> Tous les forums > Forum Sécurité
 PC qui rame par saccade
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
phipiemar1966
  Posté le 16/07/2010 @ 15:53 
Aller en bas de la page 
Petit astucien

Bien le bonjour,

Je tourne sous Vista avec un PC à jour et sans avoir été infecté. Mais depuis quelque jours, il rame par saccade. J'ai vérifié s'il y avait une quelconque infection mais RIEN. J'ai fait un scandisk pour vérifier la base de registre et rien. J'ai également nettoyé ce qui trainait d'anciens programmes désintallés depuis longtemps.

Donc auriez-vous une idée? A tout hasard, voici un scan hijackthis au cas où j'aurai louper quelque chose.

En vous remerciant d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:10, on 17/07/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\Philippe\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Defraggler\Defraggler.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Philippe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10719 bytes

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:32:10, on 17/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe

C:\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Users\Philippe\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\Program Files\Defraggler\Defraggler.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Philippe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O13 - Gopher Prefix:

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 10719 bytes

Publicité
Anonyme
 Posté le 16/07/2010 à 16:16 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonjour et bienvenue sur PC Astuces,

*

Un rapport Hijackhtis n'est pas assez complet.

Toutefois on peux voir de suite que Chrome a une multiplication de processus anormale (15 processus)

Une barre d'outils semble suspecte.

(et accessoirement il reste aussi des traces de Norton qui a été mal désinstallé)

Afin qu'un membre du Groupe Sécurité puisse effectuer un premier diagnostic peux tu suivres les consignes ci dessous s'il te plait ? (et poster les rapports)

Bonne réception



Modifié par Anonyme le 16/07/2010 16:19
phipiemar1966
 Posté le 16/07/2010 à 16:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

OK, merci

phipiemar1966
 Posté le 16/07/2010 à 16:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voici les résultats par rapport à la première partie de l'aide au diagnostic d'un PC infecté :

Logfile of random's system information tool 1.08 (written by random/random)

Run by Philippe at 2010-07-17 16:19:31

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2

System drive C: has 180 GB (39%) free of 464 GB

Total RAM: 2941 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:20:19, on 17/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18928)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe

C:\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

C:\Users\Philippe\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Philippe\Downloads\RSIT.exe

C:\Program Files\trend micro\Philippe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -k

O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Philippe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Easybits Shared Services for Windows (ezSharedSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 24296 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Defraggler Volume C Task.job

C:\Windows\tasks\GlaryInitialize.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-155214173-2786451729-1270170444-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-155214173-2786451729-1270170444-1000UA.job

C:\Windows\tasks\User_Feed_Synchronization-{C7BF2F6B-53DD-4943-A052-0E2B81ABB8B9}.job

C:\Windows\tasks\User_Feed_Synchronization-{E399D81D-236B-4D8D-9970-1E021D8AF0E7}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-09-20 1172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD39}]

PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-05-17 420632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-09-20 158008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - PDFXChange 4.0 - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll [2010-05-17 420632]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Barre d'outils - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-09-20 1172280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-24 6789664]

"BackupManagerTray"=C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [2009-03-10 250624]

"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [2009-04-15 440864]

"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-02-12 862728]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-02-06 1430824]

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-04-15 2176512]

"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-02-24 1833504]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"=C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [2009-03-18 1160736]

"AnyDVD"=C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-07-14 4430784]

"Google Update"=C:\Users\Philippe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-15 133104]

"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]

"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\system32\EZUPBH~1.DLL [2009-10-14 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-17 16:19:31 ----D---- C:\rsit

2010-07-17 15:31:31 ----D---- C:\Program Files\Trend Micro

2010-07-08 01:01:55 ----D---- C:\Users\Philippe\AppData\Roaming\vlc

2010-07-07 20:04:08 ----D---- C:\ProgramData\Yahoo! Companion

2010-06-24 20:33:34 ----D---- C:\Windows\system32\WindowsPowerShell

2010-06-24 20:31:06 ----A---- C:\Windows\system32\winrsmgr.dll

2010-06-24 20:30:42 ----A---- C:\Windows\system32\wsmprovhost.exe

2010-06-24 20:30:42 ----A---- C:\Windows\system32\winrshost.exe

2010-06-24 20:30:42 ----A---- C:\Windows\system32\winrs.exe

2010-06-24 20:30:39 ----A---- C:\Windows\system32\wsmplpxy.dll

2010-06-24 20:30:39 ----A---- C:\Windows\system32\winrssrv.dll

2010-06-24 20:30:36 ----A---- C:\Windows\system32\wecapi.dll

2010-06-24 20:30:35 ----A---- C:\Windows\system32\WsmRes.dll

2010-06-24 20:30:35 ----A---- C:\Windows\system32\wevtfwd.dll

2010-06-24 20:30:35 ----A---- C:\Windows\system32\wecutil.exe

2010-06-24 20:30:35 ----A---- C:\Windows\system32\wecsvc.dll

2010-06-24 20:30:35 ----A---- C:\Windows\system32\pwrshplugin.dll

2010-06-24 20:30:26 ----A---- C:\Windows\system32\winrm.vbs

2010-06-24 20:30:22 ----A---- C:\Windows\system32\WsmWmiPl.dll

2010-06-24 20:30:22 ----A---- C:\Windows\system32\WsmAuto.dll

2010-06-24 20:30:22 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll

2010-06-24 20:30:22 ----A---- C:\Windows\system32\winrscmd.dll

2010-06-24 20:30:21 ----A---- C:\Windows\system32\WsmSvc.dll

2010-06-24 20:30:21 ----A---- C:\Windows\system32\WSManHTTPConfig.exe

2010-06-24 06:14:45 ----D---- C:\Program Files\Microsoft.NET

2010-06-24 06:11:52 ----A---- C:\Windows\system32\PresentationHostProxy.dll

2010-06-24 06:11:52 ----A---- C:\Windows\system32\PresentationHost.exe

2010-06-24 06:11:51 ----A---- C:\Windows\system32\netfxperf.dll

2010-06-24 06:11:51 ----A---- C:\Windows\system32\mscoree.dll

2010-06-24 06:11:51 ----A---- C:\Windows\system32\dfshim.dll

2010-06-24 06:05:20 ----A---- C:\Windows\system32\Apphlpdm.dll

2010-06-24 06:05:19 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

======List of files/folders modified in the last 1 months======

2010-07-17 16:19:25 ----D---- C:\Windows\Temp

2010-07-17 16:12:19 ----D---- C:\Users\Philippe\AppData\Roaming\Skype

2010-07-17 16:11:03 ----D---- C:\Users\Philippe\AppData\Roaming\skypePM

2010-07-17 15:59:24 ----D---- C:\Windows\Prefetch

2010-07-17 15:31:31 ----RD---- C:\Program Files

2010-07-17 11:41:57 ----D---- C:\Windows\system32\Tasks

2010-07-17 10:51:56 ----SHD---- C:\System Volume Information

2010-07-17 10:37:14 ----D---- C:\Users\Philippe\AppData\Roaming\Spyware Terminator

2010-07-17 10:37:00 ----D---- C:\ProgramData\Spyware Terminator

2010-07-15 23:30:21 ----A---- C:\Windows\NeroDigital.ini

2010-07-15 20:14:23 ----D---- C:\Users\Philippe\AppData\Roaming\TeamViewer

2010-07-15 11:12:53 ----D---- C:\Program Files\CDBurnerXP

2010-07-15 11:12:42 ----D---- C:\Windows\system32\drivers

2010-07-15 11:01:17 ----D---- C:\Windows\winsxs

2010-07-15 10:41:03 ----D---- C:\Windows\system32\catroot

2010-07-15 10:40:23 ----D---- C:\Program Files\Windows Mail

2010-07-15 10:22:19 ----D---- C:\Windows\Debug

2010-07-15 08:36:36 ----D---- C:\Windows\system32\catroot2

2010-07-14 21:15:20 ----D---- C:\Users\Philippe\AppData\Roaming\UseNeXT

2010-07-13 12:57:22 ----D---- C:\Program Files\FairUse Wizard 2

2010-07-13 12:28:30 ----D---- C:\Windows\System32

2010-07-13 12:28:30 ----D---- C:\Windows\inf

2010-07-13 12:28:30 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-07-12 22:38:33 ----D---- C:\Windows\BDOSCAN8

2010-07-12 22:32:13 ----SD---- C:\Windows\Downloaded Program Files

2010-07-12 22:32:11 ----D---- C:\Windows

2010-07-08 01:06:08 ----D---- C:\Users\Philippe\AppData\Roaming\uTorrent

2010-07-08 01:00:00 ----D---- C:\Program Files\Defraggler

2010-07-07 20:04:35 ----A---- C:\Windows\wininit.ini

2010-07-07 20:04:13 ----D---- C:\ProgramData\Yahoo!

2010-07-07 20:04:13 ----D---- C:\Program Files\Yahoo!

2010-07-07 20:04:08 ----HD---- C:\ProgramData

2010-07-05 09:34:00 ----D---- C:\Windows\system32\LogFiles

2010-07-05 08:56:53 ----SHD---- C:\Windows\Installer

2010-07-05 08:55:04 ----D---- C:\Program Files\Common Files\microsoft shared

2010-07-05 01:44:10 ----D---- C:\Program Files\Google

2010-07-04 15:04:36 ----D---- C:\Program Files\Glary Utilities

2010-07-04 15:02:17 ----D---- C:\Windows\Tasks

2010-07-02 21:39:05 ----A---- C:\Windows\system32\mrt.exe

2010-06-30 19:57:42 ----D---- C:\Program Files\CCleaner

2010-06-24 20:54:44 ----D---- C:\Windows\Microsoft.NET

2010-06-24 20:54:41 ----RSD---- C:\Windows\assembly

2010-06-24 20:42:30 ----D---- C:\Windows\rescache

2010-06-24 20:33:37 ----D---- C:\Windows\system32\fr-FR

2010-06-24 20:33:37 ----D---- C:\Windows\PolicyDefinitions

2010-06-24 20:19:14 ----D---- C:\Windows\AppPatch

2010-06-24 06:15:15 ----D---- C:\Windows\system32\en-US

2010-06-22 12:27:26 ----D---- C:\Program Files\Windows Sidebar

2010-06-20 20:27:28 ----D---- C:\Users\Philippe\AppData\Roaming\FrostWire

2010-06-20 10:45:14 ----D---- C:\Users\Philippe\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ahcix86s;ahcix86s; C:\Windows\system32\DRIVERS\ahcix86s.sys [2008-10-03 183312]

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2008-04-27 14352]

R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-10-20 721904]

R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-30 13824]

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-09-15 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560]

R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]

R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]

R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\Windows\system32\drivers\sp_rsdrv2.sys [2009-10-16 142592]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-03 8704]

R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-06-09 106432]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-05-28 1870848]

R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-02-09 4172800]

R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-24 2327968]

R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]

R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-30 14848]

R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIV.sys [2008-12-24 155808]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]

R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2008-10-10 23096]

R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS []

S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []

S3 ampxzt24;ampxzt24; C:\Windows\system32\drivers\ampxzt24.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]

S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []

S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []

S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-02-23 62976]

S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 7168]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys []

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2009-02-09 724992]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]

R2 ePowerSvc;Acer ePower Service; C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-04-15 703008]

R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]

R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096]

R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-03-10 44800]

R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]

R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-04-15 488960]

R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]

R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]

R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-31 133104]

S2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-14 647680]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-14 182768]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-04-28 529704]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []

-----------------EOF-----------------

phipiemar1966
 Posté le 16/07/2010 à 16:41 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Suite première partie :

info.txt logfile of random's system information tool 1.08 2010-07-17 16:20:22

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

AMD USB Audio Driver Filter-->MsiExec.exe /X{C2F62AF2-8748-4CAE-BE53-1AF4763CFC15}

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Catalyst Control Center - Branding-->MsiExec.exe /I{92ABBA93-EE00-41C7-8D44-67D0C9DEF51E}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"

CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall

CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall

Defraggler-->"C:\Program Files\Defraggler\uninst.exe"

EasyBits Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe

FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"

Free DWG Viewer 6.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly

FrostWire 4.20.5-->C:\Program Files\FrostWire\Uninstall.exe

Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}

Glary Utilities 2.26.0.956-->"C:\Program Files\Glary Utilities\unins000.exe"

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{C2D129C0-7508-11DF-9F1B-005056806466}

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hitman Pro 3.5-->"C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Identity Card-->C:\Program Files\Packard Bell\Identity Card\Uninstall.exe

InfoCentre-->C:\Program Files\Packard Bell\InfoCentre\Uninstall.exe

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}

Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}

K-Lite Mega Codec Pack 6.0.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile FRA Language Pack-->MsiExec.exe /X{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}

Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe

Module linguistique Microsoft .NET Framework 4 Client Profile FRA-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1036 /parameterfolder ClientLP

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nero 8 Essentials-->MsiExec.exe /X{5C1BF3AC-B19D-4C26-B0A0-90833A521036}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

OpenOffice.org 3.2-->MsiExec.exe /I{4EE2EF4B-25D3-4D44-8384-A2B96F811F55}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Packard Bell Customer Registration-->C:\Program Files\Packard Bell\Packard Bell Customer Registration\Uninstall.exe

Packard Bell MyBackup-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x040c

Packard Bell PowerSave Solution-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x040c -removeonly

Packard Bell Recovery Management-->"C:\Program Files\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x040c -removeonly

PackardBell ScreenSaver-->C:\Windows\Screensavers\PackardBell\Uninstall.exe

PDF-XChange 4 Pro-->"C:\Program Files\Tracker Software\PDF-XChange 4\unins000.exe"

PDF-XChange Shell Extensions-->"C:\Program Files\Tracker Software\Shell Extensions\unins000.exe"

Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709

Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x040c -removeonly

Recover My Files-->"C:\Program Files\GetData\Recover My Files v4\unins000.exe"

SetUpMyPC-->C:\Program Files\Packard Bell\SetUpMyPC\Uninstall.exe

Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}

Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe

TIF to PDF Converter 3.20-->"C:\Program Files\PDFArea\TIF to PDF Converter\unins000.exe"

TomTom HOME 2.7.5.2014-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe

TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Updator-->C:\Program Files\Packard Bell\Updator\Uninstall.exe

UseNeXT-->"C:\Program Files\UseNeXT\unins000.exe"

Video Web Camera-->C:\Program Files\InstallShield Installation Information\{12A1B519-5934-4508-ADBD-335347B0DC87}\setup.exe -runfromtemp -l0x040c

VLC media player 1.1.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}

Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}

Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}

Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354}

Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

Yahoo! Barre d'outils-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

======Security center information======

AS: Windows Defender

AS: Spyware Terminator

======System event log======

Computer Name: PC-de-Philippe

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.

Record Number: 45825

Source Name: disk

Time Written: 20091214094837.719000-000

Event Type: Avertissement

User:

Computer Name: PC-de-Philippe

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.

Record Number: 45824

Source Name: disk

Time Written: 20091214094837.719000-000

Event Type: Avertissement

User:

Computer Name: PC-de-Philippe

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.

Record Number: 45823

Source Name: disk

Time Written: 20091214094837.719000-000

Event Type: Avertissement

User:

Computer Name: PC-de-Philippe

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.

Record Number: 45822

Source Name: disk

Time Written: 20091214094837.719000-000

Event Type: Avertissement

User:

Computer Name: PC-de-Philippe

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.

Record Number: 45821

Source Name: disk

Time Written: 20091214094837.719000-000

Event Type: Avertissement

User:

=====Application event log=====

Computer Name: PC-de-Philippe

Event Code: 10

Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.

Record Number: 1302

Source Name: Microsoft-Windows-WMI

Time Written: 20091014004302.000000-000

Event Type: Erreur

User:

Computer Name: WIN-878JGBUBOSB

Event Code: 1008

Message: Le service Windows Search tente de supprimer l’ancien catalogue.

Record Number: 1289

Source Name: Microsoft-Windows-Search

Time Written: 20091014003410.000000-000

Event Type: Avertissement

User:

Computer Name: WIN-878JGBUBOSB

Event Code: 1036

Message: Échec de InitializePrintProvider pour le fournisseur inetpp.dll. Cela peut se produire à la suite d’une instabilité du système ou d’une insuffisance des ressources système.

Record Number: 1071

Source Name: Microsoft-Windows-SpoolerSpoolss

Time Written: 20091014002956.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: WIN-878JGBUBOSB

Event Code: 1530

Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-754212188-146318468-4019971327-500_Classes:

Process 1144 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-754212188-146318468-4019971327-500_CLASSES

Record Number: 1052

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20090324122313.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

Computer Name: WIN-878JGBUBOSB

Event Code: 1530

Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

DÉTAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-754212188-146318468-4019971327-500:

Process 1144 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-754212188-146318468-4019971327-500

Record Number: 1051

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20090324122313.000000-000

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

=====Security event log=====

Computer Name: WIN-878JGBUBOSB

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : WIN-878JGBUBOSB$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

Informations sur le processus :

ID du processus : 0x2a0

Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :

Adresse du réseau : -

Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 1521

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090324121834.949950-000

Event Type: Succès de l'audit

User:

Computer Name: WIN-878JGBUBOSB

Event Code: 4672

Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 1520

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090324121834.731550-000

Event Type: Succès de l'audit

User:

Computer Name: WIN-878JGBUBOSB

Event Code: 4624

Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : WIN-878JGBUBOSB$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :

ID de sécurité : S-1-5-18

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :

ID du processus : 0x2a0

Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :

Nom de la station de travail :

Adresse du réseau source : -

Port source : -

Informations détaillées sur l’authentification :

Processus d’ouverture de session : Advapi

Package d’authentification : Negotiate

Services en transit : -

Nom du package (NTLM uniquement) : -

Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.

- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .

- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.

- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.

- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.

Record Number: 1519

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090324121834.731550-000

Event Type: Succès de l'audit

User:

Computer Name: WIN-878JGBUBOSB

Event Code: 4648

Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :

ID de sécurité : S-1-5-18

Nom du compte : WIN-878JGBUBOSB$

Domaine du compte : WORKGROUP

ID d’ouverture de session : 0x3e7

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :

Nom du compte : SYSTEM

Domaine du compte : AUTORITE NT

GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :

Nom du serveur cible : localhost

Informations supplémentaires : localhost

Informations sur le processus :

ID du processus : 0x2a0

Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :

Adresse du réseau : -

Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.

Record Number: 1518

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090324121834.731550-000

Event Type: Succès de l'audit

User:

Computer Name: WIN-878JGBUBOSB

Event Code: 1102

Message: Le journal d’audit a été effacé.

Objet :

ID de sécurité : S-1-5-21-754212188-146318468-4019971327-500

Nom de compte : Administrator

Nom de domaine : WIN-878JGBUBOSB

ID de connexion : 0x29e50

Record Number: 1517

Source Name: Microsoft-Windows-Eventlog

Time Written: 20090324121823.967550-000

Event Type: Succès de l'audit

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=17

"PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=0301

"NUMBER_OF_PROCESSORS"=1

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

phipiemar1966
 Posté le 16/07/2010 à 16:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Et en final, la partie correspondante à votre deuxième partie de l'aide au diagnostique. Mais je me suis juste permis une déviation. Avant d'installer MBAM, je me suis dit que le rapport de spyware terminator vous suffirait peut-être. Si non, j'installerai MBAM.

Logfile of Spyware Terminator v2.6.9.132 (db:4.007.013.000)

Scan Time: 15/07/2010 8:20:20 length: 9712 s

Platform: VISTA (6.0.0.6002)

User: Admin

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 69014 (Critical:0)

Filter: No System items, No Safe items, No Invalid items

Running Processes

SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe

ePowerSvc.exe [Acer Incorporated] : C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe

NBService.exe [Nero AG] : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

NMSAccessU.exe : C:\Program Files\CDBurnerXP\NMSAccessU.exe

IScheduleSvc.exe [NewTech Infosystems, Inc.] : C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

IoctlSvc.exe [Prolific Technology Inc.] : C:\Windows\system32\IoctlSvc.exe

TeamViewer_Service.exe [TeamViewer GmbH] : C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

TomTomHOMEService.exe [TomTom] : C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

YahooAUService.exe [Yahoo! Inc.] : C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

BackupManagerTray.exe [NewTech Infosystems, Inc.] : C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

LManager.exe [Dritek System Inc.] : C:\Program Files\Launch Manager\LManager.exe

jusched.exe [Sun Microsystems, Inc.] : C:\Program Files\Common Files\Java\Java Update\jusched.exe

SmpSys.exe [Acer Incorporated] : C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

AnyDVDtray.exe [SlySoft, Inc.] : C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

MOM.exe [Advanced Micro Devices Inc.] : C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

ePowerTray.exe [Acer Incorporated] : C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe

GoogleCrashHandler.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe

RtkBtMnt.exe [Realtek Semiconductor Corp.] : C:\Users\Philippe\AppData\Local\Temp\RtkBtMnt.exe

ePowerEvent.exe [Acer Incorporated] : C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerEvent.exe

CCC.exe [ATI Technologies Inc.] : C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

wmplayer.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmplayer.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

chrome.exe [Google Inc.] : C:\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe

df.exe [Piriform Ltd] : C:\Program Files\Defraggler\df.exe

Internet Settings

R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=080c&s=2&o=vb32&d=1009&m=easynote_lj61

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO

02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

02 - BHO: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - [Tracker Softaware] : C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

02 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - [Yahoo! Inc] : C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

Toolbars

03 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - [Tracker Softaware] : C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

03 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

StartUps

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SmpcSys : [Acer Incorporated] : C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AnyDVD : [SlySoft, Inc.] : C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Google Update : [Google Inc.] : C:\USERS\PHILIPPE\APPDATA\LOCAL\GOOGLE\UPDATE\GOOGLEUPDATE.EXE

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, TomTomHOME.exe : [TomTom] : C:\Program Files\TOMTOM HOME 2\TOMTOMHOMERUNNER.EXE

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BackupManagerTray : [NewTech Infosystems, Inc.] : C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Acer ePower Management : [Acer Incorporated] : C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LManager : [Dritek System Inc.] : C:\Program Files\Launch Manager\LManager.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched : [Sun Microsystems, Inc.] : C:\Program Files\Common Files\Java\Java Update\jusched.exe

Shell Extensions

CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

Shell Icon Handler for Application References - {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} - [Microsoft Corporation] : C:\Windows\system32\dfshim.dll

ShellLink for Application References - {e82a2d71-5b2f-43a0-97b8-81be15854de8} - [Microsoft Corporation] : C:\Windows\system32\dfshim.dll

Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\Windows\MSAgent\agentpsh.dll

CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll

&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll

- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll

Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\RUNDLL32.EXE

Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll

PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll

Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll

Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll

CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

SimpleShlExt Class - {5E2121EE-0300-11D4-8D3B-444553540000} - [Advanced Micro Devices, Inc.] : C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

PDF-XChange PDF Preview Provider - {CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} - [Tracker Software Products Ltd.] : C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

PDF-XChange PDF Property Handler - {67EB453C-1BE1-48EC-AAF3-23B10277FCC1} - [Tracker Software Products Ltd.] : C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

PDF-XChange PDF Thumbnail Provider - {EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} - [Tracker Software Products Ltd.] : C:\Program Files\Tracker Software\Shell Extensions\XCShInfo.dll

Enhanced Storage Data Source - {9113A02D-00A3-46B9-BC5F-9C04DADDD5D7} - [Microsoft Corporation] : C:\Windows\system32\EhStorShell.dll

- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE

Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE

Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE

Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Shell Extecute Hooks

EasyBits ShellExecute Hook - {{E54729E8-BB3D-4270-9D49-7389EA579090}} - [EasyBits Software Corp.] : C:\Windows\system32\ezUPBHook.dll

Protocol Handler

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll

MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

Microsoft Infotech Storage Protocol for IE 4.0 - {0A9007C0-4076-11D3-8789-0000F8105754} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll

Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

Services

23 - [Advanced Micro Devices, Inc] : C:\Windows\system32\DRIVERS\ahcix86s.sys

23 - [SlySoft, Inc.] : C:\Windows\system32\Drivers\AnyDVD.sys

23 - [ALWIL Software] : C:\Windows\system32\DRIVERS\aswMonFlt.sys

23 - [Atheros Communications, Inc.] : C:\Windows\system32\DRIVERS\athr.sys

23 - [ATI Technologies Inc.] : C:\Windows\system32\DRIVERS\atikmdag.sys

23 - [ATI Technologies Inc.] : C:\Windows\system32\DRIVERS\AtiPcie.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\bowser.sys

23 - [Microsoft Corporation] : C:\Windows\system32\Drivers\dfsc.sys

23 - [Dritek System Inc.] : C:\Windows\system32\DRIVERS\DKbFltr.sys

23 - [Dritek System Inc.] : C:\Program Files\Launch Manager\DPortIO.sys

23 - [Acer Incorporated] : C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe

23 - [Realtek Semiconductor Corp.] : C:\Windows\system32\drivers\RTKVHDA.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\msiscsi.sys

23 - [Broadcom Corporation] : C:\Windows\system32\DRIVERS\k57nd60x.sys

23 - [Conexant] : C:\Windows\system32\DRIVERS\mdmxsdk.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mrxsmb10.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys

23 - [Nero AG] : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

23 - : C:\Program Files\CDBurnerXP\NMSAccessU.exe

23 - [NewTech Infosystems, Inc.] : C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

23 - [NewTech Infosystems, Inc.] : C:\Windows\system32\Drivers\NTIDrvr.sys

23 - [Prolific Technology Inc.] : C:\Windows\system32\IoctlSvc.exe

23 - [Microsoft Corporation] : C:\Windows\system32\drivers\rdpencdd.sys

23 - [Realtek Semiconductor Corp.] : C:\Windows\system32\drivers\RtHDMIV.sys

23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe

23 - : C:\Windows\system32\Drivers\sptd.sys

23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys

23 - [Synaptics Incorporated] : C:\Windows\system32\DRIVERS\SynTP.sys

23 - [TeamViewer GmbH] : C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

23 - [TomTom] : C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

23 - [Advanced Micro Devices Inc.] : C:\Windows\system32\DRIVERS\usbfilter.sys

23 - [Conexant Systems, Inc.] : C:\Windows\system32\DRIVERS\XAudio32.sys

23 - [Yahoo! Inc.] : C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Advanced Files Report

%SYSDIR%\RtkAPO.dll [Realtek Semiconductor Corp.] [Realtek(r) LFX/GFX DSP component] MD5=07CBB74931E15BEFBDEB563D46C19ABD SIZE=2523680

%SYSDIR%\ezsvc7.dll [EasyBits Sofware AS] MD5=42F721C52EEF2D6DF9372A53813A83EF SIZE=129992

%SYSDIR%\ezsvc7x.dll [EasyBits Software AS] MD5=63B85A580D21AF9BC788FE69854FABD7 SIZE=588472

%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=862BB4CBC05D80C5B45BE430E5EF872F SIZE=3408896

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\SysHook.dll [Acer Incorporated] [Acer ePower Management] MD5=56B525244C91E5C7EEE015C952FCADA1 SIZE=215584

%SYSDIR%\pxc40pm.dll [Tracker Software Products Ltd.] [PDF-XChange 4.0 Port Monitor] MD5=5B1ABD030F0103369B7587E21BB38D43 SIZE=54040

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe [Acer Incorporated] [Acer ePower Management] MD5=4186146FD69EACC966DC755655B91C9C SIZE=703008

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\PowerSettingControl.dll [Acer Incorporated] [Acer ePower Management] MD5=83F98F7FA67A8178D3F0B12CCF7A74D2 SIZE=31776

%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] [Nero BackItUp] MD5=40D7D0A208EE863BCA8D89E299216F15 SIZE=877864

%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NB.dll [Nero AG] [Nero BackItUp] MD5=19AE1EC46E151A779280E4EBBF657AB6 SIZE=1033512

%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll [Nero AG] [NeroAPIGlueLayerUnicode] MD5=F5CC2BFDC82DC9B427E8AE270857DDA5 SIZE=140584

%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\LBFC.dll [Nero AG] [Nero BackItUp] MD5=3829485A8DDEB1264EA9814F2AAF3270 SIZE=431400

%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBHDMgr.dll [Nero AG] [Nero BackItUp] MD5=D6B4793FD5BB8FB3F94AD9886E624D13 SIZE=578856

%PROGRAMFILES%\CDBurnerXP\NMSAccessU.exe MD5=FD306FBCCE7ADB1077B709742E7148E9 SIZE=71096

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [NewTech Infosystems, Inc.] MD5=952BF6DFC96E3E94D1D88FD0B78EC443 SIZE=44800

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\ISchedule.dll [NewTech Infosystems, Inc.] MD5=2B2F008604E4B650AACAFBDBBDFF072F SIZE=391680

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\SyncDll.dll [NewTech Infosystems, Inc.] MD5=19364E18E98CE54F45AFD712D5B79A93 SIZE=349184

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll MD5=BD8146312FFE5F51DA66E7725E989E36 SIZE=460199

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\agent_stub.dll [NewTech Infosystems, Inc.] MD5=8FEA1A077C222C96579100309841EE54 SIZE=39424

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\ACE.dll [ACE] MD5=484B0D16F7D2A1BF51E84D6A9636E0B1 SIZE=1076224

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\VssAgent.dll [NewTech Infosystems, Inc.] MD5=82A90E9435BED67788B16DBE5BE9830D SIZE=78848

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\IShadowS3.dll [NewTech Infosystems, Inc.] MD5=EE35FE0FA464FB8C738F4DCC5C3B01CB SIZE=328704

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\Pehook.dll [NewTech Infosystems, Inc.] MD5=9C2E9DD34814DBE6FFC9A654F659A656 SIZE=44544

%SYSDIR%\IoctlSvc.exe [Prolific Technology Inc.] [IoctlSvc Application] MD5=875E4E0661F3A5994DF9E5E3A0A4F96B SIZE=81920

%PROGRAMFILES%\TeamViewer\Version5\TeamViewer_Service.exe [TeamViewer GmbH] [TeamViewer] MD5=9993A46795FEE757D418119A00FA2FDC SIZE=173352

%PROGRAMFILES%\TomTom HOME 2\TomTomHOMEService.exe [TomTom] [TomTom HOME] MD5=F32E7CD2339C66760AA5178924B21E6B SIZE=92008

%PROGRAMFILES%\Yahoo!\SoftwareUpdate\YahooAUService.exe [Yahoo! Inc.] [Yahoo! AutoUpdater] MD5=DD0042F0C3B606A6A8B92D49AFB18AD6 SIZE=602392

%SYSDIR%\atiumdag.dll [ATI Technologies Inc.] [ATI Technologies Inc. Radeon DirectX Universal Driver] MD5=B4ECEEADF439A8DD27B953B0F3C2E202 SIZE=4033536

%SYSDIR%\atiumdva.dll [ATI Technologies Inc.] [ATI Technologies Inc. Radeon Video Acceleration Universal Driver] MD5=5E0E3F5BAD6F6C81A01390D3AE5C6F9E SIZE=4754944

%PROGRAMFILES%\SlySoft\AnyDVD\ADvdDiscHlp.dll [SlySoft, Inc.] [AnyDVD] MD5=0FCD4C793E63D1F34D5F20132ADB4318 SIZE=129984

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\atiamfra.dll [Advanced Micro Devices, Inc.] [AMD Desktop Component] MD5=FA1F1EDE325B949F3D0A33EEE213BBB1 SIZE=3584

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Advanced Micro Devices, Inc.] [AMD Desktop Component] MD5=2FD8D38608ABE4C3055388525C2562BF SIZE=704512

%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] [Nero BackItUp] MD5=F05BC410394B187261FA1456D5606DFF SIZE=263464

%PROGRAMFILES%\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=6CFD3C40CD020DC633A6DA336E470EFD SIZE=2106664

%PROGRAMFILES%\NewTech Infosystems\Packard Bell MyBackup\lang.dll [NewTech Infosystems, Inc.] [Packard Bell MyBackup] MD5=CB48BCCF49BEA27D41E85B2ADF71334A SIZE=7680

%SYSDIR%\atitmmxx.dll [TMM Com Clone Control Module] MD5=AB569F241A3E9D6374C4C90BBE4C9662 SIZE=159744

%PROGRAMFILES%\Launch Manager\ComFnUtl.dll [Dritek System Inc.] [ComFnUtl.dll] MD5=6C8C5AB5326A5F5A891E9F4D69076FD3 SIZE=98378

%PROGRAMFILES%\Launch Manager\SzUPFUtl.dll [Dritek System Inc.] [Dritek System Inc. SzUPFUtl 6.28.2000 ( VC60 )] MD5=35EAFA4F987A2B05F110C54173836066 SIZE=61440

%PROGRAMFILES%\Launch Manager\CDRomUtl.dll [Dritek System Inc.] [Dritek System Inc. CDRomUtl 6.14.2000 ( VC60 )] MD5=1D45A7FF7949628D466E0E884EECAA85 SIZE=40960

%PROGRAMFILES%\Launch Manager\MixerUtl.dll [Dritek System Inc.] [Dritek System Inc. MixerUtl 6.14.2000 ( VC60 )] MD5=8E3122A02C3981A9681C814E2AE102F1 SIZE=61440

%PROGRAMFILES%\Launch Manager\Wnd2File.dll [Dritek System Inc.] [Dritek System Inc. Wnd2File 12.23.1999 ( VC60 )] MD5=C9A8F1D76F468EB1C6E05949F5485B0D SIZE=53248

%PROGRAMFILES%\Launch Manager\PowerUtl.dll MD5=5B2F136FFB0291EFB259F2AB22CD35A2 SIZE=57344

%PROGRAMFILES%\Launch Manager\OSDUtl2.dll [Dritek System Inc.] [Dritek System Inc. OSD Library 2] MD5=5FBCF7D595B7B8D30866BB2D8DC1107C SIZE=277000

%PROGRAMFILES%\Launch Manager\LgKCUtl.Dll [Dritek System Inc.] [LgKCUtl.DLL] MD5=0EDF40E039D92EA5EB26BF01BE9ECC50 SIZE=77824

%PROGRAMFILES%\Launch Manager\NTKCUtl.dll [Dritek System Inc.] [HotKey Hooker for WinNT] MD5=E8C3D3CC6C8754529BE59FBA15695A14 SIZE=59912

%PROGRAMFILES%\Launch Manager\VistaVol.DLL [Dritek System Inc.] [Windows Vista Master Volume Control Library] MD5=DE6BBA32841A110C5B26F2B1567A4EBC SIZE=158216

%PROGRAMFILES%\Launch Manager\MMDUtl.DLL [Dritek System Inc.] [MMDUtl.DLL] MD5=CA209F3FE576119A5F8AB7F37DA16522 SIZE=252424

%SYSDIR%\SynCOM.dll [Synaptics Incorporated] [COM SDK] MD5=0F897576E05A0450D0776CEFD93DD3AF SIZE=169256

%SYSDIR%\SynTPAPI.dll [Synaptics Incorporated] [Synaptics Pointing Device Driver] MD5=98C80F5AE14EBE0F5AA5E8C56E3F86CE SIZE=161064

%SYSDIR%\ElbyCDIO.dll [Elaborate Bytes AG] [Elaborate Bytes CDRTools] MD5=BCCC2CD66CE7CBB5DF0E63B3FE67B4EA SIZE=89256

%PROGRAMFILES%\SlySoft\AnyDVD\AnyDialog.dll [SlySoft, Inc.] [AnyDVD] MD5=AD62F1E47444751A8615066D5A7F2E05 SIZE=1064896

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [Advanced Micro Devices Inc.] [Catalyst Control Centre] MD5=33C014C1709F7222CEFF61B780EDC967 SIZE=49152

%WINDIR%\assembly\GAC_MSIL\MOM.Implementation\2.0.3327.19720__90ba9c70f846762e\MOM.Implementation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=3570ACCCCB3B07CE9425595726AF9979 SIZE=106496

%WINDIR%\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=7C3009AB2CAF8E66CB57DA6E48970E63 SIZE=32768

%WINDIR%\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=6452EAF20D5579385830DE5D203ED35F SIZE=32768

%WINDIR%\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3327.19718__90ba9c70f846762e\LOG.Foundation.Implementation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=067167CC3F3E3CE4F232F61CE602B23B SIZE=61440

%WINDIR%\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=D182A306F685ED6AFFEFDA381A04E332 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=0EC007AB55F46ABE0BC4B711513BFCC3 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CCC.Implementation\2.0.3327.19719__90ba9c70f846762e\CCC.Implementation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=22F7AE3AD71B89FD1DD4417B918B2387 SIZE=28672

%WINDIR%\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=F0E4FBD937552EA0DAAFF63E0B451F86 SIZE=28672

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\ePowerTray.exe [Acer Incorporated] [Acer ePower Management] MD5=9029943CC4A2E9BD58036F070D8713E3 SIZE=707104

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\BrightnessControl.dll [Acer Incorporated] [Acer ePower Management] MD5=C9709F8B0601D7F3421DC14BC679FFE4 SIZE=30752

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\CommonControl.dll [Acer Incorporated] [Acer ePower Management] MD5=102BE5962F74157A0F8BBD43F46C10EA SIZE=30240

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe [Google Inc.] [Google Update] MD5=5D9C470085DDFEF1CAE10755E03CA7C3 SIZE=134808

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Update\1.2.183.29\goopdate.dll [Google Inc.] [Google Update] MD5=9B6C56F8FF459347D1270A91947E47BE SIZE=681624

%TEMP%\RtkBtMnt.exe [Realtek Semiconductor Corp.] [Realtek HD Audio Data Rerouter] MD5=B2994EC6452DBD04E57828EEFEDFB93C SIZE=204800

%PROGRAMFILES%\PACKARD BELL\Packard Bell PowerSave Solution\ePowerEvent.exe [Acer Incorporated] [Acer ePower Management] MD5=AA3CB22FB23CC6BFA1D30F7849C17C3A SIZE=453152

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [ATI Technologies Inc.] [Catalyst Control Centre] MD5=BA7D56C1F3DD385EE58ADDA14C6FFB54 SIZE=49152

%WINDIR%\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=2CCD3446C00CEDE19A27289F1D93925D SIZE=73728

%WINDIR%\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3327.19622__90ba9c70f846762e\CLI.Component.SkinFactory.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=E57309217EE9C88D267B733F72851418 SIZE=57344

%WINDIR%\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=764F28797B964093FB9A30944516C1CA SIZE=28672

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3327.19621__90ba9c70f846762e\CLI.Component.Runtime.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=5F18852FFEDBAB7E23EC8AD84B03E627 SIZE=69632

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=92E676BC72C5A365B6651AC5A127933F SIZE=45056

%WINDIR%\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=0B24B2151E01ECFEEBC5466012592D4B SIZE=40960

%WINDIR%\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=7D82E3681B2F3EDFE2DCD1A0F7DD48D5 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=4AE468D01D724D945948DD68223CA60C SIZE=16384

%WINDIR%\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MD5=CD632A9274E7E85B9F37F84C91595C27 SIZE=14848

%WINDIR%\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=3AF411B5C7295113DE0FFCFB87807F01 SIZE=32768

%WINDIR%\assembly\GAC_MSIL\AEM.Server\2.0.3327.19620__90ba9c70f846762e\AEM.Server.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=DE4523C89682861E6601CBBB973F481A SIZE=45056

%SYSDIR%\atiadlxx.dll [Advanced Micro Devices, Inc.] [ADL Component] MD5=E25C9308F02C578E02A0ACBE11E1539E SIZE=98304

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Implementation\32\wbocx.ocx [Stardock Corporation] [WindowBlinds : DirectSkin] MD5=22218A3C73A237EA228A83A372D72F06 SIZE=573473

%WINDIR%\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll [Assembly imported from type library WBOCXLib] MD5=1BF1820B86F4921D42D74C922044AC18 SIZE=13312

%WINDIR%\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=D55BD43F5B813CE489A1713188F75186 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3327.19736__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C8EEA5AB432FB6B6B0236D8E51B43EA9 SIZE=45056

%WINDIR%\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=F849FE2B21CE4BC3EBC14DD001325492 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=42A217997AE3490CA6FC4CA96A59D382 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C18DFDDB507D95851F88E5E54B5C20E4 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3327.19746__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=B0E3D905D2F9D9A7C840CA94CE9A50EF SIZE=11264

%WINDIR%\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll [ATI Technologies Inc.] [Catalyst® Control Centre] MD5=CCE69BC85D019F49691C592DDCC2FA97 SIZE=45056

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll [Stardock.Net, Inc] [WindowBlinds for Win32 x86 machines] MD5=D68018AEBB6226BCA5103DA8B66A57D6 SIZE=50688

%WINDIR%\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll [ATI Technologies Inc.] [Catalyst® Control Centre] MD5=110D2A7BBFBA80AAE36B5F229FE800AD SIZE=16384

%WINDIR%\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=B042E1E71BF9AB62421F41C48A666EFF SIZE=16384

%SYSDIR%\ATIDEMGX.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=B6C4D3E1BB22D3D7D383766AE50C2919 SIZE=425984

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3327.19623__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll [Advanced Mirco Devices, Inc.] [Catalyst® Control Centre] MD5=D43779E838DE0B55519173D6A6466B80 SIZE=278528

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll [Advanced Mirco Devices, Inc.] [Catalyst® Control Centre] MD5=B0868AA4E7CDDB106E8BFDCD5A6EDB85 SIZE=61440

%WINDIR%\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll [ATI Technologies Inc.] [Catalyst® Control Centre] MD5=93D5B9634C4744FB115785081ECF9738 SIZE=24576

%WINDIR%\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=79EE0A4C3AD1661405AFE56605ED9C1B SIZE=20480

%WINDIR%\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=ADF7C1E5AB063ACC9C619A75804A35BE SIZE=16384

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=A28DE8E4EB7641639F68C62A32264578 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=0A4A7BA81BC9553968FCC7F599046DF4 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\ATIDEMOS\2.0.3327.19621__90ba9c70f846762e\ATIDEMOS.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=9F5EEF18DD2BF2A6B1189C4C9BFE6DBE SIZE=73728

%WINDIR%\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=78FE3E5421AF1C9A8866ADA01A41515F SIZE=20480

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=7F9A009E33940087FDE0FA25D8AA5706 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3327.19631__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=313E89F685346EC097E72A0AE816547D SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=AEEB8B568C8DBCAEDD7C93432CACAF23 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3327.19681__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C65F8AE0163F172C89F29BE3CD1560E5 SIZE=69632

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=E98CE8B37B98D0D29CB9CCA21498A939 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=150AD7A059EC0ACFD78C0D13F2B949C2 SIZE=40960

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=EB297603F297BB09181FDEF3DC0D798A SIZE=28672

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3327.19667__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=C9DD092AAD754BA34B930506120DF346 SIZE=36864

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=0386FAD4FEE556BE7C263DD397D30E75 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=2E7FAB502A8615B1AAB0EAB35AFBCA3B SIZE=16384

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=8081EED0AE04EC0C81C9E080B7E5B08C SIZE=32768

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3327.19704__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=2A3BB82BF300FADC851AADB3556AF013 SIZE=77824

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C639908C471DA71EAAA775D4748D90B3 SIZE=65536

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3327.19646__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=08B91DF24C3E202963B8B1DE3BE5DF08 SIZE=40960

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=D08DC4025A370448CB728411D4A0E5BA SIZE=28672

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3327.19678__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=3AA40C6557FA81A57D402ECB0A5FE766 SIZE=36864

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C7FC0A60B19180C85F3E5E77E98A73A1 SIZE=24576

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3327.19668__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=1633655304D6250FABE2E98FE2E66E7B SIZE=40960

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=1CB6A703911C703224AA1968A19D448C SIZE=53248

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3327.19680__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=FC2F1E163310059BE03B57EB756E26ED SIZE=32768

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=6538A529578FAFCCDBEB921247726776 SIZE=28672

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3327.19667__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=48887DFC820BE5961F1B513207C0AD91 SIZE=61440

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=5BFE32CD5CF33114580E859283875ECA SIZE=49152

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=DAB3B370E0C2815FDF5B29204B8FB984 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3327.19687__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=2AA895E0F632B226A62827AA8074A103 SIZE=57344

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=B1E7D0F7ECA5D49B50D09F9C6F1A6F62 SIZE=49152

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3327.19668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=8F66542E6962A5147971533005AA21D0 SIZE=81920

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=DE02A5671E0949F21568A9F04C2D7B34 SIZE=53248

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3327.19725__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=0A62F496DEC4A502B4A88EBFBB4AEF94 SIZE=45056

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=7D1ED81D7AAE6077E4DB19AA105258D5 SIZE=28672

%WINDIR%\assembly\GAC_MSIL\APM.Server\2.0.3327.19619__90ba9c70f846762e\APM.Server.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=6F1CEE12D3E4F56D6C7E98253E22569A SIZE=61440

%WINDIR%\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=F5DD55E42B6841A3E8CAA4476814133A SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3327.19620__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=AE2D07BC3354D4D382977D25FDF303F6 SIZE=7168

%WINDIR%\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=5EEE6DE33A8F54DBEA2C77CAC6148D88 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3327.19714__90ba9c70f846762e\CLI.Component.Systemtray.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=A251E35BDB280775E350B33FA16F343B SIZE=532480

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=F41381640B75E10A35C2995F9E22BEA9 SIZE=40960

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3327.19636__90ba9c70f846762e\CLI.Component.Wizard.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=462F807C2C6E284A723E933C712A25F7 SIZE=393216

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=1647DC572E8F64946552A2A2559921EB SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=CD9FACC7BD3A51A880CEE72BD55F4DF7 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=9475EC21442B5F3A5BE7822AFB0FE6D2 SIZE=24576

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3327.19637__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=CDDD45B302286CE285FFB266E4CAA179 SIZE=40960

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=F9233A7993912EAF8B39FF208E27E78B SIZE=16384

%PROGRAMFILES%\ATI Technologies\ATI.ACE\Branding\Branding.dll MD5=0A7977FF7535F237C8C745AE09887C35 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3327.19726__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=9938282757A7E7A691869789F7B584BD SIZE=466944

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3327.19688__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=B5BBAB6B47054B65CCE9A1C0B5AF20C6 SIZE=94208

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3327.19640__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=DD695214EEE7A9F6D08A61BE04DE0530 SIZE=1691648

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3327.19642__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C249F86EC986123BBFA44D1DBEDFB4B6 SIZE=204800

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=D52163B4224F2EA31F70823A43D8CD16 SIZE=40960

%WINDIR%\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll [Assembly imported from type library 'ATIXCodeLib'.] MD5=25BC74301FF2B8C81005C9251FEDD9AF SIZE=6656

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3327.19698__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=F40F7F3BF2F93C727BDABD46461EE3A7 SIZE=405504

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3327.19647__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=C91BAC8D509B385D01EAA4DFCE1F7193 SIZE=307200

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3327.19627__90ba9c70f846762e\CLI.Component.Dashboard.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=8783F01869A7F8A3DF5C60F6730B9993 SIZE=1073152

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=7C5326AC7612104A7D9C807A8748E982 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=53469179A55EBD7F39F6D8A571FF3C00 SIZE=20480

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3327.19630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=F36D84284ABB3B95669EFEB25F1EDF8D SIZE=73728

%WINDIR%\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=8FB28A77C977B4E8E732BCB28E35AD80 SIZE=16384

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3327.19727__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll [Advanced Mirco Devices, Inc.] [Catalyst® Control Centre] MD5=8BE5DA88C55BC7F14FC15351F51563E8 SIZE=135168

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3327.19642__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=974461C6423FD6720AB0F71FB5D6F779 SIZE=225280

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3327.19632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=8D2F02B9CB5CC9506ACB8EF2C5575ED0 SIZE=716800

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3327.19678__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=6ECD5C6DA4E2491456A81396FCC4A9A0 SIZE=122880

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3327.19668__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=89DCC2B14D00E2607288BBAC65BA0E19 SIZE=438272

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3327.19680__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=7B1233A8747D9D56DD86CDC3AE13436A SIZE=401408

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3327.19663__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [Advanced Micro Devices, Inc.] [Catalyst® Control Centre] MD5=7AEDE14530DD7EAC664C00FD7B6EC94C SIZE=450560

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3327.19688__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=06867DFBA81298A56A406F4E792D13D4 SIZE=344064

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3327.19643__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=0ADF401D33FBF6459D3A129021D7807F SIZE=589824

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3327.19669__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=A55E1E119CCA92BBA24C36AFF709220B SIZE=811008

%WINDIR%\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3327.19726__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll [Advanced Micro Devices Inc.] [Catalyst® Control Centre] MD5=96D94B1649D5C16A91BB63AD01DE3181 SIZE=147456

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\chrome.exe [Google Inc.] [Google Chrome] MD5=863B1E84288EB035A063F0611D44CAC5 SIZE=945720

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\chrome.dll [Google Inc.] [Google Chrome] MD5=627F2B76141B497B7DCAEBB8DB731888 SIZE=17936440

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\icudt42.dll [IBM Corporation and others] [International Components for Unicode] MD5=43A08BECB7E81BA5C5B21DD5222259B1 SIZE=10911800

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\gears.dll [Google Inc.] [Google Gears 0.5.33.0] MD5=28DA5B1D6A25904ED57E90D29AD75A83 SIZE=3184184

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\avcodec-52.dll MD5=568699AF3651A55CDE0CBA631D162154 SIZE=1186360

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\avutil-50.dll MD5=12CEEB8408859F3B8FBD93C52AE29933 SIZE=71224

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\avformat-52.dll MD5=94D30174FAA833E9B9A908CAF3B31B6D SIZE=151608

%SystemDiskRoot%\Users\Philippe\AppData\Local\Google\Chrome\Application\5.0.375.99\gcswf32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=9F43525F26698ECB24DB95764A5914A4 SIZE=5607888

%PROGRAMFILES%\Windows Media Player\wmplayer.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=CB5101D2EEB3475CEDA625A3AB103F88 SIZE=168960

%PROGRAMFILES%\Packard Bell\Packard Bell PowerSave Solution\WMPPlugin.dll [Acer Incorporated] [Acer ePower Management] MD5=A514DA9A6838E9F873A80203EBC8B6D1 SIZE=68128

%PROGRAMFILES%\Defraggler\df.exe [Piriform Ltd] [Defraggler] MD5=C83D7E062D7950B6410C2D439E6937E2 SIZE=759096

%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=9EF3596AC4C98552C07A61D1BC3709B7 SIZE=1172280

%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=7D40F1FE60D2837F5AFCEB90FC2DEFA5 SIZE=738816

%SYSDIR%\dfshim.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=FA4B5940B31853ADE67A73026884C8C9 SIZE=1130824

%WINDIR%\MSAgent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=F0B6186AEB591642784D6FFDC2D625BC SIZE=30720

%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=7D80F287AEEDD39C03E118E0EBD3311E SIZE=342528

%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=EDEB29C82E4B4671F99D68C9E0ECBD29 SIZE=2323968

%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=2AC2716E2083A949437CEDB2B6A2E89A SIZE=99328

%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4E6B23DFC917EA39306B529B773950F4 SIZE=564224

%SYSDIR%\RUNDLL32.EXE [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544

%SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=67C30FAFA58BD7E02A9DA8BE28512934 SIZE=244224

%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=DE42924E95D459EDE6F82136951B4590 SIZE=1030144

%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A74701976D6D75099B9FCA993685C452 SIZE=66048

%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=021E1FA87DAB47ACE09F900B00074774 SIZE=789824

%PROGRAMFILES%\Tracker Software\Shell Extensions\XCShInfo.dll [Tracker Software Products Ltd.] [Tracker Software PDF-XChange Shell Extention] MD5=782ABB5049FE74EA486CBFDFA9FBC36C SIZE=4709144

%SYSDIR%\EhStorShell.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=14E4470BF8ACA69A85D741BA99F75F96 SIZE=114176

%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=08BABBC59A813C24A4815ECD8DF881DF SIZE=230256

%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=E6DF03D0274F72F42DCABB87821F869C SIZE=42856

%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Galerie de photos Windows Live®] MD5=D5E5C9DC365B8FFA3AFA7C2F19148AF2 SIZE=138088

%SYSDIR%\ezUPBHook.dll [EasyBits Software Corp.] [EasyBits Magic Desktop] MD5=58D3FD2D16D6591CCB3448B4D899F247 SIZE=49152

%SYSDIR%\svchost.exe -k netsvcs

%SYSDIR%\DRIVERS\ahcix86s.sys [Advanced Micro Devices, Inc] [AMD AHCI Compatible Controller] MD5=03081E98C515CB838434D252F407F6E8 SIZE=183312

%SYSDIR%\Drivers\AnyDVD.sys [SlySoft, Inc.] [AnyDVD] MD5=82CE157FF3701AB50769B2654D0B0215 SIZE=106432

%SYSDIR%\DRIVERS\aswMonFlt.sys [ALWIL Software] [avast! Antivirus System] MD5=E2851CB7DBB831888EAEA46C55C05E44 SIZE=53328

%SYSDIR%\DRIVERS\athr.sys [Atheros Communications, Inc.] [Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter] MD5=D59E7A5DAA08C91172E95B4F1CA6D8C3 SIZE=1870848

%SYSDIR%\DRIVERS\atikmdag.sys [ATI Technologies Inc.] [ATI Radeon Family] MD5=E8044E9976D43B1D00EADE351E447349 SIZE=4172800

%SYSDIR%\DRIVERS\AtiPcie.sys [ATI Technologies Inc.] [ATI PCIE Driver] MD5=5A1465AD2E7C1BC39CDA12A355329096 SIZE=14352

%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted

%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted

%SYSDIR%\svchost.exe -k LocalServiceNoNetwork

%SYSDIR%\DRIVERS\bowser.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=74B442B2BE1260B7588C136177CEAC66 SIZE=69632

%SYSDIR%\svchost.exe -k NetworkService

%SYSDIR%\svchost.exe -k DcomLaunch

%SYSDIR%\Drivers\dfsc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=218D8AE46C88E82014F5D73D0236D9B2 SIZE=75264

%SYSDIR%\DRIVERS\DKbFltr.sys [Dritek System Inc.] [Dritek Keyboard Filter Driver] MD5=73BAF270D24FE726B9CD7F80BB17A23D SIZE=21264

%PROGRAMFILES%\Launch Manager\DPortIO.sys [Dritek System Inc.] [DPortIO] MD5=5C918D413F5837E67A85775C9873775E SIZE=20112

%SYSDIR%\svchost.exe -k LocalService

%SYSDIR%\svchost.exe -k GPSvcGroup

%SYSDIR%\drivers\RTKVHDA.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver] MD5=DE7D0A44DE9EAF68165748A8D6AF1C86 SIZE=2327968

%SYSDIR%\DRIVERS\msiscsi.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=232FA340531D940AAC623B121A595034 SIZE=180712

%SYSDIR%\DRIVERS\k57nd60x.sys [Broadcom Corporation] [Broadcom NetLink (TM) Gigabit Ethernet Driver] MD5=EAC21E8014C7E6EE341AFFFB7E2BBD54 SIZE=223232

%SYSDIR%\DRIVERS\mdmxsdk.sys [Conexant] [Diagnostic Interface x86 Driver] MD5=0CEA2D0D3FA284B85ED5B68365114F76 SIZE=12672

%SYSDIR%\DRIVERS\mrxsmb10.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=2A4901AFF069944FA945ED5BBF4DCDE3 SIZE=212992

%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E384487CB84BE41D09711C30CA79646C SIZE=31288

%SYSDIR%\Drivers\NTIDrvr.sys [NewTech Infosystems, Inc.] MD5=2757D2BA59AEE155209E24942AB127C9 SIZE=14848

%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted

%SYSDIR%\drivers\rdpencdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9D91FE5286F748862ECFFA05F8A0710C SIZE=6144

%SYSDIR%\svchost.exe -k rpcss

%SYSDIR%\drivers\RtHDMIV.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver] MD5=A95B16FF762FF217847B97E6F05778EE SIZE=155808

%SYSDIR%\Drivers\sptd.sys SIZE=721904

%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592

%SYSDIR%\svchost.exe -k imgsvc

%SYSDIR%\DRIVERS\SynTP.sys [Synaptics Incorporated] [Synaptics Pointing Device Driver] MD5=5C3E900F41426A372DE60675AFC8AA07 SIZE=205232

%SYSDIR%\DRIVERS\usbfilter.sys [Advanced Micro Devices Inc.] [AMD USB Filter Driver] MD5=17713FB33468971762D5910AF84BA155 SIZE=23096

%SYSDIR%\svchost.exe -k WerSvcGroup

%SYSDIR%\svchost.exe -k secsvcs

%SYSDIR%\SearchIndexer.exe \Embedding

%SYSDIR%\DRIVERS\XAudio32.sys [Conexant Systems, Inc.] [SoftK56 Modem Driver] MD5=22A08B9FAECD6A306868F59B7F03F188 SIZE=8704

%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=128DD9AF8640DBCC711940903C8B554F SIZE=297808

%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=61B0C981F7C10B8861809ADC1B31E8E5 SIZE=61264

%COMMONFILES%\Microsoft Shared\Information Retrieval\msitss.dll [Microsoft Corporation] [Microsoft(R) Infotech Information Storage System Library] MD5=BBFF7F0AC61F8A29241BC00B3785CCB0 SIZE=230760

End of Report

Anonyme
 Posté le 16/07/2010 à 17:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

re-

rien de probant dans tes rapports.....sauf google chrome qui est demultiplié



1) Il aurais été judicieux d'installer et de passer Malwarebytes



2) Tout ces logiciels sont potentiellement infectieux

  • UseNeXT PeerToPeer
  • µTorrent PeerToPeer
  • FrostWire Gnutella



3) Peux-tu tester ceci s'il te plait (en rouge) => C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll

  • Clique sur ce lien.http://www.virustotal.com/fr/
  • Clique sur parcourir et indique le chemin du fichier cités.
  • Clique sur send.
  • Au bout de quelques minutes, un rapport est généré.
  • Poste-le dans ta prochaine réponse.




Bonne réception



Modifié par Anonyme le 16/07/2010 17:33
phipiemar1966
 Posté le 16/07/2010 à 17:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Pas de problème, je le fais. Je vais aussi installer MBAM.

phipiemar1966
 Posté le 16/07/2010 à 17:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

analyse du fichier demandé --> résultat OK

Le fichier a déjà été analysé:

MD5: 83237cc8a18915f15f35d7ffc8b126c2
First received: 2010.06.20 14:38:27 UTC
Date 2010.06.20 14:38:27 UTC [>26D]
Résultats 0/41
Permalink: analisis/ce9a503385a610eeeb906c6e7be945904f5bb3cf67888dec31a44e9ae5e491f2-1277044707

Publicité
Anonyme
 Posté le 16/07/2010 à 17:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

La derniere analyse VT sur cette .dll date du 2010.06.20

refait l'analyse s'il te plait.....



Modifié par Anonyme le 16/07/2010 17:56
phipiemar1966
 Posté le 16/07/2010 à 17:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Se pourrait-il que ce soit une des extensions de google chrome qui crèe ce problème?

Le rapport MBAM arrivera d'içi quelques minutes.

Anonyme
 Posté le 16/07/2010 à 17:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
phipiemar1966 a écrit :

Se pourrait-il que ce soit une des extensions de google chrome qui crèe ce problème?

Le rapport MBAM arrivera d'içi quelques minutes.

regarde mon message au dessus pour VirusTotal ....

et oui le problême peut et doit venir de Chrome !



Modifié par Anonyme le 16/07/2010 17:58
phipiemar1966
 Posté le 16/07/2010 à 18:08 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

j'ai refait l'analyse, voici le résultat.

Fichier PXCIEAddin4.dll reçu le 2010.07.16 16:00:38 (UTC)
Situation actuelle: terminé

Résultat: 0/42 (0%)

phipiemar1966
 Posté le 16/07/2010 à 18:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

nos messages se sont croisés

{#}

Anonyme
 Posté le 16/07/2010 à 18:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
phipiemar1966 a écrit :

j'ai refait l'analyse, voici le résultat.

Fichier PXCIEAddin4.dll reçu le 2010.07.16 16:00:38 (UTC)
Situation actuelle: terminé

Résultat: 0/42 (0%)

Nickel...

malwarebytes s'il te plait.

phipiemar1966
 Posté le 16/07/2010 à 18:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

pas encore terminé.

Un peu de patience siouplait chef..........

prenez une {#} en attendant

phipiemar1966
 Posté le 16/07/2010 à 19:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Enfin, le voici. Et tu avais raison. MBAM a trouvé de vilaines bêbêtes.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Version de la base de données: 4320

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

17/07/2010 19:54:32

mbam-log-2010-07-17 (19-54-32).txt

Type d'examen: Examen complet (C:\|)

Elément(s) analysé(s): 277926

Temps écoulé: 1 heure(s), 56 minute(s), 30 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 3

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

Publicité
Anonyme
 Posté le 16/07/2010 à 20:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Ok.

*
on videra la quarantaine de Malwarebytes a la fin.

*

1) Suis le tutoriel ci dessous pour faire une analyse en ligne (poste le rapport obtenu)




2) En partant des programmes de P2P (à risques) présents sur ton pc


  • UseNeXT PeerToPeer
  • µTorrent PeerToPeer
  • FrostWire Gnutella


On est bien d'accord que le programme PDF-XChange 4 Pro présent sur ton pc est légal ???? (téléchargement et paiement chez l'editeur)


Citation
Description : PDF-XChange PRO
Editeur : Tracker Software Products Ltd
Prix : 70,56 € TTC - Licence 1 Utilisateur





3) Ton disque dur comporte une erreur (visible dans RSIT)


Citation

Event Code: 51

Message: Une erreur a été détectée sur le périphérique \Device\Harddisk1\DR1 lors d'une opération de pagination.




bonne réception et a te lire



Modifié par Anonyme le 16/07/2010 20:05
phipiemar1966
 Posté le 16/07/2010 à 20:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

A vos ordre Chef,

1) scan lancé

2) le programme est à 100% légal. Oui, j'aime télécharger de la musique et des films mais pas des programmes crackés. Il y a suffisament de logiciels gratuits ou libres que pour ne pas avoir besoin de faire cette bétise.

3) dès la fin du scan, je m'en occuperai.

Donc à tantôt ou à demain. Et merci encore

Anonyme
 Posté le 16/07/2010 à 20:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien
phipiemar1966 a écrit :

A vos ordre Chef,

1) scan lancé

2) le programme est à 100% légal. Oui, j'aime télécharger de la musique et des films mais pas des programmes crackés. Il y a suffisament de logiciels gratuits ou libres que pour ne pas avoir besoin de faire cette bétise.

3) dès la fin du scan, je m'en occuperai.

Donc à tantôt ou à demain. Et merci encore

re.

OK

a bientot.

Edit.

tout tes rapports de ce jours sont daté du 17/07/2010

donc ton systeme n'est pas a la bonne date...nous sommes le 16/07



Modifié par Anonyme le 16/07/2010 21:35
phipiemar1966
 Posté le 17/07/2010 à 08:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bien le bonjour,

Voici le résultat ESET

C:\Users\Philippe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6aa57d86 a variant of Java/TrojanDownloader.Agent.NAC trojan

C:\Users\Philippe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\299b3ab2-7a688e58 a variant of Java/TrojanDownloader.Agent.NAN trojan

C:\Users\Philippe\Documents\Downloads\crack\FD0-konboot-v1.1-2in1.zip probably unknown TSR.BOOT virus

Mais je suis franchement surpris car je vérifie très régulièrement mon PC avec bitdefender online et hitman pro.
Pour la vérification du disque, je l'a fait maintenant ou bien on désinfecte en premier?
Merci

Anonyme
 Posté le 17/07/2010 à 11:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonjour,

en premier lieu je te cite...

Oui, j'aime télécharger de la musique et des films mais pas des programmes crackés.

Il y a suffisament de logiciels gratuits ou libres que pour ne pas avoir besoin de faire cette bétise.

*

Ensuite les détections ESET...

C:\Users\Philippe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-6aa57d86 a variant of Java/TrojanDownloader.Agent.NAC trojan

C:\Users\Philippe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\299b3ab2-7a688e58 a variant of Java/TrojanDownloader.Agent.NAN trojan

C:\Users\Philippe\Documents\Downloads\crack\FD0-konboot-v1.1-2in1.zip probably unknown TSR.BOOT virus

*

Je déteste que l'on se paye ma tête*** .

*

Donc tu supprimes ce qui est rouge ,vide ton cache java ainsi que ta poubelle.

*

Pour le reste (reparation disque et mise a la date exacte de ton systeme) mon aide s'arrête là***

.....une démarche de désinsfection et a l'encontre de mes convictions concernant les cracks

Bonne continuation



Modifié par Anonyme le 17/07/2010 11:35
phipiemar1966
 Posté le 18/07/2010 à 12:19 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour,

Premièrement, je ne me suis pas moquer de toi.

Le programme crack dont on parle n'a jamais été installé, ni utilisé!!!!!!!!!!!! C'est un programme linux fournit par un copain pour me montrer le système que certains font pour contourner la clé WEP d'un réseau. Je n'y pensais même plus.

JE vais essayer de terminer le boulôt commencé.

Je respecte tes convictions. MAIS à 44 ans, j'ai passé le cap de m'amuser à raconter des couilles.

Bon week-end quand même

Publicité
Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
999,99 €Portable 15,6' Lenovo Legion 5 (Ryzen 5, 8Go, SSD 512Go, RTX3060) à 999,99 €
Valable jusqu'au 20 Juin

Cdiscount fait une promotion sur le PC portable Lenovo Legion 5 (15ACH6H) dédié aux joueurs qui passe à 999,99 € avec le code promo LENOVOLIVE au lieu de 1300 €. Ce PC portable très bien équipé possède un écran 15,6 pouces LED Full HD, un processeur AMD Ryzen 5 5600H, 8 Go de RAM, un SSD de 512 Go et une carte graphique GeForce RTX 3060 6 Go dédiée qui avalera tous vos jeux sans broncher. Il est fourni sans OS, mais vous pouvez facilement installer Windows 10.


> Voir l'offre
25,89 €Lot de 4 prises connectées Refoss (16A, Alexa, Google, IFT) à 25,89 € via coupon
Valable jusqu'au 19 Juin

Amazon fait une promotion sur le lot de 4 prises électriques connectées Refoss qui passe à 25,89 € grâce à un coupon de réduction à activer sur la page du produit. On le trouve habituellement à 49,99 €. Ces prises 16A peuvent être contrôlées à distance avec l'application dédiée mais également avec Alexa, Google Home et IFTTT. Vous pouvez programmer l'arrêt ou l'allumage des appareils branchés dessus suivant un planning et mesurer leur consommation électrique. 


> Voir l'offre
29,99 €Caméra de surveillance TP-Link Tapo C200 à 29,99 €
Valable jusqu'au 20 Juin

Amazon fait une promotion sur la caméra de surveillance TP-Link Tapo C200 qui passe à 29,99 € livré gratuitement au lieu d'une quarantaine d'euros ailleurs. Cette caméra se connecte à votre réseau en WiFi et peut ensuite être contrôlée à distance. Elle offre une définition FullHD 1080p, la vision nocturne, la détection de mouvements (recevez une notification si quelque chose est détecté), une alarme sonore et visuelle. Le stockage se fait en local sur une carte MicroSD.


> Voir l'offre

Sujets relatifs
Mon pc rame et windows plante
Mon pc rame à mort
PC qui rame
choix antivirus sur mon mini pc qui rame
Ordinateur qui rame et son qui grésille ponctuellement
Ca recommence, mon ordi rame.
Ordi qui rame sans virus apparent
portable HP qui rame
pc rame
mon pc rame
Plus de sujets relatifs à PC qui rame par saccade
 > Tous les forums > Forum Sécurité