Votre question

PC super lent ... trop de processus ou virus ?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Juin 2009 14:35:42

Hello, depuis peu je trouve mon laptop super lent ... J ai fais un rapport hijackthis pour ceux que ca interesse d essayer de m aider ;) 
J ai deja nettoyé via
Merci par avance




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:23, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe
C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\VitaKey\AC5031\PwdBank.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.80.111.133:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: D - {56D6D552-799D-3A1B-A1B0-2831CEBF9F81} - C:\Windows\SysWow64\xwr54424.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZPdtWzdVitaKey AC5031] "C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe" show
O4 - HKLM\..\Run: [] C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: AWinNotifyVitaKey AC5031 - C:\Program Files (x86)\VitaKey\AC5031\WinNotify.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Vista Session Launcher Service (customsvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service Google Update (gupdate1c99144e3ce65a3) (gupdate1c99144e3ce65a3) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11130 bytes

Autres pages sur : super lent processus virus

24 Juin 2009 14:37:39

juste pour prevenir, j ai deja nettoyé via :
Spybot, ad-aware, a-squarred ( qui en passant par la a fait un travail magistral e, terme de trojans )
a c 295 8 Sécurité
24 Juin 2009 15:12:41

Bonjour,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
    (Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit.
    Contenus similaires
    24 Juin 2009 15:34:19

    oki merci, je fais ca de suite
    24 Juin 2009 15:38:12

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by jcrioual at 2009-06-24 15:35:38
    Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
    System drive C: has 48 GB (52%) free of 92 GB
    Total RAM: 4090 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:35:49, on 24/06/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18248)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe
    C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\VitaKey\AC5031\PwdBank.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\jcrioual\Desktop\DL\RSIT.exe
    C:\hijackthis\jcrioual.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&ie=UTF-8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.80.111.133:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: D - {56D6D552-799D-3A1B-A1B0-2831CEBF9F81} - C:\Windows\SysWow64\xwr54424.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [ZPdtWzdVitaKey AC5031] "C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe" show
    O4 - HKLM\..\Run: [] C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: AWinNotifyVitaKey AC5031 - C:\Program Files (x86)\VitaKey\AC5031\WinNotify.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Vista Session Launcher Service (customsvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    O23 - Service: Service Google Update (gupdate1c99144e3ce65a3) (gupdate1c99144e3ce65a3) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
    O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
    O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11167 bytes

    ======Scheduled tasks folder======

    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    C:\Windows\tasks\Google Software Updater.job
    C:\Windows\tasks\GoogleUpdateTaskMachine.job
    C:\Windows\tasks\User_Feed_Synchronization-{FE89E3B1-9BB7-4BED-89A9-DF32DC846EEE}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56D6D552-799D-3A1B-A1B0-2831CEBF9F81}]
    D - C:\Windows\SysWow64\xwr54424.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-10 259696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-15 669168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-10 259696]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
    "ZPdtWzdVitaKey AC5031"=C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe [2009-01-30 2894848]
    ""=C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe [2008-09-14 1831424]
    "SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-23 803495]
    "CursorFX"=C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [2008-07-07 416768]
    "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-17 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey AC5031]
    C:\Program Files (x86)\VitaKey\AC5031\WinNotify.dll [2009-01-30 1977856]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    C:\Program Files (x86)\VitaKey\AC5031\PwdFilter

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "EnableLUA"=0
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "EnableUIADesktopToggle"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoActiveDesktop"=
    "NoActiveDesktopChanges"=
    "ForceActiveDesktopOn"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    shell\AutoRun\command - E:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddfb008-5bd0-11de-a2b9-000325596087}]
    shell\AutoRun\command - wd_windows_tools\setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b3c0e7-3fa2-11de-b422-000325596087}]
    shell\AutoRun\command - D:\InstallTomTomHOME.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58514132-1fdb-11de-9cbc-000325596087}]
    shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{668efe31-3700-11de-a903-000325596087}]
    shell\AutoRun\command - G:\Brain.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af0cc3dc-ef97-11dd-8cfc-000325596087}]
    shell\AutoRun\command - H:\AUTORUN.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfeb14e9-4843-11de-b0f5-000325596087}]
    shell\AutoRun\command - wd_windows_tools\setup.exe


    ======List of files/folders created in the last 1 months======

    2009-06-24 15:34:30 ----D---- C:\rsit
    2009-06-24 14:43:30 ----D---- C:\ProgramData\Grisoft
    2009-06-24 14:30:01 ----D---- C:\hijackthis
    2009-06-24 11:16:07 ----D---- C:\ProgramData\Lavasoft
    2009-06-24 11:16:07 ----D---- C:\Program Files (x86)\Lavasoft
    2009-06-23 11:57:57 ----D---- C:\Program Files (x86)\a-squared Free
    2009-06-17 15:35:26 ----A---- C:\Windows\system32\xa24359930.exe.console.log
    2009-06-17 15:35:25 ----A---- C:\Windows\system32\xa24361615.exe
    2009-06-17 15:35:23 ----A---- C:\Windows\system32\xa24359930.exe
    2009-06-17 15:33:39 ----A---- C:\Windows\system32\xa24252523.exe.console.log
    2009-06-17 15:33:37 ----A---- C:\Windows\system32\xa24254161.exe
    2009-06-17 15:33:36 ----A---- C:\Windows\system32\xa24252523.exe
    2009-06-14 00:03:01 ----A---- C:\Windows\system32\EncDec.dll
    2009-06-14 00:03:00 ----A---- C:\Windows\system32\psisdecd.dll
    2009-06-13 15:36:06 ----D---- C:\Program Files (x86)\01 Stimulation Cerebrale avec le Dr Kawashima
    2009-06-13 14:57:24 ----D---- C:\Users\jcrioual\AppData\Roaming\Winamp
    2009-06-11 03:32:56 ----A---- C:\Windows\system32\localspl.dll
    2009-06-11 03:32:54 ----A---- C:\Windows\system32\rpcrt4.dll
    2009-06-11 03:32:39 ----A---- C:\Windows\system32\mshtml.dll
    2009-06-11 03:32:37 ----A---- C:\Windows\system32\urlmon.dll
    2009-06-11 03:32:37 ----A---- C:\Windows\system32\ieframe.dll
    2009-06-11 03:32:36 ----A---- C:\Windows\system32\wininet.dll
    2009-06-11 03:32:35 ----A---- C:\Windows\system32\iertutil.dll
    2009-06-11 03:32:34 ----A---- C:\Windows\system32\occache.dll
    2009-06-11 03:32:34 ----A---- C:\Windows\system32\msfeeds.dll
    2009-06-11 03:32:34 ----A---- C:\Windows\system32\ieUnatt.exe
    2009-06-11 03:32:34 ----A---- C:\Windows\system32\iedkcs32.dll
    2009-06-11 03:32:34 ----A---- C:\Windows\system32\ieaksie.dll
    2009-06-11 03:32:33 ----A---- C:\Windows\system32\mstime.dll
    2009-06-11 03:32:33 ----A---- C:\Windows\system32\jsproxy.dll
    2009-06-11 03:32:33 ----A---- C:\Windows\system32\ieencode.dll
    2009-06-10 12:47:39 ----A---- C:\Windows\system32\xa98134098.exe
    2009-06-10 12:47:34 ----A---- C:\Windows\system32\xa98128965.exe
    2009-06-10 12:46:55 ----A---- C:\Windows\system32\xa98090417.exe
    2009-06-10 12:46:50 ----A---- C:\Windows\system32\xa98085129.exe
    2009-06-10 12:46:45 ----A---- C:\Windows\system32\xa98079918.exe
    2009-06-10 12:46:41 ----A---- C:\Windows\system32\xa98075691.exe
    2009-06-10 12:22:01 ----A---- C:\Windows\system32\xa96596006.exe
    2009-06-10 12:22:00 ----A---- C:\Windows\system32\xa96594898.exe
    2009-06-09 09:06:00 ----A---- C:\Windows\system32\icardres.dll
    2009-06-09 09:05:59 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
    2009-06-09 09:05:59 ----A---- C:\Windows\system32\PresentationHostProxy.dll
    2009-06-09 09:05:58 ----A---- C:\Windows\system32\infocardapi.dll
    2009-06-09 09:05:58 ----A---- C:\Windows\system32\icardagt.exe
    2009-06-09 09:05:39 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-06-09 09:05:31 ----A---- C:\Windows\system32\PresentationHost.exe
    2009-06-09 08:53:27 ----A---- C:\Windows\system32\netfxperf.dll
    2009-06-09 08:53:03 ----A---- C:\Windows\system32\dfshim.dll
    2009-06-09 08:52:52 ----A---- C:\Windows\system32\mscoree.dll
    2009-06-09 08:52:32 ----A---- C:\Windows\system32\mscorier.dll
    2009-06-09 08:52:24 ----A---- C:\Windows\system32\mscories.dll
    2009-06-09 03:01:05 ----D---- C:\Program Files (x86)\MSXML 4.0
    2009-06-07 22:44:55 ----D---- C:\ProgramData\Ahead
    2009-06-07 22:41:49 ----D---- C:\ProgramData\Nero
    2009-06-07 09:35:41 ----D---- C:\Program Files (x86)\iPod
    2009-06-07 09:35:40 ----D---- C:\Program Files (x86)\iTunes
    2009-06-07 09:33:32 ----D---- C:\Program Files (x86)\QuickTime
    2009-06-05 19:39:16 ----A---- C:\Windows\maxlink.ini
    2009-06-05 19:38:24 ----D---- C:\Program Files (x86)\Common Files\ScanSoft Shared
    2009-06-05 19:38:21 ----D---- C:\ProgramData\ScanSoft
    2009-06-05 19:38:21 ----D---- C:\Program Files (x86)\ScanSoft
    2009-06-05 16:29:24 ----D---- C:\Program Files (x86)\Sega
    2009-06-05 15:51:07 ----HD---- C:\Program Files (x86)\FX Uninstall Information
    2009-06-01 11:42:12 ----D---- C:\Users\jcrioual\AppData\Roaming\.BitTornado
    2009-06-01 11:40:58 ----D---- C:\Program Files (x86)\BitTornado
    2009-05-27 15:42:51 ----D---- C:\ProgramData\salvation
    2009-05-26 18:46:15 ----A---- C:\Windows\system32\brinsstr.dll
    2009-05-26 18:45:13 ----D---- C:\Program Files (x86)\Brother
    2009-05-26 18:45:12 ----N---- C:\Windows\brunin03.dll
    2009-05-26 18:44:28 ----D---- C:\ProgramData\Brother

    ======List of files/folders modified in the last 1 months======

    2009-06-24 15:35:46 ----D---- C:\Windows\Temp
    2009-06-24 15:15:17 ----D---- C:\Windows\System32
    2009-06-24 15:15:17 ----D---- C:\Windows\inf
    2009-06-24 15:11:17 ----D---- C:\Windows\Tasks
    2009-06-24 14:55:17 ----RD---- C:\Program Files (x86)
    2009-06-24 14:53:51 ----D---- C:\Windows\Prefetch
    2009-06-24 14:45:44 ----D---- C:\Windows
    2009-06-24 14:43:30 ----HD---- C:\ProgramData
    2009-06-24 12:30:18 ----SHD---- C:\Windows\Installer
    2009-06-24 12:30:17 ----D---- C:\Config.Msi
    2009-06-24 11:13:49 ----RD---- C:\Program Files
    2009-06-24 11:13:49 ----D---- C:\Program Files (x86)\Bonjour
    2009-06-24 11:13:41 ----SHD---- C:\System Volume Information
    2009-06-24 11:11:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
    2009-06-24 11:11:08 ----D---- C:\Windows\Debug
    2009-06-24 00:09:58 ----D---- C:\Users\jcrioual\AppData\Roaming\Azureus
    2009-06-23 23:16:19 ----D---- C:\ProgramData\Google Updater
    2009-06-23 18:59:56 ----D---- C:\Windows\tracing
    2009-06-23 16:04:48 ----A---- C:\vraylog.txt
    2009-06-23 14:09:02 ----D---- C:\Windows\Minidump
    2009-06-23 13:42:31 ----D---- C:\Windows\SysWOW64
    2009-06-15 03:07:55 ----D---- C:\Windows\Microsoft.NET
    2009-06-15 03:01:55 ----D---- C:\Windows\ehome
    2009-06-15 03:01:28 ----D---- C:\Windows\winsxs
    2009-06-13 14:57:27 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
    2009-06-11 13:03:30 ----D---- C:\ProgramData\Apple
    2009-06-11 08:27:49 ----D---- C:\Program Files (x86)\Internet Explorer
    2009-06-09 10:42:42 ----RSD---- C:\Windows\assembly
    2009-06-09 09:51:39 ----D---- C:\Windows\rescache
    2009-06-09 09:47:34 ----D---- C:\ProgramData\FLEXnet
    2009-06-09 09:31:36 ----D---- C:\Windows\system32\XPSViewer
    2009-06-09 09:31:36 ----D---- C:\Windows\system32\wbem
    2009-06-09 09:31:36 ----D---- C:\Windows\system32\en-US
    2009-06-09 09:26:22 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared
    2009-06-09 09:20:33 ----D---- C:\ProgramData\Autodesk
    2009-06-09 09:20:32 ----D---- C:\Program Files (x86)\Autodesk
    2009-06-07 22:44:22 ----D---- C:\Program Files (x86)\Common Files\Ahead
    2009-06-07 18:51:40 ----A---- C:\Windows\NeroDigital.ini
    2009-06-07 09:35:41 ----D---- C:\Program Files (x86)\Common Files\Apple
    2009-06-05 19:39:26 ----D---- C:\Windows\system32\spool
    2009-06-05 19:39:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
    2009-06-05 19:38:24 ----SD---- C:\Windows\Downloaded Program Files
    2009-06-05 19:38:24 ----D---- C:\Program Files (x86)\Common Files
    2009-06-05 19:38:23 ----D---- C:\Program Files (x86)\Common Files\InstallShield
    2009-05-28 10:01:07 ----SD---- C:\Users\jcrioual\AppData\Roaming\Microsoft
    2009-05-27 15:34:22 ----D---- C:\Program Files (x86)\DAEMON Tools Lite

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
    R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
    R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys []
    R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
    R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
    R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
    R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
    R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys []
    R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys []
    R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
    R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys []
    R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
    R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
    R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
    R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []
    R3 RTL8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys []
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
    R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
    R3 VaneFltr;Lachesis Mouse Driver; C:\Windows\system32\drivers\Lachesis.sys []
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
    S3 adiusbaw;USB ADSL WAN Adapter; C:\Windows\system32\DRIVERS\adiusbawx64.sys []
    S3 altrofh9;altrofh9; C:\Windows\system32\drivers\altrofh9.sys []
    S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys []
    S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
    S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys []
    S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
    S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
    S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
    S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
    S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
    S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys []
    S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
    S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
    S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys []
    S4 ahcix64;ahcix64; C:\Windows\system32\drivers\ahcix64.sys []
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
    S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys []
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
    S4 mv61xx;mv61xx; C:\Windows\system32\drivers\mv61xx.sys []
    S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []
    S4 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys []
    S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 a2free;a-squared Free Service; C:\Program Files (x86)\a-squared Free\a2service.exe [2009-06-23 718880]
    R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
    R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-01 79360]
    R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 customsvc;Vista Session Launcher Service; C:\Program Files\OSD\Service1.exe [2008-09-30 13312]
    R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2008-10-24 468224]
    R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 1372672]
    R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
    R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
    R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
    R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe []
    R2 OOCleverCacheAgent;O&O CleverCache Agent; C:\Program Files\OO Software\CleverCache\ooccag.exe [2007-01-28 515344]
    R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
    R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-08 66872]
    R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-02-08 107832]
    R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 826368]
    R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    R2 WindowBlinds;Stardock WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [2008-06-20 337144]
    R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    S2 gupdate1c99144e3ce65a3;Service Google Update (gupdate1c99144e3ce65a3); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
    S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
    S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    S3 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
    S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2008-01-21 21504]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
    S3 CscService;Fichiers hors connexion; C:\Windows\System32\svchost.exe [2008-01-21 21504]
    S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 21760]
    S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-09 1030600]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-09 651720]
    S3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-05-30 541992]
    S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
    S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
    S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
    S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
    S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
    S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
    S4 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
    S4 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
    S4 mi-raysat_3dsmax9_64;mental ray 3.5 Satellite (64-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe [2006-09-29 65536]

    -----------------EOF-----------------
    24 Juin 2009 15:38:27

    info.txt logfile of random's system information tool 1.06 2009-06-24 15:34:38

    ======Uninstall list======

    a-squared Free 4.5-->"C:\Program Files (x86)\a-squared Free\unins000.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
    HijackThis 2.0.2-->"C:\Users\jcrioual\Desktop\DL\HijackThis.exe" /uninstall

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: ESET Smart Security 3.0
    FW: Pare-feu personnel d'ESET
    AS: ESET Smart Security 3.0
    AS: Spybot - Search and Destroy (disabled)
    AS: AVG Anti-Spyware (disabled)
    AS: Windows Defender

    ======System event log======

    Computer Name: jcrioual02
    Event Code: 4376
    Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Installation demandée(Install Requested)
    Record Number: 28890
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090311020102.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: jcrioual02
    Event Code: 4376
    Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
    Record Number: 28892
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090311020102.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: jcrioual02
    Event Code: 4376
    Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
    Record Number: 28895
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090311020102.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: jcrioual02
    Event Code: 4376
    Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
    Record Number: 28897
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090311020102.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: jcrioual02
    Event Code: 4376
    Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
    Record Number: 28900
    Source Name: Microsoft-Windows-Servicing
    Time Written: 20090311020102.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    =====Application event log=====

    Computer Name: jcrioual02
    Event Code: 10
    Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
    Record Number: 16352
    Source Name: Microsoft-Windows-WMI
    Time Written: 20090624125302.000000-000
    Event Type: Erreur
    User:

    Computer Name: jcrioual02
    Event Code: 1530
    Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-3105202434-2032175674-4132314093-1000:
    Process 400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3105202434-2032175674-4132314093-1000

    Record Number: 16364
    Source Name: Microsoft-Windows-User Profiles Service
    Time Written: 20090624130513.000000-000
    Event Type: Avertissement
    User: AUTORITE NT\SYSTEM

    Computer Name: jcrioual02
    a c 295 8 Sécurité
    24 Juin 2009 15:55:38

    Citation :
    2009-06-17 15:35:25 ----A---- C:\Windows\system32\xa24361615.exe
    2009-06-17 15:35:23 ----A---- C:\Windows\system32\xa24359930.exe

    --> Tu connais ces fichiers ?

    Si non, fais-les analyser sur VirusTotal et poste les liens des analyses.
    24 Juin 2009 16:29:51

    oki ;)  merci
    24 Juin 2009 17:48:47

    Fichier xa24361615.exe

    Fichier xa24361615.exe reçu le 2009.06.24 15:06:13 (UTC)
    Situation actuelle: terminé

    Résultat: 2/41 (4.88%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.18 2009.06.24 -
    AhnLab-V3 5.0.0.2 2009.06.24 -
    AntiVir 7.9.0.193 2009.06.24 -
    Antiy-AVL 2.0.3.1 2009.06.24 -
    Authentium 5.1.2.4 2009.06.24 -
    Avast 4.8.1335.0 2009.06.23 -
    AVG 8.5.0.339 2009.06.24 -
    BitDefender 7.2 2009.06.24 -
    CAT-QuickHeal 10.00 2009.06.22 -
    ClamAV 0.94.1 2009.06.24 -
    Comodo 1404 2009.06.24 -
    DrWeb 5.0.0.12182 2009.06.24 -
    eSafe 7.0.17.0 2009.06.24 Win32.worm
    eTrust-Vet 31.6.6577 2009.06.24 -
    F-Prot 4.4.4.56 2009.06.24 -
    F-Secure 8.0.14470.0 2009.06.24 -
    Fortinet 3.117.0.0 2009.06.24 -
    GData 19 2009.06.24 -
    Ikarus T3.1.1.59.0 2009.06.24 -
    Jiangmin 11.0.706 2009.06.24 -
    K7AntiVirus 7.10.768 2009.06.19 -
    Kaspersky 7.0.0.125 2009.06.24 -
    McAfee 5655 2009.06.23 -
    McAfee+Artemis 5655 2009.06.23 -
    McAfee-GW-Edition 6.7.6 2009.06.24 -
    Microsoft 1.4803 2009.06.24 -
    NOD32 4184 2009.06.24 -
    Norman 6.01.09 2009.06.23 -
    nProtect 2009.1.8.0 2009.06.24 -
    Panda 10.0.0.16 2009.06.24 -
    PCTools 4.4.2.0 2009.06.24 -
    Prevx 3.0 2009.06.24 -
    Rising 21.35.24.00 2009.06.24 -
    Sophos 4.42.0 2009.06.24 -
    Sunbelt 3.2.1858.2 2009.06.24 VIPRE.Suspicious
    Symantec 1.4.4.12 2009.06.24 -
    TheHacker 6.3.4.3.352 2009.06.24 -
    TrendMicro 8.950.0.1094 2009.06.24 -
    VBA32 3.12.10.7 2009.06.24 -
    ViRobot 2009.6.24.1802 2009.06.24 -
    VirusBuster 4.6.5.0 2009.06.24 -
    Information additionnelle
    File size: 98589652 bytes
    MD5 : 908e032a3437b9152bd5a409aab3cf80
    SHA1 : 82b2066b3adacfce005cc95dcc5b9d4ebe9b9c5d
    SHA256: 20e0474ef9b94bc24602664fe1d822afd5dd60411f7d72549340b1cadd583c33
    TrID : File type identification
    WinRAR Self Extracting archive (63.5%)
    Win32 Dynamic Link Library - Borland C/C++ (27.0%)
    InstallShield setup (5.2%)
    DOS Executable Borland C++ (1.5%)
    Win32 Executable Generic (1.0%)
    ssdeep: 1572864:HCQe/1SFYrP9V/NCSEifZehtZasYwwl8rLDunW8lJUt6/BlvVVpeNDjQubHT9rkl:HCQeWkP9ZtffKasYww+LiHm65lZcrbz2
    PEiD : -
    RDS : NSRL Reference Data Set

    a c 295 8 Sécurité
    24 Juin 2009 18:30:49

    Ce n'est pas flagrant.

    Tu pourrais m'envoyer un exemplaire sur (Adresse mail supprimée) en pièce jointe ?
    24 Juin 2009 19:00:31

    Pour le second il me re-envoi vers le meme rapport que precedement ...
    a c 295 8 Sécurité
    24 Juin 2009 19:23:35

    Un exemple de fichier douteux et non du rapport.
    24 Juin 2009 20:38:01

    ahh ok ... Dsl
    Mais ca va etre chaud il font 60 et 94 Mo ...
    25 Juin 2009 11:17:29

    Le truc c est que j ai 16 Svchost.exe de lancé dont 2 qui me prennent particulierement ma memoire ( 150 000 et 120 000 ) je crois savoir que ce service est incontournable et concerne les DLL de certains programmes... Comment pourrais-je les identifier et savoir si je peux les supprimer du pc ou arreter au demarage ...
    Merci
    a c 295 8 Sécurité
    25 Juin 2009 14:39:35

    C'est possible avec le logiciel Process Explorer.
    25 Juin 2009 14:48:40

    oki mci je vais voir ca
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS