{C4D5D04F-52D7-477F-8580-47D2D1027AAB}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{11972C48-DE48-43F8-9810-5799477DD221}"= UDP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{24B3ADCE-9BAF-4D33-B32C-8827D8600A1E}"= TCP:c:\windows\System32\lxctcoms.exe:Lexmark Communications System
"{D940F122-4144-4CEC-9004-CF79EC4BCE37}"= UDP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{C767F581-258E-410D-A4E6-93DCEE5BF88F}"= TCP:c:\program files\Lexmark 5400 Series\lxctmon.exe:Device Monitor
"{92C8C310-9BCB-4D1A-A787-92E305D9DB47}"= UDP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{EC612D7B-6318-4980-926C-A2AC0CC45718}"= TCP:c:\program files\Lexmark 5400 Series\LXCTaiox.exe:All In One Center
"{F4AC808C-BC1F-458B-ACCB-6399C978C1A0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A3B8A4C-9CA5-406C-ACF7-F8E4509A7476}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6135D568-1B14-41E9-8ED7-2BA6543B1F6B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{364CC453-C577-463B-AB20-C415F65286F1}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{21FD40DB-A3F8-4DCF-B0F7-4A5859DECCC8}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{0506DBD2-8448-4366-A74E-C640D8082ED2}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B765C305-95CE-454B-ADE8-F20EA7B5C1D1}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{95A63C58-A16B-408D-8DBF-48D94CE5617F}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{064BA21B-26C5-441B-AFD6-837E40752FCD}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{C0951CD0-29D6-4427-BF73-3C2BB13AC884}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{2CD5CC9E-AF3A-4C8A-B913-15EAAA2CA2AF}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{14C42A1D-5805-44DD-BBA8-73DF02519C3A}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{ADC48264-15D1-4CA4-AFD8-1238C440B7AE}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-23 97928]
R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-07-10 202872]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-09-25 2929664]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\system32\Drivers\avgwfpx.sys [2008-11-23 69128]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-07-10 46592]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-07-10 454520]

*Newly Created Service* - COMHOST
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-chkgenapl - c:\programdata\chkgenapl\xcnofgzc.exe
HKCU-Run-Lsass Service - c:\users\KOCHETSIAN\AppData\Roaming\Microsoft\Windows\lsass.exe
HKCU-Run-Acer Tour Reminder - (no file)
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
Notify-c0012D87 - c0012D87.mat
Notify-c00148FE - c00148FE.mat
Notify-c001676B - c001676B.mat
Notify-c0018157 - c0018157.mat
Notify-c001F6C0 - c001F6C0.mat
Notify-c00237D8 - c00237D8.mat
Notify-c00281EE - c00281EE.mat
Notify-c0028CF1 - c0028CF1.mat
Notify-c003095E - c003095E.mat
Notify-c0034D1 - c0034D1.mat
Notify-c003549C - c003549C.mat
Notify-c0036694 - c0036694.mat
Notify-c0039AA8 - c0039AA8.mat
Notify-c0040B99 - c0040B99.mat
Notify-c004772B - c004772B.mat
Notify-c0049B2 - c0049B2.mat
Notify-c0056690 - c0056690.mat
Notify-c0059853 - c0059853.mat
Notify-c0059A4A - c0059A4A.mat
Notify-c005E0F4 - c005E0F4.mat
Notify-c005F81E - c005F81E.mat
Notify-c0065844 - c0065844.mat
Notify-c0068E3E - c0068E3E.mat
Notify-c006A3F8 - c006A3F8.mat
Notify-c0076E64 - c0076E64.mat
Notify-c0081AA0 - c0081AA0.mat
Notify-c0082240 - c0082240.mat
Notify-c0088490 - c0088490.mat
Notify-c008C650 - c008C650.mat
Notify-c008CF04 - c008CF04.mat
Notify-c00992C9 - c00992C9.mat
Notify-c0099DD8 - c0099DD8.mat
Notify-c009B621 - c009B621.mat
Notify-c009F6E4 - c009F6E4.mat
Notify-c00A2690 - c00A2690.mat
Notify-c00A6900 - c00A6900.mat
Notify-c00A8BE9 - c00A8BE9.mat
Notify-c00B156A - c00B156A.mat
Notify-c00BEB10 - c00BEB10.mat
Notify-c00C68E2 - c00C68E2.mat
Notify-c00CA368 - c00CA368.mat
Notify-c00CB411 - c00CB411.mat
Notify-c00CB729 - c00CB729.mat
Notify-c00CC689 - c00CC689.mat
Notify-c00D14C4 - c00D14C4.mat
Notify-c00D4C8E - c00D4C8E.mat
Notify-c00D62D2 - c00D62D2.mat
Notify-c00DA4AC - c00DA4AC.mat
Notify-c00DC9C3 - c00DC9C3.mat
Notify-c00E07F8 - c00E07F8.mat
Notify-c00E4AB9 - c00E4AB9.mat
Notify-c00E52AA - c00E52AA.mat
Notify-c00E9624 - c00E9624.mat
Notify-c00EC346 - c00EC346.mat
Notify-c00F07C9 - c00F07C9.mat
Notify-c00F5900 - c00F5900.mat



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 17:50:18
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...


c:\users\KOCHET~1\AppData\Local\Temp\wmplog00.sqm 1394 bytes
c:\users\KOCHET~1\AppData\Local\Temp\WPDNSE


**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00D9E40.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\c00ADB6B.mat

- - - - - - - > 'Explorer.exe'(4452)
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxctcoms.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\windows\System32\WUDFHost.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\combofix\hidec.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\System32\conime.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Heure de fin: 2008-11-23 17:57:55 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-23 16:56:30

Avant-CF: 67 485 106 176 octets libres
Après-CF: 67,647,750,144 octets libres

429 --- E O F --- 2008-11-14 09:12:33

[Jeanna88]

je vien de te fair un copier/coller des résultats du bloct-notes qui s'est affiché a la fin.... qu'est-ce que je fais maintenant et aussi je peux reActiver L'UAC

[chantal11]

Bonsoir,

Jeanna88, tu dois cliquer sur "Répondre" pour rester dans ton topic.
Si tu cliques sur "Nouveau" cela t'ouvre automatiquement un nouveau sujet

Merci

[bernard53]

je regarde cela et mets la suite.

[Jeanna88]

okii chantal merci je suis nouvelle c pr sa ke je capte pa tro

[Jeanna88]

OUI

dsl si je te casse les pieds

[chantal11]

Bonsoir,

Ce n'est pas grave Jeanna88, ne te tracasses pas pour çà
Je te le signalais juste, pour ne pas avoir à fusionner les sujets à chacune de tes réponses

[bernard53]

Ouvre le Menu Démarrer > Exécuter
Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

fsutil file createnew "%userprofile%\desktop\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

File::
c:\windows\System32\c00E0F4E.mat
c:\windows\System32\c00CEE83.mat
c:\windows\System32\c00CAED2.mat
c:\windows\System32\c00C9BAA.mat
c:\windows\System32\c00A967F.mat
c:\windows\System32\c00A1836.mat
c:\windows\System32\c0074E99.mat
c:\windows\System32\c0061BA2.mat
c:\windows\System32\c004DA21.mat
c:\windows\System32\c002147A.mat
c:\windows\System32\c001A0AE.mat
c:\windows\System32\c00EE8CE.mat
c:\windows\System32\c0052EE2.mat
c:\programdata\gvudklsh
c:\programdata\chkgenapl
c:\users\Public\hotbar.exe
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c0074E99.mat
c:\windows\system32\c00A967F.mat
c:\windows\system32\c004DA21.mat
c:\windows\system32\c001A0AE.mat
c:\windows\system32\c00E0F4E.mat
c:\windows\system32\c0061BA2.mat
c:\windows\system32\c00CAED2.mat
c:\windows\system32\c002147A.mat
c:\windows\system32\c00CEE83.mat
c:\windows\system32\c00A1836.mat
c:\windows\system32\c00C9BAA.mat
c:\windows\system32\c00F7FF3.mat
c:\windows\system32\c008AEBC.mat
c:\windows\system32\c008283E.mat
c:\windows\system32\c00CCB10.mat
c:\windows\system32\c00E7BDD.mat
c:\windows\system32\c007F6B3.mat
c:\windows\system32\c0090E22.mat
c:\windows\system32\c008501C.mat
c:\windows\system32\c008A18.mat
c:\windows\system32\c0032638.mat
c:\windows\system32\c008128A.mat
c:\windows\system32\c007D331.mat
c:\windows\system32\c0028D04.mat
c:\windows\system32\c00D4B01.mat
c:\windows\system32\c001121E.mat
c:\windows\system32\c004C25A.mat
c:\windows\system32\c00CA190.mat
c:\windows\system32\c0098251.mat
c:\windows\system32\c0049628.mat
c:\windows\system32\c00C42C7.mat
c:\windows\system32\c00AD432.mat
c:\windows\system32\c002B97E.mat
c:\windows\system32\c00DE3D6.mat
c:\windows\system32\c0049A72.mat
c:\windows\system32\c00F05B3.mat
c:\windows\system32\c005BA19.mat
c:\windows\system32\c00A09E0.mat
c:\windows\system32\c0010BD4.mat
c:\windows\system32\c00FB29C.mat
c:\windows\system32\c00CB2F9.mat
c:\windows\system32\c0082532.mat
c:\windows\system32\c00301F4.mat
c:\windows\system32\c0064A9.mat
c:\windows\system32\c0016368.mat
c:\windows\system32\c002104.mat
c:\windows\system32\c00D3910.mat
c:\windows\system32\c00848ED.mat
c:\windows\system32\c001B466.mat
c:\windows\system32\c006A534.mat
c:\windows\system32\c00ADB6B.mat
c:\windows\system32\c00ADB6B.mat


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c00148FE"=-
"c0082240"=-
"c00A6900"=-
"c0059A4A"=-
"c0081AA0"=-
"c00CB729"=-
"c0034D1"=-
"c00E52AA"=-
"c00D14C4"=-
"c00D4C8E"=-
"c00BEB10"=-
"c00A2690"=-
"c0099DD8"=-
"c004772B"=-
"c00EC346"=-
"c005F81E"=-
"c00A8BE9"=-
"c003549C"=-
"c00B156A"=-
"c0076E64"=-
"c0056690"=-
"c007D70"=-
"c0040B99"=-
"c00CA368"=-
"c00992C9"=-
"c0018157"=-
"c0065844"=-
"c009F6E4"=-
"c00E07F8"=-
"c00DC9C3"=-
"c006A3F8"=-
"c00F07C9"=-
"c00CB411"=-
"c005E0F4"=-
"c0039AA8"=-
"c00C68E2"=-
"c0068E3E"=-
"c0028CF1"=-
"c003095E"=-
"c008C650"=-
"c00F5900"=-
"c009B621"=-
"c00E4AB9"=-
"c0012D87"=-
"c0049B2"=-
"c0088490"=-
"c00D62D2"=-
"c001F6C0"=-
"c0036694"=-
"c0059853"=-
"c008CF04"=-
"c00DA4AC"=-
"c00237D8"=-
"c00CC689"=-
"c00281EE"=-
"c00E9624"=-
"c001676B"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c0047749]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00ADB6B]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Folders::
c:\programdata\gvudklsh
c:\programdata\chkgenapl

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:



Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ensuite mets un nouveau rapport HijackThis.




Attention ceci est valable que pour ce post.

[Jeanna88]

mais moi j'ai pas executer dans Démarrer

[Jeanna88]

a si sayé jai trouver

[Jeanna88]

BERNARD53Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:59:24, on 23/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [c00148FE] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00148FE.mat", sh
O4 - HKCU\..\Run: [c0082240] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0082240.mat", sh
O4 - HKCU\..\Run: [c00A6900] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00A6900.mat", sh
O4 - HKCU\..\Run: [c0059A4A] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0059A4A.mat", sh
O4 - HKCU\..\Run: [c0081AA0] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0081AA0.mat", sh
O4 - HKCU\..\Run: [c00CB729] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CB729.mat", sh
O4 - HKCU\..\Run: [c0034D1] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0034D1.mat", sh
O4 - HKCU\..\Run: [c00E52AA] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E52AA.mat", sh
O4 - HKCU\..\Run: [c00D14C4] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00D14C4.mat", sh
O4 - HKCU\..\Run: [c00D4C8E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00D4C8E.mat", sh
O4 - HKCU\..\Run: [c00BEB10] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00BEB10.mat", sh
O4 - HKCU\..\Run: [c00A2690] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00A2690.mat", sh
O4 - HKCU\..\Run: [c0099DD8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0099DD8.mat", sh
O4 - HKCU\..\Run: [c004772B] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c004772B.mat", sh
O4 - HKCU\..\Run: [c00EC346] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00EC346.mat", sh
O4 - HKCU\..\Run: [c005F81E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c005F81E.mat", sh
O4 - HKCU\..\Run: [c00A8BE9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00A8BE9.mat", sh
O4 - HKCU\..\Run: [c003549C] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c003549C.mat", sh
O4 - HKCU\..\Run: [c00B156A] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00B156A.mat", sh
O4 - HKCU\..\Run: [c0076E64] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0076E64.mat", sh
O4 - HKCU\..\Run: [c0056690] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0056690.mat", sh
O4 - HKCU\..\Run: [c007D70] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c007D70.mat", sh
O4 - HKCU\..\Run: [c0040B99] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0040B99.mat", sh
O4 - HKCU\..\Run: [c00CA368] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CA368.mat", sh
O4 - HKCU\..\Run: [c00992C9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00992C9.mat", sh
O4 - HKCU\..\Run: [c0018157] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0018157.mat", sh
O4 - HKCU\..\Run: [c0065844] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0065844.mat", sh
O4 - HKCU\..\Run: [c009F6E4] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c009F6E4.mat", sh
O4 - HKCU\..\Run: [c00E07F8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E07F8.mat", sh
O4 - HKCU\..\Run: [c00DC9C3] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00DC9C3.mat", sh
O4 - HKCU\..\Run: [c006A3F8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c006A3F8.mat", sh
O4 - HKCU\..\Run: [c00F07C9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00F07C9.mat", sh
O4 - HKCU\..\Run: [c00CB411] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CB411.mat", sh
O4 - HKCU\..\Run: [c005E0F4] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c005E0F4.mat", sh
O4 - HKCU\..\Run: [c0039AA8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0039AA8.mat", sh
O4 - HKCU\..\Run: [c00C68E2] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00C68E2.mat", sh
O4 - HKCU\..\Run: [c0068E3E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0068E3E.mat", sh
O4 - HKCU\..\Run: [c0028CF1] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0028CF1.mat", sh
O4 - HKCU\..\Run: [c003095E] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c003095E.mat", sh
O4 - HKCU\..\Run: [c008C650] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c008C650.mat", sh
O4 - HKCU\..\Run: [c00F5900] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00F5900.mat", sh
O4 - HKCU\..\Run: [c009B621] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c009B621.mat", sh
O4 - HKCU\..\Run: [c00E4AB9] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E4AB9.mat", sh
O4 - HKCU\..\Run: [c0012D87] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0012D87.mat", sh
O4 - HKCU\..\Run: [c0049B2] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0049B2.mat", sh
O4 - HKCU\..\Run: [c0088490] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0088490.mat", sh
O4 - HKCU\..\Run: [c00D62D2] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00D62D2.mat", sh
O4 - HKCU\..\Run: [c001F6C0] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c001F6C0.mat", sh
O4 - HKCU\..\Run: [c0036694] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0036694.mat", sh
O4 - HKCU\..\Run: [c0059853] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c0059853.mat", sh
O4 - HKCU\..\Run: [c008CF04] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c008CF04.mat", sh
O4 - HKCU\..\Run: [c00DA4AC] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00DA4AC.mat", sh
O4 - HKCU\..\Run: [c00237D8] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00237D8.mat", sh
O4 - HKCU\..\Run: [c00CC689] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00CC689.mat", sh
O4 - HKCU\..\Run: [c00281EE] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00281EE.mat", sh
O4 - HKCU\..\Run: [c00E9624] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c00E9624.mat", sh
O4 - HKCU\..\Run: [c001676B] rundll32.exe "C:\Users\KOCHETSIAN\AppData\Roaming\c001676B.mat", sh
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\microsoft shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C2B218E3-51B5-434A-8775-34E10D41BD45}: NameServer = 212.25.53.252,212.27.54.252
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\system32\c00ADB6B.mat
O20 - Winlogon Notify: c0047749 - C:\Windows\SYSTEM32\c0047749.mat
O20 - Winlogon Notify: c00ADB6B - C:\Windows\SYSTEM32\c00ADB6B.mat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxct_device - - C:\Windows\system32\lxctcoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 17943 bytes