Tom's Guide > Forum > Sécurité - Virus > PC super lent ... trop de processus ou virus ?

PC super lent ... trop de processus ou virus ?

Forum Sécurité - Virus : PC super lent ... trop de processus ou virus ?

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
akik29   24-06-2009 à 14:35:42

Hello, depuis peu je trouve mon laptop super lent ... J ai fais un rapport hijackthis pour ceux que ca interesse d essayer de m aider ;)
J ai deja nettoyé via
Merci par avance




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:23, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe
C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\VitaKey\AC5031\PwdBank.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.80.111.133:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: D - {56D6D552-799D-3A1B-A1B0-2831CEBF9F81} - C:\Windows\SysWow64\xwr54424.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZPdtWzdVitaKey AC5031] "C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe" show
O4 - HKLM\..\Run: [] C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: AWinNotifyVitaKey AC5031 - C:\Program Files (x86)\VitaKey\AC5031\WinNotify.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Vista Session Launcher Service (customsvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service Google Update (gupdate1c99144e3ce65a3) (gupdate1c99144e3ce65a3) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11130 bytes

Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
akik29   24-06-2009 à 14:37:39
- 0 +

juste pour prevenir, j ai deja nettoyé via :
Spybot, ad-aware, a-squarred ( qui en passant par la a fait un travail magistral e, terme de trojans )

Répondre à akik29
Destrio5   24-06-2009 à 15:12:41
- 0 +

Bonjour,

(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Répondre à Destrio5
akik29   24-06-2009 à 15:34:19
- 0 +

oki merci, je fais ca de suite

Répondre à akik29
akik29   24-06-2009 à 15:38:12
- 0 +

Logfile of random's system information tool 1.06 (written by random/random)
Run by jcrioual at 2009-06-24 15:35:38
Microsoft® Windows Vista™ Édition Intégrale Service Pack 1
System drive C: has 48 GB (52%) free of 92 GB
Total RAM: 4090 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:49, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe
C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\VitaKey\AC5031\PwdBank.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\jcrioual\Desktop\DL\RSIT.exe
C:\hijackthis\jcrioual.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&ie=UTF-8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.80.111.133:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: D - {56D6D552-799D-3A1B-A1B0-2831CEBF9F81} - C:\Windows\SysWow64\xwr54424.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZPdtWzdVitaKey AC5031] "C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe" show
O4 - HKLM\..\Run: [] C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/control [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: AWinNotifyVitaKey AC5031 - C:\Program Files (x86)\VitaKey\AC5031\WinNotify.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files (x86)\a-squared Free\a2service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Vista Session Launcher Service (customsvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Service Google Update (gupdate1c99144e3ce65a3) (gupdate1c99144e3ce65a3) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit (mi-raysat_3dsmax2010_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11167 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{FE89E3B1-9BB7-4BED-89A9-DF32DC846EEE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56D6D552-799D-3A1B-A1B0-2831CEBF9F81}]
D - C:\Windows\SysWow64\xwr54424.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-10 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-15 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-01 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-06-10 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"ZPdtWzdVitaKey AC5031"=C:\Program Files (x86)\VitaKey\AC5031\PdtWzd.exe [2009-01-30 2894848]
""=C:\CircleDock0.9.2Alpha8.2\CircleDock0.9.2Alpha8.2\CircleDock.exe [2008-09-14 1831424]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"nodenable"=C:\Program Files\eset\nodenable.exe [2008-09-23 803495]
"CursorFX"=C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [2008-07-07 416768]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AWinNotifyVitaKey AC5031]
C:\Program Files (x86)\VitaKey\AC5031\WinNotify.dll [2009-01-30 1977856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files (x86)\VitaKey\AC5031\PwdFilter

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ddfb008-5bd0-11de-a2b9-000325596087}]
shell\AutoRun\command - wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41b3c0e7-3fa2-11de-b422-000325596087}]
shell\AutoRun\command - D:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58514132-1fdb-11de-9cbc-000325596087}]
shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{668efe31-3700-11de-a903-000325596087}]
shell\AutoRun\command - G:\Brain.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af0cc3dc-ef97-11dd-8cfc-000325596087}]
shell\AutoRun\command - H:\AUTORUN.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfeb14e9-4843-11de-b0f5-000325596087}]
shell\AutoRun\command - wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2009-06-24 15:34:30 ----D---- C:\rsit
2009-06-24 14:43:30 ----D---- C:\ProgramData\Grisoft
2009-06-24 14:30:01 ----D---- C:\hijackthis
2009-06-24 11:16:07 ----D---- C:\ProgramData\Lavasoft
2009-06-24 11:16:07 ----D---- C:\Program Files (x86)\Lavasoft
2009-06-23 11:57:57 ----D---- C:\Program Files (x86)\a-squared Free
2009-06-17 15:35:26 ----A---- C:\Windows\system32\xa24359930.exe.console.log
2009-06-17 15:35:25 ----A---- C:\Windows\system32\xa24361615.exe
2009-06-17 15:35:23 ----A---- C:\Windows\system32\xa24359930.exe
2009-06-17 15:33:39 ----A---- C:\Windows\system32\xa24252523.exe.console.log
2009-06-17 15:33:37 ----A---- C:\Windows\system32\xa24254161.exe
2009-06-17 15:33:36 ----A---- C:\Windows\system32\xa24252523.exe
2009-06-14 00:03:01 ----A---- C:\Windows\system32\EncDec.dll
2009-06-14 00:03:00 ----A---- C:\Windows\system32\psisdecd.dll
2009-06-13 15:36:06 ----D---- C:\Program Files (x86)\01 Stimulation Cerebrale avec le Dr Kawashima
2009-06-13 14:57:24 ----D---- C:\Users\jcrioual\AppData\Roaming\Winamp
2009-06-11 03:32:56 ----A---- C:\Windows\system32\localspl.dll
2009-06-11 03:32:54 ----A---- C:\Windows\system32\rpcrt4.dll
2009-06-11 03:32:39 ----A---- C:\Windows\system32\mshtml.dll
2009-06-11 03:32:37 ----A---- C:\Windows\system32\urlmon.dll
2009-06-11 03:32:37 ----A---- C:\Windows\system32\ieframe.dll
2009-06-11 03:32:36 ----A---- C:\Windows\system32\wininet.dll
2009-06-11 03:32:35 ----A---- C:\Windows\system32\iertutil.dll
2009-06-11 03:32:34 ----A---- C:\Windows\system32\occache.dll
2009-06-11 03:32:34 ----A---- C:\Windows\system32\msfeeds.dll
2009-06-11 03:32:34 ----A---- C:\Windows\system32\ieUnatt.exe
2009-06-11 03:32:34 ----A---- C:\Windows\system32\iedkcs32.dll
2009-06-11 03:32:34 ----A---- C:\Windows\system32\ieaksie.dll
2009-06-11 03:32:33 ----A---- C:\Windows\system32\mstime.dll
2009-06-11 03:32:33 ----A---- C:\Windows\system32\jsproxy.dll
2009-06-11 03:32:33 ----A---- C:\Windows\system32\ieencode.dll
2009-06-10 12:47:39 ----A---- C:\Windows\system32\xa98134098.exe
2009-06-10 12:47:34 ----A---- C:\Windows\system32\xa98128965.exe
2009-06-10 12:46:55 ----A---- C:\Windows\system32\xa98090417.exe
2009-06-10 12:46:50 ----A---- C:\Windows\system32\xa98085129.exe
2009-06-10 12:46:45 ----A---- C:\Windows\system32\xa98079918.exe
2009-06-10 12:46:41 ----A---- C:\Windows\system32\xa98075691.exe
2009-06-10 12:22:01 ----A---- C:\Windows\system32\xa96596006.exe
2009-06-10 12:22:00 ----A---- C:\Windows\system32\xa96594898.exe
2009-06-09 09:06:00 ----A---- C:\Windows\system32\icardres.dll
2009-06-09 09:05:59 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-06-09 09:05:59 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-06-09 09:05:58 ----A---- C:\Windows\system32\infocardapi.dll
2009-06-09 09:05:58 ----A---- C:\Windows\system32\icardagt.exe
2009-06-09 09:05:39 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-09 09:05:31 ----A---- C:\Windows\system32\PresentationHost.exe
2009-06-09 08:53:27 ----A---- C:\Windows\system32\netfxperf.dll
2009-06-09 08:53:03 ----A---- C:\Windows\system32\dfshim.dll
2009-06-09 08:52:52 ----A---- C:\Windows\system32\mscoree.dll
2009-06-09 08:52:32 ----A---- C:\Windows\system32\mscorier.dll
2009-06-09 08:52:24 ----A---- C:\Windows\system32\mscories.dll
2009-06-09 03:01:05 ----D---- C:\Program Files (x86)\MSXML 4.0
2009-06-07 22:44:55 ----D---- C:\ProgramData\Ahead
2009-06-07 22:41:49 ----D---- C:\ProgramData\Nero
2009-06-07 09:35:41 ----D---- C:\Program Files (x86)\iPod
2009-06-07 09:35:40 ----D---- C:\Program Files (x86)\iTunes
2009-06-07 09:33:32 ----D---- C:\Program Files (x86)\QuickTime
2009-06-05 19:39:16 ----A---- C:\Windows\maxlink.ini
2009-06-05 19:38:24 ----D---- C:\Program Files (x86)\Common Files\ScanSoft Shared
2009-06-05 19:38:21 ----D---- C:\ProgramData\ScanSoft
2009-06-05 19:38:21 ----D---- C:\Program Files (x86)\ScanSoft
2009-06-05 16:29:24 ----D---- C:\Program Files (x86)\Sega
2009-06-05 15:51:07 ----HD---- C:\Program Files (x86)\FX Uninstall Information
2009-06-01 11:42:12 ----D---- C:\Users\jcrioual\AppData\Roaming\.BitTornado
2009-06-01 11:40:58 ----D---- C:\Program Files (x86)\BitTornado
2009-05-27 15:42:51 ----D---- C:\ProgramData\salvation
2009-05-26 18:46:15 ----A---- C:\Windows\system32\brinsstr.dll
2009-05-26 18:45:13 ----D---- C:\Program Files (x86)\Brother
2009-05-26 18:45:12 ----N---- C:\Windows\brunin03.dll
2009-05-26 18:44:28 ----D---- C:\ProgramData\Brother

======List of files/folders modified in the last 1 months======

2009-06-24 15:35:46 ----D---- C:\Windows\Temp
2009-06-24 15:15:17 ----D---- C:\Windows\System32
2009-06-24 15:15:17 ----D---- C:\Windows\inf
2009-06-24 15:11:17 ----D---- C:\Windows\Tasks
2009-06-24 14:55:17 ----RD---- C:\Program Files (x86)
2009-06-24 14:53:51 ----D---- C:\Windows\Prefetch
2009-06-24 14:45:44 ----D---- C:\Windows
2009-06-24 14:43:30 ----HD---- C:\ProgramData
2009-06-24 12:30:18 ----SHD---- C:\Windows\Installer
2009-06-24 12:30:17 ----D---- C:\Config.Msi
2009-06-24 11:13:49 ----RD---- C:\Program Files
2009-06-24 11:13:49 ----D---- C:\Program Files (x86)\Bonjour
2009-06-24 11:13:41 ----SHD---- C:\System Volume Information
2009-06-24 11:11:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-06-24 11:11:08 ----D---- C:\Windows\Debug
2009-06-24 00:09:58 ----D---- C:\Users\jcrioual\AppData\Roaming\Azureus
2009-06-23 23:16:19 ----D---- C:\ProgramData\Google Updater
2009-06-23 18:59:56 ----D---- C:\Windows\tracing
2009-06-23 16:04:48 ----A---- C:\vraylog.txt
2009-06-23 14:09:02 ----D---- C:\Windows\Minidump
2009-06-23 13:42:31 ----D---- C:\Windows\SysWOW64
2009-06-15 03:07:55 ----D---- C:\Windows\Microsoft.NET
2009-06-15 03:01:55 ----D---- C:\Windows\ehome
2009-06-15 03:01:28 ----D---- C:\Windows\winsxs
2009-06-13 14:57:27 ----D---- C:\Program Files (x86)\Common Files\PX Storage Engine
2009-06-11 13:03:30 ----D---- C:\ProgramData\Apple
2009-06-11 08:27:49 ----D---- C:\Program Files (x86)\Internet Explorer
2009-06-09 10:42:42 ----RSD---- C:\Windows\assembly
2009-06-09 09:51:39 ----D---- C:\Windows\rescache
2009-06-09 09:47:34 ----D---- C:\ProgramData\FLEXnet
2009-06-09 09:31:36 ----D---- C:\Windows\system32\XPSViewer
2009-06-09 09:31:36 ----D---- C:\Windows\system32\wbem
2009-06-09 09:31:36 ----D---- C:\Windows\system32\en-US
2009-06-09 09:26:22 ----D---- C:\Program Files (x86)\Common Files\Autodesk Shared
2009-06-09 09:20:33 ----D---- C:\ProgramData\Autodesk
2009-06-09 09:20:32 ----D---- C:\Program Files (x86)\Autodesk
2009-06-07 22:44:22 ----D---- C:\Program Files (x86)\Common Files\Ahead
2009-06-07 18:51:40 ----A---- C:\Windows\NeroDigital.ini
2009-06-07 09:35:41 ----D---- C:\Program Files (x86)\Common Files\Apple
2009-06-05 19:39:26 ----D---- C:\Windows\system32\spool
2009-06-05 19:39:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-06-05 19:38:24 ----SD---- C:\Windows\Downloaded Program Files
2009-06-05 19:38:24 ----D---- C:\Program Files (x86)\Common Files
2009-06-05 19:38:23 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2009-05-28 10:01:07 ----SD---- C:\Users\jcrioual\AppData\Roaming\Microsoft
2009-05-27 15:34:22 ----D---- C:\Program Files (x86)\DAEMON Tools Lite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys []
R1 epfwtdi;epfwtdi; C:\Windows\system32\DRIVERS\epfwtdi.sys []
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys []
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmpx64.sys []
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimspx64.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys []
R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter; C:\Windows\system32\DRIVERS\RTL8187Se.sys []
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 VaneFltr;Lachesis Mouse Driver; C:\Windows\system32\drivers\Lachesis.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\Windows\system32\DRIVERS\adiusbawx64.sys []
S3 altrofh9;altrofh9; C:\Windows\system32\drivers\altrofh9.sys []
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys []
S4 ahcix64;ahcix64; C:\Windows\system32\drivers\ahcix64.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 mv61xx;mv61xx; C:\Windows\system32\drivers\mv61xx.sys []
S4 nvrd64;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd64.sys []
S4 nvstor64;nvstor64; C:\Windows\system32\drivers\nvstor64.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files (x86)\a-squared Free\a2service.exe [2009-06-23 718880]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-01 79360]
R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 customsvc;Vista Session Launcher Service; C:\Program Files\OSD\Service1.exe [2008-09-30 13312]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2008-10-24 468224]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 1372672]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
R2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe []
R2 OOCleverCacheAgent;O&O CleverCache Agent; C:\Program Files\OO Software\CleverCache\ooccag.exe [2007-01-28 515344]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-02-08 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-02-08 107832]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 826368]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 WindowBlinds;Stardock WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [2008-06-20 337144]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 gupdate1c99144e3ce65a3;Service Google Update (gupdate1c99144e3ce65a3); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 CscService;Fichiers hors connexion; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2008-10-24 21760]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-06-09 1030600]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-09 651720]
S3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
S4 mi-raysat_3dsMax2009_64;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe [2008-03-10 65536]
S4 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S4 mi-raysat_3dsmax9_64;mental ray 3.5 Satellite (64-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_64server.exe [2006-09-29 65536]

-----------------EOF-----------------

Répondre à akik29
akik29   24-06-2009 à 15:38:27
- 0 +

info.txt logfile of random's system information tool 1.06 2009-06-24 15:34:38

======Uninstall list======

a-squared Free 4.5-->"C:\Program Files (x86)\a-squared Free\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
HijackThis 2.0.2-->"C:\Users\jcrioual\Desktop\DL\HijackThis.exe" /uninstall

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET Smart Security 3.0
FW: Pare-feu personnel d'ESET
AS: ESET Smart Security 3.0
AS: Spybot - Search and Destroy (disabled)
AS: AVG Anti-Spyware (disabled)
AS: Windows Defender

======System event log======

Computer Name: jcrioual02
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Installation demandée(Install Requested)
Record Number: 28890
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311020102.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: jcrioual02
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
Record Number: 28892
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311020102.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: jcrioual02
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
Record Number: 28895
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311020102.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: jcrioual02
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
Record Number: 28897
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311020102.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: jcrioual02
Event Code: 4376
Message: Servicing a requis un redémarrage pour terminer la définition du package KB905866(Update) à l’état Désinstallation demandée(Uninstall Requested)
Record Number: 28900
Source Name: Microsoft-Windows-Servicing
Time Written: 20090311020102.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

=====Application event log=====

Computer Name: jcrioual02
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 16352
Source Name: Microsoft-Windows-WMI
Time Written: 20090624125302.000000-000
Event Type: Erreur
User:

Computer Name: jcrioual02
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3105202434-2032175674-4132314093-1000:
Process 400 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3105202434-2032175674-4132314093-1000

Record Number: 16364
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090624130513.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: jcrioual02

Répondre à akik29
Destrio5   24-06-2009 à 15:55:38
- 0 +

Citation :

2009-06-17 15:35:25 ----A---- C:\Windows\system32\xa24361615.exe
2009-06-17 15:35:23 ----A---- C:\Windows\system32\xa24359930.exe


--> Tu connais ces fichiers ?

Si non, fais-les analyser sur VirusTotal et poste les liens des analyses.


Message édité par Destrio5 le 24-06-2009 à 15:55:53
Répondre à Destrio5
akik29   24-06-2009 à 17:48:47
- 0 +

Fichier xa24361615.exe

Fichier xa24361615.exe reçu le 2009.06.24 15:06:13 (UTC)
Situation actuelle: terminé

Résultat: 2/41 (4.88%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.24 -
AhnLab-V3 5.0.0.2 2009.06.24 -
AntiVir 7.9.0.193 2009.06.24 -
Antiy-AVL 2.0.3.1 2009.06.24 -
Authentium 5.1.2.4 2009.06.24 -
Avast 4.8.1335.0 2009.06.23 -
AVG 8.5.0.339 2009.06.24 -
BitDefender 7.2 2009.06.24 -
CAT-QuickHeal 10.00 2009.06.22 -
ClamAV 0.94.1 2009.06.24 -
Comodo 1404 2009.06.24 -
DrWeb 5.0.0.12182 2009.06.24 -
eSafe 7.0.17.0 2009.06.24 Win32.worm
eTrust-Vet 31.6.6577 2009.06.24 -
F-Prot 4.4.4.56 2009.06.24 -
F-Secure 8.0.14470.0 2009.06.24 -
Fortinet 3.117.0.0 2009.06.24 -
GData 19 2009.06.24 -
Ikarus T3.1.1.59.0 2009.06.24 -
Jiangmin 11.0.706 2009.06.24 -
K7AntiVirus 7.10.768 2009.06.19 -
Kaspersky 7.0.0.125 2009.06.24 -
McAfee 5655 2009.06.23 -
McAfee+Artemis 5655 2009.06.23 -
McAfee-GW-Edition 6.7.6 2009.06.24 -
Microsoft 1.4803 2009.06.24 -
NOD32 4184 2009.06.24 -
Norman 6.01.09 2009.06.23 -
nProtect 2009.1.8.0 2009.06.24 -
Panda 10.0.0.16 2009.06.24 -
PCTools 4.4.2.0 2009.06.24 -
Prevx 3.0 2009.06.24 -
Rising 21.35.24.00 2009.06.24 -
Sophos 4.42.0 2009.06.24 -
Sunbelt 3.2.1858.2 2009.06.24 VIPRE.Suspicious
Symantec 1.4.4.12 2009.06.24 -
TheHacker 6.3.4.3.352 2009.06.24 -
TrendMicro 8.950.0.1094 2009.06.24 -
VBA32 3.12.10.7 2009.06.24 -
ViRobot 2009.6.24.1802 2009.06.24 -
VirusBuster 4.6.5.0 2009.06.24 -
Information additionnelle
File size: 98589652 bytes
MD5 : 908e032a3437b9152bd5a409aab3cf80
SHA1 : 82b2066b3adacfce005cc95dcc5b9d4ebe9b9c5d
SHA256: 20e0474ef9b94bc24602664fe1d822afd5dd60411f7d72549340b1cadd583c33
TrID : File type identification
WinRAR Self Extracting archive (63.5%)
Win32 Dynamic Link Library - Borland C/C++ (27.0%)
InstallShield setup (5.2%)
DOS Executable Borland C++ (1.5%)
Win32 Executable Generic (1.0%)
ssdeep: 1572864:HCQe/1SFYrP9V/NCSEifZehtZasYwwl8rLDunW8lJUt6/BlvVVpeNDjQubHT9rkl:HCQeWkP9ZtffKasYww+LiHm65lZcrbz2
PEiD : -
RDS : NSRL Reference Data Set


Message édité par akik29 le 24-06-2009 à 18:26:04
Répondre à akik29
Destrio5   24-06-2009 à 18:30:49
- 0 +

Ce n'est pas flagrant.

Tu pourrais m'envoyer un exemplaire sur destrio5@free.fr en pièce jointe ?

Répondre à Destrio5
akik29   24-06-2009 à 19:00:31
- 0 +

Pour le second il me re-envoi vers le meme rapport que precedement ...

Répondre à akik29
Destrio5   24-06-2009 à 19:23:35
- 0 +

Un exemple de fichier douteux et non du rapport.

Répondre à Destrio5
akik29   24-06-2009 à 20:38:01
- 0 +

ahh ok ... Dsl
Mais ca va etre chaud il font 60 et 94 Mo ...


Message édité par akik29 le 24-06-2009 à 20:39:06
Répondre à akik29
akik29   25-06-2009 à 11:17:29
- 0 +

Le truc c est que j ai 16 Svchost.exe de lancé dont 2 qui me prennent particulierement ma memoire ( 150 000 et 120 000 ) je crois savoir que ce service est incontournable et concerne les DLL de certains programmes... Comment pourrais-je les identifier et savoir si je peux les supprimer du pc ou arreter au demarage ...
Merci

Répondre à akik29
Destrio5   25-06-2009 à 14:39:35
- 0 +

C'est possible avec le logiciel Process Explorer.

Répondre à Destrio5
akik29   25-06-2009 à 14:48:40
- 0 +

oki mci je vais voir ca

Répondre à akik29
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > PC super lent ... trop de processus ou virus ?
Aller à :

Il y a 219 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,265 secondes
Liens