MathieuM

Re ! Voici le rapport ! ComboFix 10-10-31.04 - Mathieu 01/11/2010 18:54:32.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3038.1652 [GMT 1:00] Lancé depuis: c:\users\Mathieu\Desktop\plop.exe SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\Mathieu\AppData\Roaming\Bilder c:\users\Mathieu\AppData\Roaming\chrtmp c:\users\Mathieu\AppData\Roaming\Sysutils_Update c:\users\Mathieu\AppData\Roaming\Sysutils_Update\KVCCRUQODW.exe c:\users\Mathieu\AppData\Roaming\Sysutils_Update\TZNVKBTXMA.exe c:\windows\UA000106.DLL . ((((((((((((((((((((((((((((( Fichiers créés du 2010-10-01 au 2010-11-01 )))))))))))))))))))))))))))))))))))) . 2010-11-01 18:10 . 2010-11-01 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-11-01 09:25 . 2010-11-01 13:17 -------- d-----w- c:\programdata\Kaspersky Lab 2010-11-01 09:24 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\82449522.sys 2010-11-01 09:24 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\8244952.sys 2010-11-01 09:24 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\82449521.sys 2010-10-31 23:55 . 2010-10-31 23:55 -------- d-----w- c:\users\Mathieu\AppData\Roaming\Malwarebytes 2010-10-31 23:55 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-31 23:55 . 2010-10-31 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-31 23:55 . 2010-10-31 23:55 -------- d-----w- c:\programdata\Malwarebytes 2010-10-31 23:55 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-31 23:01 . 2010-10-31 23:01 -------- d-----w- c:\program files\Ad-Remover 2010-10-27 09:12 . 2010-08-26 16:01 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-10-27 09:12 . 2010-08-26 14:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-10-24 19:43 . 2010-11-01 08:31 -------- d-----w- c:\users\Mathieu\AppData\Roaming\Service Loader 2010-10-15 01:04 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll 2010-10-14 05:28 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2010-10-14 05:28 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2010-10-13 19:16 . 2010-10-28 12:50 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2010-10-13 19:16 . 2010-10-28 12:50 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2010-10-05 22:33 . 2010-10-05 22:33 733184 ----a-w- c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\IOGBJKOMUY.exe 2010-10-04 21:40 . 2010-10-04 21:40 56320 ---h--w- c:\users\Mathieu\AppData\Roaming\vtmFTl10qZh1.exe 2010-10-04 21:40 . 2010-10-04 21:40 56320 ----a-w- c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\LODOMXHCCO.exe 2010-10-02 20:06 . 2010-10-02 20:06 839712 ----a-w- c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\KVCCRUQODW.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-02 15:45 . 2010-10-02 15:45 839696 ----a-w- c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\TZNVKBTXMA.exe 2010-10-02 15:44 . 2010-10-02 15:44 47616 ----a-w- c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\ACCSQDSQVS.exe 2010-08-26 16:01 . 2010-10-27 09:12 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2010-08-26 16:01 . 2010-10-27 09:12 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2010-08-26 16:01 . 2010-10-27 09:12 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll 2010-08-26 16:01 . 2010-10-27 09:12 541696 ----a-w- c:\windows\apppatch\AcLayers.dll 2010-08-17 13:32 . 2010-09-15 06:21 126464 ----a-w- c:\windows\system32\spoolsv.exe 2010-07-21 11:50 . 2009-11-14 07:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 39408] "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-18 1999608] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "Google Update"="c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-02 135664] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6295552] "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-21 30192] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-26 24576] "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352] OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552] Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-8-13 295606] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-23 29736] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-21 30192] R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\Drivers\L6TPortA.sys [2006-09-29 472832] R3 Service CANALPLAY;Service CANALPLAY;c:\program files\Lecteur CANALPLAY\CanalPlayService.exe [2007-10-01 423584] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752] R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2009-11-26 399424] R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2009-11-26 26688] R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2009-11-26 39488] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232] R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744] S0 82449522;82449522 Boot Guard Driver;c:\windows\system32\DRIVERS\82449522.sys [2009-10-22 37392] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-15 721904] S1 82449521;82449521;c:\windows\system32\DRIVERS\82449521.sys [2009-09-25 128016] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176] S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032] S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-18 104992] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488] S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184] S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys [2006-09-29 29312] S3 NETw5v32;Pilote de carte Intel® Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Contenu du dossier 'Tâches planifiées' 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 18:32] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 18:32] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513348929-2825519739-3950752754-1000Core.job - c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 18:37] 2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1513348929-2825519739-3950752754-1000UA.job - c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-14 18:37] 2010-07-14 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-27 11:32] 2010-11-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-27 11:32] 2010-11-01 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Examen supplémentaire ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com Trusted Zone: line6.net Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com FF - ProfilePath - c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\6tfra41f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - plugin: c:\program files\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Picasa2\npPicasa3.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Mathieu\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Windows Update 32 - c:\users\Public\Documents\Windows\winupd32.exe HKLM-Run-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe ActiveSetup-{C46ENJ-M4ZGO3-FWVEXK-ZGKS4U} - c:\users\Public\Documents\Windows\winupd32.exe ActiveSetup-{EW91E1-ZF1EOE-C0PZUQ-F3FVGQ} - c:\users\Public\Documents\Windows\winservice.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe AddRemove-w_spf2x - c:\spf2 turbo\EX AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-11-01 19:11 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\Mathieu\AppData\Local\Temp\catchme.dll 53248 bytes executable c:\windows\TEMP\ver4CF5.tmp 1256 bytes Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000003d [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-11-01 19:17:00 ComboFix-quarantined-files.txt 2010-11-01 18:16 Avant-CF: 11 088 191 488 octets libres Après-CF: 10 919 886 848 octets libres - - End Of File - - 9AC1E67C01E95FFFE2A155876441DC80

Après environ 3h30 d'analyse, le tout s'est arrêté ( aux alentours des 49% ) et une fenêtre est apparue me demandant s'il fallait supprimer un certain fichier ou non. J'ai cliqué sur supprimer, et un autre processus s'est mis en marche, et celui ci lorsqu'il a touché à sa fin a redémarré le pc. Une fois redémarré, le logiciel s'ouvre, je clique sur Lancer l'analyse, et clique sur "Reprendre l'analyse" ou quelque chose du genre. Je relancerais une analyse dans la nuit, je te tiens au jus pour la suite. Le Pc est toujours très bruyant. J'ai l'impression qu'il travaille en permanence. Le petit bouton clignotant de mon pc (celui du disque dur) clignote constamment. Voici un screen de l'onglet performances de mon gestionnaire des tâches : http://img215.imageshack.us/img215/1064/gestionnairedestaches.jpg

Hello ! Voici donc le rapport : Analyse automatique: terminée : il y a 4 minutes (évênements : 29, objets : 579306, durée : 00:09:12) 01/11/2010 10:26:59 Lancement de la tâche 01/11/2010 10:33:58 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Documents and Settings\All Users\Documents\Windows\winservice.exe 01/11/2010 10:34:20 Sera supprimé lors du redémarrage de l'ordinateur: Trojan.Win32.Jorik.Arcdoor.bh C:\Documents and Settings\All Users\Documents\Windows\winservice.exe 01/11/2010 10:49:29 Détectés: Trojan.Win32.FakeAV.htf C:\Documents and Settings\Mathieu\AppData\Roaming\BE161FEBECD55A9C7FE46060E3052531\coreappsetup700.exe 01/11/2010 10:49:32 Supprimés: Trojan.Win32.FakeAV.htf C:\Documents and Settings\Mathieu\AppData\Roaming\BE161FEBECD55A9C7FE46060E3052531\coreappsetup700.exe 01/11/2010 10:49:34 Détectés: Trojan-Downloader.Win32.Small.ajmy C:\Documents and Settings\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\EMBHBHMKZV.exe 01/11/2010 10:49:36 Détectés: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\YQYUWZMIFJ.exe 01/11/2010 10:49:36 Détectés: HEUR:Trojan.Win32.Generic C:\Documents and Settings\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\VLLKYFGQYM.exe 01/11/2010 10:49:44 Supprimés: Trojan-Downloader.Win32.Small.ajmy C:\Documents and Settings\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\EMBHBHMKZV.exe 01/11/2010 10:55:15 Détectés: Trojan-Downloader.Win32.Small.atjl C:\Documents and Settings\Mathieu\Desktop\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10.rar/Keygen.exe 01/11/2010 10:55:15 Non réparés: Trojan-Downloader.Win32.Small.atjl C:\Documents and Settings\Mathieu\Desktop\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10.rar/Keygen.exe L'enregistrement n'est pas pris en charge 01/11/2010 11:35:50 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Documents and Settings\Public\Documents\Windows\winservice.exe 01/11/2010 11:35:50 Sera supprimé lors du redémarrage de l'ordinateur: Trojan.Win32.Jorik.Arcdoor.bh C:\Documents and Settings\Public\Documents\Windows\winservice.exe 01/11/2010 11:37:00 Détectés: Trojan-Downloader.Win32.Small.atjl C:\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10 (2).rar/Keygen.exe 01/11/2010 11:37:00 Non réparés: Trojan-Downloader.Win32.Small.atjl C:\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10 (2).rar/Keygen.exe L'enregistrement n'est pas pris en charge 01/11/2010 11:37:00 Détectés: Trojan-Downloader.Win32.Small.atjl C:\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10.rar/Keygen.exe 01/11/2010 11:37:00 Non réparés: Trojan-Downloader.Win32.Small.atjl C:\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10.rar/Keygen.exe L'enregistrement n'est pas pris en charge 01/11/2010 11:38:01 Détectés: Trojan.Win32.Swizzor.xrf C:\Downloads\Miroslav Philarmonik\Keygen.exe 01/11/2010 11:40:35 Supprimés: Trojan.Win32.Swizzor.xrf C:\Downloads\Miroslav Philarmonik\Keygen.exe 01/11/2010 12:45:34 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\ProgramData\Documents\Windows\winservice.exe 01/11/2010 12:45:34 Sera supprimé lors du redémarrage de l'ordinateur: Trojan.Win32.Jorik.Arcdoor.bh C:\ProgramData\Documents\Windows\winservice.exe 01/11/2010 12:51:02 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\All Users\Documents\Windows\winservice.exe 01/11/2010 12:51:33 Sera supprimé lors du redémarrage de l'ordinateur: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\All Users\Documents\Windows\winservice.exe 01/11/2010 13:03:14 Détectés: Trojan-Downloader.Win32.Small.atjl C:\Users\Mathieu\Desktop\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10.rar/Keygen.exe 01/11/2010 13:03:14 Non réparés: Trojan-Downloader.Win32.Small.atjl C:\Users\Mathieu\Desktop\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\a-cmp10.rar/Keygen.exe L'enregistrement n'est pas pris en charge 01/11/2010 13:17:41 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\Public\Documents\Windows\winservice.exe 01/11/2010 13:39:47 Tâche arrêtée 01/11/2010 14:00:26 Lancement de la tâche 01/11/2010 14:09:38 Fin de la tâche Réparation des menaces actives: terminée : il y a 25 minutes (évênements : 7, objets : 9352, durée : 00:09:02) 01/11/2010 13:39:29 Lancement de la tâche 01/11/2010 13:39:30 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\Public\Documents\Windows\winservice.exe 01/11/2010 13:39:55 Sera supprimé lors du redémarrage de l'ordinateur: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\Public\Documents\Windows\winservice.exe 01/11/2010 13:41:31 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\Public\Documents\Windows\winservice.exe 01/11/2010 13:46:58 Détectés: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\Public\Documents\Windows\winservice.exe 01/11/2010 13:47:00 Sera supprimé lors du redémarrage de l'ordinateur: Trojan.Win32.Jorik.Arcdoor.bh C:\Users\Public\Documents\Windows\winservice.exe 01/11/2010 13:48:32 Fin de la tâche

Le rapport que j'ai trouvé est identique à celui posté plus haut, j'ignore si c'est le bon. Voici un screen des fichiers en quarantaine : http://img828.imageshack.us/img828/3917/quarantaine.jpg

Voici le rapport MBAM : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5009 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 01/11/2010 09:31:44 mbam-log-2010-11-01 (09-31-44).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 403926 Temps écoulé: 3 heure(s), 7 minute(s), 12 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 16 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 18 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{83313942-b21e-454e-b5ae-d01992a63ad5} (Backdoor.SpyNet) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows audio driver (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows audio driver (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audio hd driver (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\exhelper.exe (Trojan.Mahato) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfqfeefnvc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfqfeefnvee (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update 32 (Backdoor.IRCBot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupd32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\audio hd driver (Backdoor.SpyNet) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfqfeefnvee (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lvfqfeefnvc (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nfqgiejlsvncxl (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nfqgiejlbraxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nfqgiejlsvncxl (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\upc+nfqgiejlbraxms (Trojan.Downloader.Gen) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\Mathieu\AppData\Roaming\audiohd.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. C:\Windows\System32\audiohd.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. C:\Downloads\Authorization Codes for all Toontrack Programs and EZXs\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Program Files\Common Files\WUDHost.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. C:\Program Files\Corel\Corel VideoStudio 12\CR-ULEAD.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Local\Temp\WUDHost.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Roaming\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\CRBVWGGNIS.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Rootkit.Agent.Gen) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Templates\UMRXCGJMKL.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully. C:\Users\Mathieu\Desktop\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Roaming\Service Loader\exHelper.exe (Trojan.Mahato) -> Quarantined and deleted successfully. C:\Users\Public\Documents\Windows\winupd32.exe (Backdoor.IRCBot) -> Delete on reboot. C:\Users\Mathieu\AppData\Roaming\srsf.bat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\Mathieu\AppData\Roaming\SystemDriver.exe (Trojan.Agent) -> Quarantined and deleted successfully. Il m'a aussi affiché le message : " Impossible de supprimer certains logs. Un fichier rapport a été enregistré dans le dossier Log.

Merci beaucoup. L'analyse MBAM est en cours, j'en profite pour te poster le rapport de nettoyage : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as Mathieu on 01/11/2010 at 0:52:51. Services Stopped: Processes terminated by Rkill or while it was running: C:\Users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe C:\Users\Mathieu\AppData\Roaming\Service Loader\exHelper.exe C:\Users\Mathieu\AppData\Local\Temp\WUDHost.exe C:\Users\Mathieu\Downloads\rkill.scr Rkill completed on 01/11/2010 at 0:52:58. Je te tiens au jus pour la suite !

Voici le rapport : ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 25/10/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TEAM X SCRIPT : UsbFix - AD-Remover - FindyKill C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 00:13:26 le 01/11/2010, Mode normal Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 (X86) Mathieu@PC-DE-MATHIEU (Sony Corporation VGN-FW21E) ============== RECHERCHE ============== Fichier trouvé: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar Dossier trouvé: C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\6tfra41f.default\extensions\toolbar@ask.com Dossier trouvé: C:\Program Files\Ask.com Dossier trouvé: C:\Users\Mathieu\AppData\LocalLow\AskToolbar -- Fichier ouvert: C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\6tfra41f.default\Prefs.js -- Ligne trouvée: user_pref("extensions.asktb.cbid", "PV"); Ligne trouvée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&... Ligne trouvée: user_pref("extensions.asktb.first-launch-url", "hxxp://livetv.ru/fr/eventinfo/40007_psg_marseille/")... Ligne trouvée: user_pref("extensions.asktb.fresh-install", false); Ligne trouvée: user_pref("extensions.asktb.l", "dis"); Ligne trouvée: user_pref("extensions.asktb.last-config-req", "1288520033876"); Ligne trouvée: user_pref("extensions.asktb.locale", "fr_FR"); Ligne trouvée: user_pref("extensions.asktb.o", "15000"); Ligne trouvée: user_pref("extensions.asktb.options-lang", "fr"); Ligne trouvée: user_pref("extensions.asktb.options-locale", "UK"); Ligne trouvée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true); Ligne trouvée: user_pref("extensions.asktb.qsrc", "2871"); Ligne trouvée: user_pref("extensions.asktb.r", "2"); Ligne trouvée: user_pref("extensions.asktb.search-suggestions-enabled", true); Ligne trouvée: user_pref("extensions.enabledItems", "toolbar@ask.com:3.9.1.14019,{CAFEEFAC-0016-0000-0016-ABCDEFFED... -- Fichier Fermé -- Clé trouvée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé trouvée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé trouvée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Clé trouvée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Clé trouvée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Clé trouvée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd Clé trouvée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1 Clé trouvée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL Clé trouvée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Clé trouvée: HKCU\Software\Ask.com Clé trouvée: HKCU\Software\AppDataLow\AskToolbarInfo Clé trouvée: HKCU\Software\AppDataLow\Software\AskToolbar Clé trouvée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Clé trouvée: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.12 (fr)] ** -- C:\Users\Mathieu\AppData\Roaming\Mozilla\FireFox\Profiles\6tfra41f.default\Prefs.js -- browser.download.dir, C:\\Users\\Mathieu\\Desktop browser.startup.homepage, hxxp://www.google.fr/ browser.startup.homepage_override.mstone, rv:1.9.2.12 ======================================== ** Internet Explorer Version [7.0.6001.18000] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.club-vaio.com Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://www.google.com/ie Search Page: hxxp://www.google.com Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://www.club-vaio.com Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 01/11/2010 (5622 Octet(s)) Fin à: 00:17:55, 01/11/2010 ============== E.O.F ==============

Hello ! Je suis ici pour solliciter votre aide après avoir effectué quelques recherches infructueuses sur internet. Les réponses très détaillées aux problèmes de chacun m'ont donné espoir que l'on pourrait ici m'aider à résoudre mon problème. En fait, depuis une semaine environ, mon PC rame bizarrement. Il est lent, et mon ventilateur fait un bruit pas possible, comme si le PC était au maximum de ses capacités en permanence. Je m'y connais vraiment très peu en info, mais après avoir jeté un coup d'œil au gestionnaire des tâches, je vois dans l'onglet performance que la courbe ne descend jamais en dessous des 75%, même lorsque je ne fais absolument rien sur le PC. J'ai aussi repéré des processus bizarres : vtmFTl10qZh1.exe winupd32.exe VESMgrSub.exe dllhost.exe csrss.exe winlogon.exe rundll32.exe Ati2evxx.exe J'attends désormais vos instructions. Merci d'avance. Mathieu Rapport HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:40:31, on 31/10/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18527) Boot mode: Normal Running processes: c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\taskeng.exe C:\Users\Public\Documents\Windows\winservice.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Users\Public\Documents\Windows\winupd32.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\WerCon.exe C:\Program Files\Spotify\spotify.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\conime.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchFilterHost.exe c:\Users\Mathieu\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com'>http://www.club-vaio.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe O4 - HKLM\..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [uVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [winupd32] C:\Users\Mathieu\AppData\Local\Temp\winlogon.exe O4 - HKCU\..\Run: [Windows Driver Foundation] C:\Users\Public\Documents\Windows\winservice.exe O4 - HKCU\..\Run: [uPc+nfqgiejlsvNCxl] rundll32.exe C:\Users\Mathieu\AppData\Local\Temp\iuvdsrt9.dll, SystemServer O4 - HKCU\..\Run: [uPc+nfqgiejlbRaXms] rundll32.exe C:\Users\Mathieu\AppData\Local\Temp\ks4ps5.dll, SystemServer O4 - HKCU\..\Run: [LvfqfeefnvC] C:\Users\Mathieu\AppData\Local\Temp\sdyn92p.exe O4 - HKCU\..\Run: [LvfqfeefnVee] C:\Users\Mathieu\AppData\Local\Temp\vs57vhi2ss.exe O4 - HKCU\..\Run: [Windows Update 32] C:\Users\Public\Documents\Windows\winupd32.exe O4 - HKCU\..\Run: [Audio HD Driver] C:\Users\Mathieu\AppData\Local\Temp\vtmFTl10qZh1.exe O4 - HKCU\..\Run: [exHelper.exe] C:\Users\Mathieu\AppData\Roaming\Service Loader\exHelper.exe O4 - HKCU\..\Run: [Windows Audio Driver] "C:\Users\Mathieu\AppData\Roaming\audiohd.exe" O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -update plugin O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Logitech Touch Mouse Server.lnk = C:\Program Files\Logitech Touch Mouse Server\iTouch-Server-Win.exe O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - User Startup: winservice.exe O4 - User Startup: winupd32.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing) O13 - Gopher Prefix: O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.line6.net O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 19759 bytes