gagen

J'ai fait le scan antivir en mode sans echec : Il n'a rien trouvé! Super! J'avais supprimé tous les mails du dossier 784, car c'était tous des faux. Rapport antivir : Avira AntiVir Personal Date de création du fichier de rapport : dimanche 14 décembre 2008 11:01 La recherche porte sur 1085187 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows Vista Version de Windows :(plain) [6.0.6000] Mode Boot : Mode sans échec Identifiant : Faustine Nom de l'ordinateur :PC-DE-FAUSTINE Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 09/12/2008 17:26:53 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:33:21 ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 17:33:35 ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 07/12/2008 17:33:36 ANTIVIR3.VDF : 7.1.0.229 137728 Bytes 12/12/2008 19:27:15 Version du moteur: 8.2.0.45 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.19 336252 Bytes 11/12/2008 19:29:06 AESCN.DLL : 8.1.1.5 123251 Bytes 08/12/2008 17:34:30 AERDL.DLL : 8.1.1.3 438645 Bytes 08/12/2008 17:34:29 AEPACK.DLL : 8.1.3.4 393591 Bytes 08/12/2008 17:34:13 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 19:29:04 AEHEUR.DLL : 8.1.0.75 1524087 Bytes 11/12/2008 19:29:01 AEHELP.DLL : 8.1.2.0 119159 Bytes 08/12/2008 17:33:55 AEGEN.DLL : 8.1.1.8 323956 Bytes 11/12/2008 19:28:52 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.5.2 172405 Bytes 08/12/2008 17:33:41 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 08/12/2008 17:33:39 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, G:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : dimanche 14 décembre 2008 11:01 La recherche d'objets cachés commence. Impossible d'initialiser le pilote. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '19' processus ont été contrôlés avec '19' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'G:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '41' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <SW_Preload> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'G:\' <HD FAUSTINE> Fin de la recherche : dimanche 14 décembre 2008 11:51 Temps nécessaire: 50:25 Minute(s) La recherche a été effectuée intégralement 19114 Les répertoires ont été contrôlés 418819 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 418818 Fichiers non infectés 11430 Les archives ont été contrôlées 1 Avertissements 0 Consignes

Mais est ce que je peux supprimer le dossier "courrier in 784" ?? Est ce que je peux supprimer au lieu de mettre en quarantaine ?? Merci

Salut. J'en ai encore eu 2. Mais j'ai remarqué que ce que tu m'as fait selectionner, c'est des faux de paypal! En tout cas, ds le dossier Courrier in 784, c'est tous des faux. Est ce que je peux tout simplement supprimer le dossier entier ? Autre chose, hier aprèm, alors que je voulais regarder une video sur dailymotion, antivir a trouvé un virus ds cette vidéo .. , je te copie colle ce qu'il me dit : Dans le fichier 'C:\Users\Faustine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZSKQVFV9\x6xpgm_entretien-antoine-de-maximy-jirai-d_shortfilms[1].htm' un virus ou un programme indésirable 'HEUR/HTML.Malware' [heuristic] a été détecté. Action exécutée : Déplacer le fichier en quarantaine Je dois le supprimer ds le dossier Temp ? Merci et bon dimanche

voila j'ai déplacé, coupé collé sur le bureau, mais tu as oublié de me dire ce que je dois faire après. Je glisse sur combofix chaque fichier pr qu'il soit analysé ? Thanks

Ok j'ai trouvé, il y a un sous dossier qui s'apelle Courrier in 784 et un autre bizarre, il y a rien dedans mais il s'apelle : ".!!OIM" Que dois je faire ? Supprimer les dossiers ?

Et voila, ca vient de le refaire ! Alors je viens de recevoir un faux mail de qqun, et direct après un mail de ma part a été envoyé à tous mes contacts (pas le mm que j'ai reçu), encore un truc de happy christmas et de la pub. Alors j'ai bloqué l'adresse de l'expéditeur, mais bon, je sais pas si ca suffit. Il faudrait que je supprime ces trojan !!! Comment ? Merci beaucoup

Oui j'ai bien vu que ça venait des mails. Mais je ne sais pas lesquels . Et ca expliquerait pourquoi ca envoie des mails tout seul. Je supprime direct les faux, dc je me souviens plus.

Salut ! Je ne suis pas une pro de l'info, mais je peux qd même te dire comment fonctionne la capture d'écran. En haut à droite de ton clavier, tu as une touche "ImpEcran" , ca va faire une photo de ta page, dc essaye de pas mettre ta souris en plein milieu. Ensuite tu vas dans un programme de photo (paint ou mieux si tu as) et tu clique sur edition, coller (ou CTRL+V). Et là hop t'as cature est là. Tu selectionnes ce que tu veux et tu enregistres . (C'est bien pr prendre des photos protégées) voila la petite astuce, mtnant je pense qu'il y a autre chose, mais comme ca, tu sauras déjà faire la capture d'écran ! Biz!

Bonjour Le scan a duré 3H ! Et j'ai des trojans ! Je te copie colle : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, December 13, 2008 Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit (build 6000) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, December 12, 2008 20:00:34 Records in database: 1455800 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ E:\ G:\ Scan statistics: Files scanned: 141891 Threat name: 1 Infected objects: 0 Suspicious objects: 5 Duration of the scan: 02:59:45 File name / Threat name / Threats count C:\Users\Faustine\AppData\Local\Microsoft\Windows Live Mail\Hotmail (Fa 885\Courrier in 784\18BE6784-0000024B.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Users\Faustine\AppData\Local\Microsoft\Windows Live Mail\Hotmail (Fa 885\Courrier in 784\1A316362-00000252.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Users\Faustine\AppData\Local\Microsoft\Windows Live Mail\Hotmail (Fa 885\Courrier in 784\1F3B58A5-0000024F.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Users\Faustine\AppData\Local\Microsoft\Windows Live Mail\Hotmail (Fa 885\Courrier in 784\546F025E-0000024C.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Users\Faustine\AppData\Local\Microsoft\Windows Live Mail\Hotmail (Fa 885\Courrier in 784\6CB26DEF-00000257.eml Suspicious: Trojan-Spy.HTML.Fraud.gen 1 The selected area was scanned.

Bonjour ! Oui malheuresement j'ai encore des problèmes !! Avant hier soir, j'ai eu 2 annonces de virus ! Dans des mails, mais je ne sais pas lesquels . Ca m'a dit : Contient le code suspect : HEUR/HTML.Malware j'ai mis en quarantaine. Et Hier qd je reviens d'un entretien, qu'est ce que je vois? Mon email a encore envoyer des faux mails à tous mes contacts !! C'est dc en rapport ac le virus tjrs là . Je te renvois un RSIT : Logfile of random's system information tool 1.04 (written by random/random) Run by Faustine at 2008-12-12 10:54:56 Microsoft® Windows Vista™ Édition Familiale Basique System drive C: has 20 GB (18%) free of 109 GB Total RAM: 2038 MB (48% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:21, on 12/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16764) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\program files\avira\antivir personaledition classic\avcenter.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Faustine\Desktop\RSIT.exe C:\Users\Faustine\Desktop\Faustine.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: Incrustation (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- End of file - 10335 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-18 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-21 796224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-03-23 4423680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2007-11-18 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2007-03-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk] C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd [2007-03-15 972] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-01-02 200704] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2008-12-11 20:36:36 ----A---- C:\Windows\system32\tzres.dll 2008-12-11 20:30:32 ----D---- C:\Windows\SQL9_KB954606_ENU 2008-12-10 20:23:02 ----A---- C:\ComboFix.txt 2008-12-10 20:08:31 ----D---- C:\Windows\temp 2008-12-10 11:55:03 ----A---- C:\Windows\zip.exe 2008-12-10 11:55:03 ----A---- C:\Windows\VFIND.exe 2008-12-10 11:55:03 ----A---- C:\Windows\SWXCACLS.exe 2008-12-10 11:55:03 ----A---- C:\Windows\SWSC.exe 2008-12-10 11:55:03 ----A---- C:\Windows\SWREG.exe 2008-12-10 11:55:03 ----A---- C:\Windows\sed.exe 2008-12-10 11:55:03 ----A---- C:\Windows\NIRCMD.exe 2008-12-10 11:55:03 ----A---- C:\Windows\grep.exe 2008-12-10 11:55:03 ----A---- C:\Windows\fdsv.exe 2008-12-10 11:54:51 ----D---- C:\Windows\ERDNT 2008-12-10 11:54:51 ----D---- C:\Qoobox 2008-12-10 11:06:31 ----A---- C:\Windows\system32\gdi32.dll 2008-12-10 11:06:24 ----A---- C:\Windows\system32\gameux.dll 2008-12-10 11:06:22 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-12-10 11:06:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-12-10 11:05:24 ----A---- C:\Windows\system32\shell32.dll 2008-12-10 11:05:09 ----A---- C:\Windows\explorer.exe 2008-12-10 11:05:03 ----A---- C:\Windows\system32\mshtml.dll 2008-12-10 11:05:01 ----A---- C:\Windows\system32\urlmon.dll 2008-12-10 11:05:01 ----A---- C:\Windows\system32\ieframe.dll 2008-12-10 11:04:59 ----A---- C:\Windows\system32\wininet.dll 2008-12-10 11:04:59 ----A---- C:\Windows\system32\mstime.dll 2008-12-10 11:04:59 ----A---- C:\Windows\system32\mshtmled.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\ieui.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\iesetup.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\iertutil.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\iernonce.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\ieapfltr.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\ie4uinit.exe 2008-12-10 11:04:58 ----A---- C:\Windows\system32\icardie.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\dxtrans.dll 2008-12-10 11:04:58 ----A---- C:\Windows\system32\advpack.dll 2008-12-10 11:04:57 ----A---- C:\Windows\system32\pngfilt.dll 2008-12-10 11:04:57 ----A---- C:\Windows\system32\jsproxy.dll 2008-12-10 11:04:57 ----A---- C:\Windows\system32\ieUnatt.exe 2008-12-10 11:04:57 ----A---- C:\Windows\system32\dxtmsft.dll 2008-12-10 11:04:48 ----A---- C:\Windows\system32\WMVCORE.DLL 2008-12-10 11:04:48 ----A---- C:\Windows\system32\mf.dll 2008-12-10 11:04:47 ----A---- C:\Windows\system32\WMNetMgr.dll 2008-12-10 11:04:47 ----A---- C:\Windows\system32\logagent.exe 2008-12-10 11:04:46 ----A---- C:\Windows\system32\rrinstaller.exe 2008-12-10 11:04:46 ----A---- C:\Windows\system32\mfps.dll 2008-12-10 11:04:46 ----A---- C:\Windows\system32\mfpmp.exe 2008-12-10 11:04:46 ----A---- C:\Windows\system32\mferror.dll 2008-12-08 22:34:40 ----D---- C:\Users\Faustine\AppData\Roaming\Malwarebytes 2008-12-08 22:34:30 ----D---- C:\ProgramData\Malwarebytes 2008-12-08 22:34:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-08 18:44:08 ----A---- C:\Windows\ntbtlog.txt 2008-12-08 18:24:40 ----D---- C:\ProgramData\Avira 2008-12-08 18:24:40 ----D---- C:\Program Files\Avira 2008-12-08 10:51:14 ----D---- C:\Program Files\trend micro 2008-12-08 10:51:12 ----D---- C:\rsit 2008-12-04 17:14:18 ----D---- C:\Program Files\32 Vegas Casino 2008-11-26 16:31:31 ----A---- C:\Windows\system32\GEARAspi.dll 2008-11-26 16:31:03 ----D---- C:\Program Files\iPod 2008-11-26 16:30:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30:55 ----D---- C:\Program Files\iTunes 2008-11-26 16:28:18 ----D---- C:\Program Files\Bonjour 2008-11-26 16:22:29 ----D---- C:\Program Files\Apple Software Update 2008-11-26 14:01:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2008-11-26 14:01:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2008-11-26 14:01:36 ----A---- C:\Windows\system32\WindowsCodecs.dll 2008-11-26 14:01:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2008-11-26 14:00:07 ----A---- C:\Windows\system32\connect.dll 2008-11-19 09:33:54 ----A---- C:\Windows\system32\wups2.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wucltux.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuaueng.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuauclt.exe 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wups.dll 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wudriver.dll 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wuapi.dll 2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuwebv.dll 2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuapp.exe 2008-11-15 20:03:53 ----A---- C:\log_lobby_dumper.txt 2008-11-15 20:03:53 ----A---- C:\log_lobby.txt 2008-11-15 20:02:29 ----D---- C:\Program Files\Everest Poker 2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files\PCSuite 2008-11-15 10:07:15 ----D---- C:\Program Files\Common Files\Nokia 2008-11-15 10:01:19 ----DC---- C:\Windows\system32\DRVSTORE 2008-11-15 10:00:56 ----D---- C:\Program Files\PC Connectivity Solution ======List of files/folders modified in the last 1 months====== 2008-12-12 10:55:12 ----D---- C:\Windows\Prefetch 2008-12-12 10:45:58 ----SHD---- C:\Windows\Installer 2008-12-12 10:44:56 ----D---- C:\Program Files\Microsoft SQL Server 2008-12-12 10:40:55 ----SHD---- C:\System Volume Information 2008-12-12 10:36:55 ----A---- C:\Windows\system32\PROCDB.INI 2008-12-12 10:36:22 ----D---- C:\Windows\System32 2008-12-12 10:36:22 ----A---- C:\Windows\system32\IPSCtrl.INI 2008-12-11 21:06:50 ----D---- C:\SWSHARE 2008-12-11 21:04:43 ----D---- C:\Windows\rescache 2008-12-11 20:49:34 ----D---- C:\Windows\winsxs 2008-12-11 20:49:24 ----D---- C:\Windows\system32\catroot 2008-12-11 20:49:10 ----ASH---- C:\Program Files\desktop.ini 2008-12-11 20:46:00 ----D---- C:\Windows\AppPatch 2008-12-11 20:46:00 ----D---- C:\Program Files\Windows Mail 2008-12-11 20:45:59 ----D---- C:\Windows\system32\fr-FR 2008-12-11 20:45:59 ----D---- C:\Windows 2008-12-11 20:45:57 ----D---- C:\Windows\system32\migration 2008-12-11 20:45:57 ----D---- C:\Program Files\Internet Explorer 2008-12-11 20:37:16 ----D---- C:\Windows\system32\catroot2 2008-12-10 20:23:09 ----D---- C:\Windows\system32\drivers 2008-12-10 20:13:24 ----A---- C:\Windows\system.ini 2008-12-10 20:09:21 ----D---- C:\Windows\system32\config 2008-12-10 20:07:39 ----D---- C:\Program Files\Common Files 2008-12-08 22:34:30 ----HD---- C:\ProgramData 2008-12-08 22:34:29 ----RD---- C:\Program Files 2008-12-08 20:53:53 ----D---- C:\Windows\Minidump 2008-12-08 20:53:44 ----SD---- C:\Windows\Downloaded Program Files 2008-11-26 16:30:58 ----D---- C:\Program Files\Common Files\Apple 2008-11-26 16:27:35 ----D---- C:\Program Files\QuickTime 2008-11-26 16:22:35 ----D---- C:\Windows\system32\Tasks 2008-11-26 16:20:59 ----D---- C:\Windows\inf 2008-11-24 14:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-11-19 16:56:18 ----D---- C:\Users\Faustine\AppData\Roaming\PC Suite 2008-11-15 20:03:14 ----A---- C:\Windows\win.ini 2008-11-15 10:07:09 ----D---- C:\Program Files\Nokia 2008-11-15 09:45:15 ----D---- C:\ProgramData\Installations ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-12-09 75072] R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 PROCDD;Pilote de support IPS; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-01 15872] R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-24 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696] R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-18 82432] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-12-24 11264] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696] S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448] S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-30 91696] R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-30 202288] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988] R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096] R2 IPSSVC;Service de base IPS; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768] R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024] R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-15 11776] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-08 644672] R2 TPHKSVC;Incrustation; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-21 722496] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272] R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] -----------------EOF----------------- Voili voilou, je ne sais que faire !!Merci d'avance !

Merci! Alors voici le rapport de ComboFix : ComboFix 08-12-09.02 - Faustine 2008-12-10 20:05:21.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1180 [GMT 1:00] Lancé depuis: c:\users\Faustine\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Faustine\Desktop\CFScript.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . G:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 )))))))))))))))))))))))))))))))))))) . 2008-12-10 20:12 . 2008-12-10 20:12 <REP> d-------- C:\A 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\Faustine\AppData\Roaming\Malwarebytes 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\All Users\Malwarebytes 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\programdata\Malwarebytes 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-08 22:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-08 22:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\users\All Users\Avira 2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\programdata\Avira 2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\program files\Avira 2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- C:\rsit 2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- c:\program files\trend micro 2008-12-04 17:14 . 2008-12-04 18:15 <REP> d-------- c:\program files\32 Vegas Casino 2008-11-26 16:31 . 2008-11-26 16:31 <REP> d-------- c:\program files\iPod 2008-11-26 16:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-26 16:31 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\program files\iTunes 2008-11-26 16:28 . 2008-11-26 16:28 <REP> d-------- c:\program files\Bonjour 2008-11-26 16:22 . 2008-11-26 16:22 <REP> d-------- c:\program files\Apple Software Update 2008-11-26 14:01 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 14:01 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 14:01 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 14:01 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 14:01 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll 2008-11-26 14:01 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll 2008-11-26 14:00 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-24 14:32 . 2008-11-26 14:05 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-24 14:32 . 2008-11-24 14:32 1,409 --a------ c:\windows\QTFont.for 2008-11-19 09:33 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-19 09:33 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-19 09:33 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-19 09:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-19 09:33 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-19 09:33 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-19 09:33 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-19 09:33 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-19 09:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-15 20:02 . 2008-11-24 20:16 <REP> d-------- c:\program files\Everest Poker 2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\PCSuite 2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\Nokia 2008-11-15 10:01 . 2008-11-26 16:31 <REP> d----c--- c:\windows\System32\DRVSTORE 2008-11-15 10:01 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys 2008-11-15 10:00 . 2008-11-15 10:01 <REP> d-------- c:\program files\PC Connectivity Solution 2008-11-12 21:13 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll 2008-11-12 21:13 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll 2008-11-12 21:13 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 21:13 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll 2008-11-12 21:13 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 09:47 --------- d-----w c:\program files\Microsoft SQL Server 2008-11-26 15:30 --------- d-----w c:\program files\Common Files\Apple 2008-11-26 15:27 --------- d-----w c:\program files\QuickTime 2008-11-19 15:56 --------- d-----w c:\users\Faustine\AppData\Roaming\PC Suite 2008-11-15 09:07 --------- d-----w c:\program files\Nokia 2008-11-15 08:45 --------- d-----w c:\programdata\Installations 2008-11-12 11:48 --------- d-----w c:\users\Faustine\AppData\Roaming\Corel 2008-11-10 14:05 --------- d-----w c:\program files\Messenger Plus! Live 2008-11-10 08:52 --------- d-----w c:\program files\Windows Mail 2008-11-03 11:38 --------- d-----w c:\users\Faustine\AppData\Roaming\dvdcss 2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-07-22 06:56 174 --sha-w c:\program files\desktop.ini 2007-11-18 00:44 1,402,448 ------w c:\users\All Users\pswi_preloaded.exe 2007-11-18 00:44 1,402,448 ------w c:\programdata\pswi_preloaded.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\A ---- c:\a\ ((((((((((((((((((((((((((((( snapshot@2008-12-10_12.16.23.99 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-10 11:05:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-12-10 19:10:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-12-10 11:05:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-12-10 19:10:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-12-10 11:07:13 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-10 19:11:17 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-12-10 11:07:42 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-10 19:11:17 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-12-10 11:00:31 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-12-10 17:25:40 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-12-10 11:00:31 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-10 17:25:40 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-10 11:00:31 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-12-10 17:25:40 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-12-10 11:09:10 10,242 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1213650756-4035086020-1559224673-1003_UserData.bin + 2008-12-10 19:13:40 10,290 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1213650756-4035086020-1559224673-1003_UserData.bin - 2008-12-10 11:09:09 59,430 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-12-10 19:13:39 59,612 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\LENOVO~3\Power2Go\CLMP3Enc.ACM "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk] path=c:\users\Faustine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk backup=c:\windows\pss\LenovoWelcome.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --------- 2007-01-08 20:12 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --------- 2007-11-18 09:47 1006264 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --------- 2007-03-23 12:04 4423680 c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1213650756-4035086020-1559224673-1003] "EnableNotificationsRef"=dword:00000009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A860998B-2C74-48DC-A8A4-97814B18E37A}"= c:\program files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express "{A7109B73-7B6A-40DC-B9F2-20C60D58E8EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D7ECE7A8-F334-4C40-8415-ED5EAAD68EE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{813C9255-6DAE-4903-8C27-A6485885BA14}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C7FBC7BB-7398-44EB-A63E-FD1BAFA201D6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{58E7B29E-6B7E-4311-82DB-F95338D60150}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{78B68C9A-EAAD-48AB-9EA7-E255D46A4021}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{DA5AA21F-2424-49B8-AA88-0BC38A29ABA0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{93DF0DEA-2509-47BE-81BA-50686271C1A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{EBA0D531-1C4E-4253-822E-7CE3F98A86D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{4AF67011-306B-4CCB-9EDA-E918FB34742D}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{F13CBF6A-9B17-4529-AA2D-C3C0B4AE032D}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2007-02-19 13744] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312] R2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-05-11 54832] R2 TPHKSVC;Incrustation;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-05-11 55936] R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-08 569344] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-04-28 15872] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2007-02-10 29178224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Contenu du dossier 'Tâches planifiées' 2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 10:45] 2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-10 20:11:24 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(5068) c:\program files\Pure Networks\Network Magic\nmrsrc.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\System32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\windows\System32\agrsmsvc.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\windows\System32\conime.exe c:\program files\Lenovo\PM Driver\PMSveH.exe c:\windows\System32\PSIService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\windows\System32\wbem\unsecapp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\windows\System32\igfxsrvc.exe . ************************************************************************** . Heure de fin: 2008-12-10 20:22:59 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-10 19:22:28 ComboFix2.txt 2008-12-10 11:19:00 Avant-CF: 22 763 753 472 octets libres Après-CF: 22,459,846,656 octets libres 248 --- E O F --- 2008-12-10 09:50:17 Et du RSIT : Logfile of random's system information tool 1.04 (written by random/random) Run by Faustine at 2008-12-10 20:33:11 Microsoft® Windows Vista™ Édition Familiale Basique System drive C: has 21 GB (19%) free of 109 GB Total RAM: 2038 MB (50% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:33:25, on 10/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Windows\Explorer.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Faustine\Desktop\RSIT.exe C:\Users\Faustine\Desktop\Faustine.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: Incrustation (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- End of file - 10251 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-18 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-21 796224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-03-23 4423680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2007-11-18 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2007-03-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk] C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd [2007-03-15 972] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-01-02 200704] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2008-12-10 20:23:02 ----A---- C:\ComboFix.txt 2008-12-10 20:08:31 ----D---- C:\Windows\temp 2008-12-10 11:55:03 ----A---- C:\Windows\zip.exe 2008-12-10 11:55:03 ----A---- C:\Windows\VFIND.exe 2008-12-10 11:55:03 ----A---- C:\Windows\SWXCACLS.exe 2008-12-10 11:55:03 ----A---- C:\Windows\SWSC.exe 2008-12-10 11:55:03 ----A---- C:\Windows\SWREG.exe 2008-12-10 11:55:03 ----A---- C:\Windows\sed.exe 2008-12-10 11:55:03 ----A---- C:\Windows\NIRCMD.exe 2008-12-10 11:55:03 ----A---- C:\Windows\grep.exe 2008-12-10 11:55:03 ----A---- C:\Windows\fdsv.exe 2008-12-10 11:54:51 ----D---- C:\Windows\ERDNT 2008-12-10 11:54:51 ----D---- C:\Qoobox 2008-12-08 22:34:40 ----D---- C:\Users\Faustine\AppData\Roaming\Malwarebytes 2008-12-08 22:34:30 ----D---- C:\ProgramData\Malwarebytes 2008-12-08 22:34:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-08 18:44:08 ----A---- C:\Windows\ntbtlog.txt 2008-12-08 18:24:40 ----D---- C:\ProgramData\Avira 2008-12-08 18:24:40 ----D---- C:\Program Files\Avira 2008-12-08 10:51:14 ----D---- C:\Program Files\trend micro 2008-12-08 10:51:12 ----D---- C:\rsit 2008-12-04 17:14:18 ----D---- C:\Program Files\32 Vegas Casino 2008-11-26 16:31:31 ----A---- C:\Windows\system32\GEARAspi.dll 2008-11-26 16:31:03 ----D---- C:\Program Files\iPod 2008-11-26 16:30:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30:55 ----D---- C:\Program Files\iTunes 2008-11-26 16:28:18 ----D---- C:\Program Files\Bonjour 2008-11-26 16:22:29 ----D---- C:\Program Files\Apple Software Update 2008-11-26 14:01:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2008-11-26 14:01:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2008-11-26 14:01:36 ----A---- C:\Windows\system32\WindowsCodecs.dll 2008-11-26 14:01:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2008-11-26 14:00:07 ----A---- C:\Windows\system32\connect.dll 2008-11-19 09:33:54 ----A---- C:\Windows\system32\wups2.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wucltux.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuaueng.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuauclt.exe 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wups.dll 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wudriver.dll 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wuapi.dll 2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuwebv.dll 2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuapp.exe 2008-11-15 20:03:53 ----A---- C:\log_lobby_dumper.txt 2008-11-15 20:03:53 ----A---- C:\log_lobby.txt 2008-11-15 20:02:29 ----D---- C:\Program Files\Everest Poker 2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files\PCSuite 2008-11-15 10:07:15 ----D---- C:\Program Files\Common Files\Nokia 2008-11-15 10:01:19 ----DC---- C:\Windows\system32\DRVSTORE 2008-11-15 10:00:56 ----D---- C:\Program Files\PC Connectivity Solution 2008-11-12 21:13:53 ----A---- C:\Windows\system32\msxml3.dll 2008-11-12 21:13:52 ----A---- C:\Windows\system32\msxml3r.dll 2008-11-12 21:13:47 ----A---- C:\Windows\system32\msxml6.dll 2008-11-12 21:13:46 ----A---- C:\Windows\system32\msxml6r.dll ======List of files/folders modified in the last 1 months====== 2008-12-10 20:33:12 ----D---- C:\Windows\Prefetch 2008-12-10 20:23:09 ----D---- C:\Windows\system32\drivers 2008-12-10 20:23:09 ----D---- C:\Windows\System32 2008-12-10 20:23:06 ----D---- C:\Windows 2008-12-10 20:14:41 ----SHD---- C:\System Volume Information 2008-12-10 20:13:24 ----A---- C:\Windows\system.ini 2008-12-10 20:11:45 ----A---- C:\Windows\system32\PROCDB.INI 2008-12-10 20:10:59 ----A---- C:\Windows\system32\IPSCtrl.INI 2008-12-10 20:09:21 ----D---- C:\Windows\system32\config 2008-12-10 20:07:39 ----D---- C:\Windows\AppPatch 2008-12-10 20:07:39 ----D---- C:\Program Files\Common Files 2008-12-10 12:01:34 ----D---- C:\SWSHARE 2008-12-10 10:59:41 ----D---- C:\Windows\system32\catroot 2008-12-10 10:59:40 ----D---- C:\Windows\winsxs 2008-12-10 10:59:08 ----D---- C:\Windows\system32\catroot2 2008-12-10 10:50:04 ----SHD---- C:\Windows\Installer 2008-12-10 10:47:57 ----D---- C:\Program Files\Microsoft SQL Server 2008-12-08 22:34:30 ----HD---- C:\ProgramData 2008-12-08 22:34:29 ----RD---- C:\Program Files 2008-12-08 20:53:53 ----D---- C:\Windows\Minidump 2008-12-08 20:53:44 ----SD---- C:\Windows\Downloaded Program Files 2008-11-26 16:30:58 ----D---- C:\Program Files\Common Files\Apple 2008-11-26 16:27:35 ----D---- C:\Program Files\QuickTime 2008-11-26 16:22:35 ----D---- C:\Windows\system32\Tasks 2008-11-26 16:20:59 ----D---- C:\Windows\inf 2008-11-24 14:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-11-20 17:11:37 ----D---- C:\Windows\rescache 2008-11-20 16:52:04 ----D---- C:\Windows\system32\fr-FR 2008-11-19 16:56:18 ----D---- C:\Users\Faustine\AppData\Roaming\PC Suite 2008-11-15 20:03:14 ----A---- C:\Windows\win.ini 2008-11-15 10:07:09 ----D---- C:\Program Files\Nokia 2008-11-15 09:45:15 ----D---- C:\ProgramData\Installations 2008-11-12 12:48:52 ----D---- C:\Users\Faustine\AppData\Roaming\Corel ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-12-09 75072] R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 PROCDD;Pilote de support IPS; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-01 15872] R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-24 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696] R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-18 82432] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-12-24 11264] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696] S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448] S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-30 91696] R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-30 202288] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988] R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096] R2 IPSSVC;Service de base IPS; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768] R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024] R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-15 11776] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-08 644672] R2 TPHKSVC;Incrustation; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-21 722496] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272] R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] -----------------EOF----------------- Merci beaucoup !!!

Voici le rapport. Merci ComboFix 08-12-09.02 - Faustine 2008-12-10 11:57:12.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1082 [GMT 1:00] Lancé depuis: c:\users\Faustine\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\x64 . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 )))))))))))))))))))))))))))))))))))) . 2008-12-10 12:08 . 2008-12-10 12:08 <REP> d--h----l C:\A 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\Faustine\AppData\Roaming\Malwarebytes 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\All Users\Malwarebytes 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\programdata\Malwarebytes 2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-08 22:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-08 22:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\users\All Users\Avira 2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\programdata\Avira 2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\program files\Avira 2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- C:\rsit 2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- c:\program files\trend micro 2008-12-04 17:14 . 2008-12-04 18:15 <REP> d-------- c:\program files\32 Vegas Casino 2008-11-26 16:31 . 2008-11-26 16:31 <REP> d-------- c:\program files\iPod 2008-11-26 16:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-26 16:31 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\program files\iTunes 2008-11-26 16:28 . 2008-11-26 16:28 <REP> d-------- c:\program files\Bonjour 2008-11-26 16:22 . 2008-11-26 16:22 <REP> d-------- c:\program files\Apple Software Update 2008-11-26 14:01 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 14:01 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 14:01 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 14:01 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 14:01 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll 2008-11-26 14:01 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll 2008-11-26 14:00 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-24 14:32 . 2008-11-26 14:05 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-24 14:32 . 2008-11-24 14:32 1,409 --a------ c:\windows\QTFont.for 2008-11-19 09:33 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-19 09:33 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-19 09:33 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-19 09:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-19 09:33 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-19 09:33 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-19 09:33 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-19 09:33 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-19 09:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-15 20:02 . 2008-11-24 20:16 <REP> d-------- c:\program files\Everest Poker 2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\PCSuite 2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\Nokia 2008-11-15 10:01 . 2008-11-26 16:31 <REP> d----c--- c:\windows\System32\DRVSTORE 2008-11-15 10:01 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys 2008-11-15 10:00 . 2008-11-15 10:01 <REP> d-------- c:\program files\PC Connectivity Solution 2008-11-12 21:13 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll 2008-11-12 21:13 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll 2008-11-12 21:13 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-12 21:13 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll 2008-11-12 21:13 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 09:47 --------- d-----w c:\program files\Microsoft SQL Server 2008-12-09 18:00 5,694 --sha-w c:\windows\System32\KGyGaAvL.sys 2008-11-26 15:30 --------- d-----w c:\program files\Common Files\Apple 2008-11-26 15:27 --------- d-----w c:\program files\QuickTime 2008-11-19 15:56 --------- d-----w c:\users\Faustine\AppData\Roaming\PC Suite 2008-11-15 09:07 --------- d-----w c:\program files\Nokia 2008-11-15 08:45 --------- d-----w c:\programdata\Installations 2008-11-12 11:48 --------- d-----w c:\users\Faustine\AppData\Roaming\Corel 2008-11-10 14:05 --------- d-----w c:\program files\Messenger Plus! Live 2008-11-10 08:52 --------- d-----w c:\program files\Windows Mail 2008-11-03 11:38 --------- d-----w c:\users\Faustine\AppData\Roaming\dvdcss 2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll 2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll 2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll 2008-09-18 04:27 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 04:27 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys 2008-07-22 06:56 174 --sha-w c:\program files\desktop.ini 2007-11-18 00:44 1,402,448 ------w c:\users\All Users\pswi_preloaded.exe 2007-11-18 00:44 1,402,448 ------w c:\programdata\pswi_preloaded.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\LENOVO~3\Power2Go\CLMP3Enc.ACM "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk] path=c:\users\Faustine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk backup=c:\windows\pss\LenovoWelcome.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] --------- 2007-01-08 20:12 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --------- 2007-11-18 09:47 1006264 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --------- 2007-03-23 12:04 4423680 c:\windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1213650756-4035086020-1559224673-1003] "EnableNotificationsRef"=dword:00000009 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A860998B-2C74-48DC-A8A4-97814B18E37A}"= c:\program files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express "{A7109B73-7B6A-40DC-B9F2-20C60D58E8EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{D7ECE7A8-F334-4C40-8415-ED5EAAD68EE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{813C9255-6DAE-4903-8C27-A6485885BA14}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{C7FBC7BB-7398-44EB-A63E-FD1BAFA201D6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{58E7B29E-6B7E-4311-82DB-F95338D60150}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{78B68C9A-EAAD-48AB-9EA7-E255D46A4021}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{DA5AA21F-2424-49B8-AA88-0BC38A29ABA0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{93DF0DEA-2509-47BE-81BA-50686271C1A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{EBA0D531-1C4E-4253-822E-7CE3F98A86D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{4AF67011-306B-4CCB-9EDA-E918FB34742D}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware "{F13CBF6A-9B17-4529-AA2D-C3C0B4AE032D}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2007-02-19 13744] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312] R2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-05-11 54832] R2 TPHKSVC;Incrustation;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-05-11 55936] R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-08 569344] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-04-28 15872] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2007-02-10 29178224] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - nsv.bat \shell\explore\Command - nsv.bat \shell\open\Command - nsv.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e84c-2b92-11dd-9a61-001dd9f5976e}] \shell\Auto\command - G:\auto.exe \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5635a4d8-38da-11dd-8587-001dd9f5976e}] \shell\Autoplay\Command - D:\smss.exe \shell\AutoRun\command - D:\smss.exe \shell\Explore\Command - D:\smss.exe \shell\Open\Command - D:\smss.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd6cfc1-2a03-11dd-9ce0-001dd9f5976e}] \shell\Auto\command - G:\auto.exe \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e07429-7d67-11dd-b592-001dd9f5976e}] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mskernel32.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc19cb7e-141d-11dd-8737-001dd9f5976e}] \shell\AutoRun\command - nsv.bat \shell\explore\Command - nsv.bat \shell\open\Command - nsv.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e34f4e11-6378-11dd-b647-001dd9f5976e}] \shell\AutoRun\command - D:\nsv.bat \shell\explore\Command - D:\nsv.bat \shell\open\Command - D:\nsv.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffea8428-b551-11dd-86d4-001dd9f5976e}] \shell\AutoRun\command - F:\AutoRunPro.exe . Contenu du dossier 'Tâches planifiées' 2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job - c:\windows\system32\msfeedssync.exe [2006-11-02 10:45] 2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . - - - - ORPHELINS SUPPRIMES - - - - HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-10 12:06:46 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(4160) c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\windows\System32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\windows\System32\agrsmsvc.exe c:\windows\System32\conime.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Lenovo\PM Driver\PMSveH.exe c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe c:\windows\System32\PSIService.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Lenovo\System Update\SUService.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\System32\igfxsrvc.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\iPod\bin\iPodService.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2008-12-10 12:18:57 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-10 11:18:27 Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application. Après-CF: 25,032,990,720 octets libres 270 --- E O F --- 2008-12-10 09:50:17

wow ca va faire quoi en gros ? pourquoi c'est dangereux ?? C'est risqué de perdre ses fichiers ?

Bonjour à tous ! Je suis nouvelle sur ce forum. Inscrite car j'ai vu que qqun avait le mm problème que moi et on l'a aidé (Thanos), cependant je ne pouvais pas répondre car le sujet était fermé. Donc je fais mon propre post pr expliquer : Un mail s'envoie de mon compte automatiquement ! à tous mes contacts !! C'est très embetant, je vous copie colle ce qui est écrit : Hello,happy chrismas Gift for christmas,Christmas is coming,you must have any plan to buy something,I'd like to introduce you a very good company which i knew.Their website : www.eshowbest.com .They can offer you all kinds of electronical products which you need such as laptops,LCDTV,cells,ps3,MP3/4,motorcycles,etc.and they lower the prices in order to welcome the christmas.You may spend a little time to have a check ,there must be something you 'd like to purchase . Their email address: [email protected] MSN: [email protected] Wish you a good mood in shopping from their company. TEL: +86+13131186777 Regards! C'est la 2e fois ds la semaine ! Savez vous d'ou ca vient ? Thanos disait à cette fille de faire pleins de manipulation, j'aimerais savoir si il faut que je fasse les mêmes. (http://forum.zebulon.fr/hotmail-infecte-t150259.html&pid=1275136&mode=threaded#entry1275136) Pour commencer j'ai fait le RSIT que voici : Logfile of random's system information tool 1.04 (written by random/random) Run by Faustine at 2008-12-08 10:51:12 Microsoft® Windows Vista™ Édition Familiale Basique System drive C: has 19 GB (17%) free of 109 GB Total RAM: 2038 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:43, on 08/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe C:\Windows\system32\taskeng.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Windows Live\Mail\wlmail.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Faustine\Desktop\RSIT.exe C:\Program Files\trend micro\Faustine.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: Incrustation (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- End of file - 11207 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-18 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}] CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-21 796224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872] ""= [] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] ""= [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352] "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] C:\Windows\RtHDVCpl.exe [2007-03-23 4423680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2007-11-18 1006264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2007-03-29 719664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk] C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd [2007-03-15 972] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-01-02 200704] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ACGina [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e844-2b92-11dd-9a61-001dd9f5976e}] shell\Auto\command - D:\RavMonE.exe e shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\RavMonE.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e84c-2b92-11dd-9a61-001dd9f5976e}] shell\Auto\command - G:\auto.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5635a4d8-38da-11dd-8587-001dd9f5976e}] shell\Autoplay\command - D:\smss.exe shell\AutoRun\command - D:\smss.exe shell\Explore\command - D:\smss.exe shell\Open\command - D:\smss.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd6cfc1-2a03-11dd-9ce0-001dd9f5976e}] shell\Auto\command - G:\auto.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e07429-7d67-11dd-b592-001dd9f5976e}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mskernel32.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e074a7-7d67-11dd-b592-001dd9f5976e}] shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc19cb7e-141d-11dd-8737-001dd9f5976e}] shell\AutoRun\command - nsv.bat shell\explore\command - nsv.bat shell\open\command - nsv.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e34f4e11-6378-11dd-b647-001dd9f5976e}] shell\AutoRun\command - D:\nsv.bat shell\explore\command - D:\nsv.bat shell\open\command - D:\nsv.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffea8428-b551-11dd-86d4-001dd9f5976e}] shell\AutoRun\command - F:\AutoRunPro.exe ======List of files/folders created in the last 1 months====== 2008-12-08 10:51:14 ----D---- C:\Program Files\trend micro 2008-12-08 10:51:12 ----D---- C:\rsit 2008-12-04 17:14:18 ----D---- C:\Program Files\32 Vegas Casino 2008-11-26 16:31:31 ----A---- C:\Windows\system32\GEARAspi.dll 2008-11-26 16:31:03 ----D---- C:\Program Files\iPod 2008-11-26 16:30:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-26 16:30:55 ----D---- C:\Program Files\iTunes 2008-11-26 16:28:18 ----D---- C:\Program Files\Bonjour 2008-11-26 16:22:29 ----D---- C:\Program Files\Apple Software Update 2008-11-26 14:01:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll 2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll 2008-11-26 14:01:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2008-11-26 14:01:36 ----A---- C:\Windows\system32\WindowsCodecs.dll 2008-11-26 14:01:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2008-11-26 14:00:07 ----A---- C:\Windows\system32\connect.dll 2008-11-19 09:33:54 ----A---- C:\Windows\system32\wups2.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wucltux.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuaueng.dll 2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuauclt.exe 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wups.dll 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wudriver.dll 2008-11-19 09:33:27 ----A---- C:\Windows\system32\wuapi.dll 2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuwebv.dll 2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuapp.exe 2008-11-15 20:03:53 ----A---- C:\log_lobby_dumper.txt 2008-11-15 20:03:53 ----A---- C:\log_lobby.txt 2008-11-15 20:02:29 ----D---- C:\Program Files\Everest Poker 2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files\PCSuite 2008-11-15 10:07:15 ----D---- C:\Program Files\Common Files\Nokia 2008-11-15 10:01:19 ----DC---- C:\Windows\system32\DRVSTORE 2008-11-15 10:00:56 ----D---- C:\Program Files\PC Connectivity Solution 2008-11-12 21:13:53 ----A---- C:\Windows\system32\msxml3.dll 2008-11-12 21:13:52 ----A---- C:\Windows\system32\msxml3r.dll 2008-11-12 21:13:47 ----A---- C:\Windows\system32\msxml6.dll 2008-11-12 21:13:46 ----A---- C:\Windows\system32\msxml6r.dll 2008-11-09 23:17:45 ----A---- C:\Windows\system32\gameux.dll 2008-11-09 23:17:41 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-11-09 23:17:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-11-09 23:12:27 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-11-09 23:12:26 ----A---- C:\Windows\system32\winipsec.dll 2008-11-09 23:12:26 ----A---- C:\Windows\system32\polstore.dll 2008-11-09 23:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2008-11-09 23:10:09 ----A---- C:\Windows\system32\es.dll 2008-11-09 23:10:06 ----A---- C:\Windows\system32\wmpeffects.dll 2008-11-09 23:05:13 ----A---- C:\Windows\system32\win32spl.dll 2008-11-09 23:05:13 ----A---- C:\Windows\system32\printcom.dll 2008-11-09 23:05:07 ----A---- C:\Windows\system32\INETRES.dll 2008-11-09 23:05:07 ----A---- C:\Windows\system32\inetcomm.dll 2008-11-09 23:00:36 ----A---- C:\Windows\system32\mshtml.dll 2008-11-09 23:00:32 ----A---- C:\Windows\system32\ieframe.dll 2008-11-09 23:00:30 ----A---- C:\Windows\system32\urlmon.dll 2008-11-09 23:00:28 ----A---- C:\Windows\system32\wininet.dll 2008-11-09 23:00:28 ----A---- C:\Windows\system32\iertutil.dll 2008-11-09 23:00:28 ----A---- C:\Windows\system32\dxtmsft.dll 2008-11-09 23:00:27 ----A---- C:\Windows\system32\mshtmled.dll 2008-11-09 23:00:26 ----A---- C:\Windows\system32\dxtrans.dll 2008-11-09 23:00:25 ----A---- C:\Windows\system32\mstime.dll 2008-11-09 23:00:24 ----A---- C:\Windows\system32\ieui.dll 2008-11-09 23:00:24 ----A---- C:\Windows\system32\ieapfltr.dll 2008-11-09 23:00:24 ----A---- C:\Windows\system32\ie4uinit.exe 2008-11-09 23:00:24 ----A---- C:\Windows\system32\advpack.dll 2008-11-09 23:00:23 ----A---- C:\Windows\system32\iesetup.dll 2008-11-09 23:00:23 ----A---- C:\Windows\system32\iernonce.dll 2008-11-09 23:00:23 ----A---- C:\Windows\system32\icardie.dll 2008-11-09 23:00:22 ----A---- C:\Windows\system32\pngfilt.dll 2008-11-09 23:00:22 ----A---- C:\Windows\system32\jsproxy.dll 2008-11-09 23:00:22 ----A---- C:\Windows\system32\ieUnatt.exe ======List of files/folders modified in the last 1 months====== 2008-12-08 10:51:39 ----D---- C:\Windows\Temp 2008-12-08 10:51:34 ----D---- C:\Windows\Prefetch 2008-12-08 10:51:14 ----RD---- C:\Program Files 2008-12-08 10:30:36 ----D---- C:\Windows\system32\drivers 2008-12-08 10:29:52 ----D---- C:\Windows\System32 2008-12-08 10:25:49 ----SHD---- C:\Windows\Installer 2008-12-08 10:23:50 ----D---- C:\Program Files\Microsoft SQL Server 2008-12-08 10:20:23 ----SHD---- C:\System Volume Information 2008-12-08 10:16:33 ----A---- C:\Windows\system32\PROCDB.INI 2008-12-08 10:16:05 ----A---- C:\Windows\system32\IPSCtrl.INI 2008-12-07 00:01:26 ----D---- C:\SWSHARE 2008-12-06 15:54:03 ----D---- C:\Windows\Minidump 2008-12-06 15:53:49 ----D---- C:\Windows 2008-12-05 10:31:30 ----D---- C:\Windows\system32\catroot2 2008-11-28 10:50:52 ----D---- C:\Windows\winsxs 2008-11-26 18:21:30 ----A---- C:\Windows\system32\aswBoot.exe 2008-11-26 16:31:33 ----D---- C:\Windows\system32\catroot 2008-11-26 16:30:58 ----D---- C:\Program Files\Common Files\Apple 2008-11-26 16:30:55 ----HD---- C:\ProgramData 2008-11-26 16:27:35 ----D---- C:\Program Files\QuickTime 2008-11-26 16:22:35 ----D---- C:\Windows\system32\Tasks 2008-11-26 16:20:59 ----D---- C:\Windows\inf 2008-11-24 14:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-11-20 17:11:37 ----D---- C:\Windows\rescache 2008-11-20 16:52:04 ----D---- C:\Windows\system32\fr-FR 2008-11-19 16:56:18 ----D---- C:\Users\Faustine\AppData\Roaming\PC Suite 2008-11-16 13:42:24 ----SD---- C:\Windows\Downloaded Program Files 2008-11-15 20:03:14 ----A---- C:\Windows\win.ini 2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files 2008-11-15 10:07:09 ----D---- C:\Program Files\Nokia 2008-11-15 09:45:15 ----D---- C:\ProgramData\Installations 2008-11-12 12:48:52 ----D---- C:\Users\Faustine\AppData\Roaming\Corel 2008-11-10 15:05:51 ----D---- C:\Program Files\Messenger Plus! Live 2008-11-10 09:52:18 ----D---- C:\Windows\AppPatch 2008-11-10 09:52:18 ----D---- C:\Program Files\Windows Mail 2008-11-10 09:52:16 ----D---- C:\Windows\system32\migration 2008-11-10 09:52:16 ----D---- C:\Program Files\Internet Explorer ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864] R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792] R2 PROCDD;Pilote de support IPS; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376] R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888] R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-01 15872] R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-24 14208] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696] R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-18 82432] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896] R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-12-24 11264] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448] S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-30 91696] R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-30 202288] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988] R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096] R2 IPSSVC;Service de base IPS; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768] R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352] R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024] R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-15 11776] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-08 644672] R2 TPHKSVC;Incrustation; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-21 722496] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272] R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] -----------------EOF----------------- info.txt logfile of random's system information tool 1.04 2008-12-08 10:51:54 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 32 Vegas Casino-->"C:\Program Files\32 Vegas Casino\_SetupCasino.exe" /uninstall Access - Aide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x40c UNINSTALL Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003} Agere Systems HDA Modem-->agrsmdel Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B} BUFFALO TurboUSB for FLASH/HDD-->C:\Windows\UN070410.EXE /U Centre Corel pour entreprises-->MsiExec.exe /X{79D56DFD-D28E-4289-BED2-32A6342A305B} Client Security Solution-->MsiExec.exe /X{0F4EFCE8-E358-4430-A504-F55F32BA1816} Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645} Diskeeper Home-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A} DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62} Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af} Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF} Gestionnaire de présentation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x40c -AddRemove GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe" Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x40c -AddRemove HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Incrustation-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_3k.inf Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} K-Lite Codec Pack 3.7.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D} Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x40c -AddRemove Lenovo Fingerprint Software-->MsiExec.exe /X{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5} Lenovo Multimedia Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AWAYTASK.INF Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x40c -AddRemove Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791} Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829} Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778} MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Network Magic-->MsiExec.exe /X{A32B11DB-B192-4F11-B4C3-4F04F2C8D8B3} Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1} Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6} Package de pilotes Windows - Nokia Modem (05/22/2008 3.-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C} PC-Doctor 5 pour Windows-->C:\Program Files\PCDR5\uninst.exe PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe" PM Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B} Power Ux Customization-->MsiExec.exe /X{B1F625EB-9691-4889-A864-DA085739F3F0} QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly Registry patch for Windows Vista USB S3 PM Enablement-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf Rescue and Recovery-->MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19} RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Supplément à Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x40c -AddRemove Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297} ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x40c anything ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x40c anything VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x40c UNINSTALL Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D} WordPerfect Office X3-->C:\Program Files\WordPerfect Office X3\CabsFR\MSILauncher.exe {54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} C:\Users\ADMINI~1\AppData\Local\Temp\WPO13.log WordPerfect Office X3-->MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} ======Hosts File====== 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 127.0.0.1 www.032439.com ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081207-0] AS: Windows Defender AS: avast! antivirus 4.8.1229 [VPS 081207-0] ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=1601 "NUMBER_OF_PROCESSORS"=1 "TPCCommon"=C:\PROGRA~1\Lenovo\LENOVO~2 "TVT"=C:\Program Files\Lenovo "RR"=C:\Program Files\Lenovo\Rescue and Recovery "TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24 "TVTCOMMON"=C:\Program Files\Common Files\Lenovo "SWSHARE"=C:\SWSHARE "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF----------------- Merci de votre aide !! Faustine