Mon E-mail hotmail envoie automatiquement un mail

[gagen]

Bonjour à tous !

Je suis nouvelle sur ce forum.

Inscrite car j'ai vu que qqun avait le mm problème que moi et on l'a aidé (Thanos), cependant je ne pouvais pas répondre car le sujet était fermé.

Donc je fais mon propre post pr expliquer :

 

Un mail s'envoie de mon compte automatiquement ! à tous mes contacts !! C'est très embetant, je vous copie colle ce qui est écrit :

 

Hello,happy chrismas

Gift for christmas,Christmas is coming,you must have any plan to buy something,I'd like to introduce you a very good company which i knew.Their website : www.eshowbest.com .They can offer you all kinds of electronical products which you need such as laptops,LCDTV,cells,ps3,MP3/4,motorcycles,etc.and they lower the prices in order to welcome the christmas.You may spend a little time to have a check ,there must be something you 'd like to purchase .

Their email address: eshowbes[email protected] MSN: eshowbes[email protected]

Wish you a good mood in shopping from their company.

TEL: +86+13131186777

Regards!

 

C'est la 2e fois ds la semaine ! Savez vous d'ou ca vient ?

Thanos disait à cette fille de faire pleins de manipulation, j'aimerais savoir si il faut que je fasse les mêmes. (http://forum.zebulon.fr/hotmail-infecte-t150259.html&pid=1275136&mode=threaded#entry1275136)

Pour commencer j'ai fait le RSIT que voici :

 

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Faustine at 2008-12-08 10:51:12

Microsoft® Windows Vista™ Édition Familiale Basique

System drive C: has 19 GB (17%) free of 109 GB

Total RAM: 2038 MB (49% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:51:43, on 08/12/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Faustine\Desktop\RSIT.exe

C:\Program Files\trend micro\Faustine.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: Incrustation (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

--

End of file - 11207 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job

C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-18 501384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]

CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-21 796224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]

""= []

"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]

"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

""= []

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2007-11-18 1006264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2007-03-29 719664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]

C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd [2007-03-15 972]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

ACGina

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e844-2b92-11dd-9a61-001dd9f5976e}]

shell\Auto\command - D:\RavMonE.exe e

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\RavMonE.exe e

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e84c-2b92-11dd-9a61-001dd9f5976e}]

shell\Auto\command - G:\auto.exe

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5635a4d8-38da-11dd-8587-001dd9f5976e}]

shell\Autoplay\command - D:\smss.exe

shell\AutoRun\command - D:\smss.exe

shell\Explore\command - D:\smss.exe

shell\Open\command - D:\smss.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd6cfc1-2a03-11dd-9ce0-001dd9f5976e}]

shell\Auto\command - G:\auto.exe

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e07429-7d67-11dd-b592-001dd9f5976e}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mskernel32.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e074a7-7d67-11dd-b592-001dd9f5976e}]

shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc19cb7e-141d-11dd-8737-001dd9f5976e}]

shell\AutoRun\command - nsv.bat

shell\explore\command - nsv.bat

shell\open\command - nsv.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e34f4e11-6378-11dd-b647-001dd9f5976e}]

shell\AutoRun\command - D:\nsv.bat

shell\explore\command - D:\nsv.bat

shell\open\command - D:\nsv.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffea8428-b551-11dd-86d4-001dd9f5976e}]

shell\AutoRun\command - F:\AutoRunPro.exe

 

 

======List of files/folders created in the last 1 months======

 

2008-12-08 10:51:14 ----D---- C:\Program Files\trend micro

2008-12-08 10:51:12 ----D---- C:\rsit

2008-12-04 17:14:18 ----D---- C:\Program Files\32 Vegas Casino

2008-11-26 16:31:31 ----A---- C:\Windows\system32\GEARAspi.dll

2008-11-26 16:31:03 ----D---- C:\Program Files\iPod

2008-11-26 16:30:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30:55 ----D---- C:\Program Files\iTunes

2008-11-26 16:28:18 ----D---- C:\Program Files\Bonjour

2008-11-26 16:22:29 ----D---- C:\Program Files\Apple Software Update

2008-11-26 14:01:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll

2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

2008-11-26 14:01:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2008-11-26 14:01:36 ----A---- C:\Windows\system32\WindowsCodecs.dll

2008-11-26 14:01:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2008-11-26 14:00:07 ----A---- C:\Windows\system32\connect.dll

2008-11-19 09:33:54 ----A---- C:\Windows\system32\wups2.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wucltux.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wups.dll

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wudriver.dll

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wuapi.dll

2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuapp.exe

2008-11-15 20:03:53 ----A---- C:\log_lobby_dumper.txt

2008-11-15 20:03:53 ----A---- C:\log_lobby.txt

2008-11-15 20:02:29 ----D---- C:\Program Files\Everest Poker

2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files\PCSuite

2008-11-15 10:07:15 ----D---- C:\Program Files\Common Files\Nokia

2008-11-15 10:01:19 ----DC---- C:\Windows\system32\DRVSTORE

2008-11-15 10:00:56 ----D---- C:\Program Files\PC Connectivity Solution

2008-11-12 21:13:53 ----A---- C:\Windows\system32\msxml3.dll

2008-11-12 21:13:52 ----A---- C:\Windows\system32\msxml3r.dll

2008-11-12 21:13:47 ----A---- C:\Windows\system32\msxml6.dll

2008-11-12 21:13:46 ----A---- C:\Windows\system32\msxml6r.dll

2008-11-09 23:17:45 ----A---- C:\Windows\system32\gameux.dll

2008-11-09 23:17:41 ----A---- C:\Windows\system32\Apphlpdm.dll

2008-11-09 23:17:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2008-11-09 23:12:27 ----A---- C:\Windows\system32\IPSECSVC.DLL

2008-11-09 23:12:26 ----A---- C:\Windows\system32\winipsec.dll

2008-11-09 23:12:26 ----A---- C:\Windows\system32\polstore.dll

2008-11-09 23:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll

2008-11-09 23:10:09 ----A---- C:\Windows\system32\es.dll

2008-11-09 23:10:06 ----A---- C:\Windows\system32\wmpeffects.dll

2008-11-09 23:05:13 ----A---- C:\Windows\system32\win32spl.dll

2008-11-09 23:05:13 ----A---- C:\Windows\system32\printcom.dll

2008-11-09 23:05:07 ----A---- C:\Windows\system32\INETRES.dll

2008-11-09 23:05:07 ----A---- C:\Windows\system32\inetcomm.dll

2008-11-09 23:00:36 ----A---- C:\Windows\system32\mshtml.dll

2008-11-09 23:00:32 ----A---- C:\Windows\system32\ieframe.dll

2008-11-09 23:00:30 ----A---- C:\Windows\system32\urlmon.dll

2008-11-09 23:00:28 ----A---- C:\Windows\system32\wininet.dll

2008-11-09 23:00:28 ----A---- C:\Windows\system32\iertutil.dll

2008-11-09 23:00:28 ----A---- C:\Windows\system32\dxtmsft.dll

2008-11-09 23:00:27 ----A---- C:\Windows\system32\mshtmled.dll

2008-11-09 23:00:26 ----A---- C:\Windows\system32\dxtrans.dll

2008-11-09 23:00:25 ----A---- C:\Windows\system32\mstime.dll

2008-11-09 23:00:24 ----A---- C:\Windows\system32\ieui.dll

2008-11-09 23:00:24 ----A---- C:\Windows\system32\ieapfltr.dll

2008-11-09 23:00:24 ----A---- C:\Windows\system32\ie4uinit.exe

2008-11-09 23:00:24 ----A---- C:\Windows\system32\advpack.dll

2008-11-09 23:00:23 ----A---- C:\Windows\system32\iesetup.dll

2008-11-09 23:00:23 ----A---- C:\Windows\system32\iernonce.dll

2008-11-09 23:00:23 ----A---- C:\Windows\system32\icardie.dll

2008-11-09 23:00:22 ----A---- C:\Windows\system32\pngfilt.dll

2008-11-09 23:00:22 ----A---- C:\Windows\system32\jsproxy.dll

2008-11-09 23:00:22 ----A---- C:\Windows\system32\ieUnatt.exe

 

======List of files/folders modified in the last 1 months======

 

2008-12-08 10:51:39 ----D---- C:\Windows\Temp

2008-12-08 10:51:34 ----D---- C:\Windows\Prefetch

2008-12-08 10:51:14 ----RD---- C:\Program Files

2008-12-08 10:30:36 ----D---- C:\Windows\system32\drivers

2008-12-08 10:29:52 ----D---- C:\Windows\System32

2008-12-08 10:25:49 ----SHD---- C:\Windows\Installer

2008-12-08 10:23:50 ----D---- C:\Program Files\Microsoft SQL Server

2008-12-08 10:20:23 ----SHD---- C:\System Volume Information

2008-12-08 10:16:33 ----A---- C:\Windows\system32\PROCDB.INI

2008-12-08 10:16:05 ----A---- C:\Windows\system32\IPSCtrl.INI

2008-12-07 00:01:26 ----D---- C:\SWSHARE

2008-12-06 15:54:03 ----D---- C:\Windows\Minidump

2008-12-06 15:53:49 ----D---- C:\Windows

2008-12-05 10:31:30 ----D---- C:\Windows\system32\catroot2

2008-11-28 10:50:52 ----D---- C:\Windows\winsxs

2008-11-26 18:21:30 ----A---- C:\Windows\system32\aswBoot.exe

2008-11-26 16:31:33 ----D---- C:\Windows\system32\catroot

2008-11-26 16:30:58 ----D---- C:\Program Files\Common Files\Apple

2008-11-26 16:30:55 ----HD---- C:\ProgramData

2008-11-26 16:27:35 ----D---- C:\Program Files\QuickTime

2008-11-26 16:22:35 ----D---- C:\Windows\system32\Tasks

2008-11-26 16:20:59 ----D---- C:\Windows\inf

2008-11-24 14:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-20 17:11:37 ----D---- C:\Windows\rescache

2008-11-20 16:52:04 ----D---- C:\Windows\system32\fr-FR

2008-11-19 16:56:18 ----D---- C:\Users\Faustine\AppData\Roaming\PC Suite

2008-11-16 13:42:24 ----SD---- C:\Windows\Downloaded Program Files

2008-11-15 20:03:14 ----A---- C:\Windows\win.ini

2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files

2008-11-15 10:07:09 ----D---- C:\Program Files\Nokia

2008-11-15 09:45:15 ----D---- C:\ProgramData\Installations

2008-11-12 12:48:52 ----D---- C:\Users\Faustine\AppData\Roaming\Corel

2008-11-10 15:05:51 ----D---- C:\Program Files\Messenger Plus! Live

2008-11-10 09:52:18 ----D---- C:\Windows\AppPatch

2008-11-10 09:52:18 ----D---- C:\Program Files\Windows Mail

2008-11-10 09:52:16 ----D---- C:\Windows\system32\migration

2008-11-10 09:52:16 ----D---- C:\Program Files\Internet Explorer

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-11-26 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-11-26 111184]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-11-26 50864]

R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-11-26 51792]

R2 PROCDD;Pilote de support IPS; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]

R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]

R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]

R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-01 15872]

R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]

R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-24 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]

R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]

R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-18 82432]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]

R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]

R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-12-24 11264]

S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]

S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-30 91696]

R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-30 202288]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988]

R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 IPSSVC;Service de base IPS; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080]

R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088]

R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]

R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344]

R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024]

R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-15 11776]

R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-08 644672]

R2 TPHKSVC;Incrustation; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]

R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-21 722496]

R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344]

R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272]

R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

 

-----------------EOF-----------------

 

 

 

 

 

info.txt logfile of random's system information tool 1.04 2008-12-08 10:51:54

 

======Uninstall list======

 

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EDE721EC-870A-11D8-9D75-000129760D75}\setup.exe" -uninstall

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

32 Vegas Casino-->"C:\Program Files\32 Vegas Casino\_SetupCasino.exe" /uninstall

Access - Aide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x40c UNINSTALL

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}

Agere Systems HDA Modem-->agrsmdel

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}

Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}

BUFFALO TurboUSB for FLASH/HDD-->C:\Windows\UN070410.EXE /U

Centre Corel pour entreprises-->MsiExec.exe /X{79D56DFD-D28E-4289-BED2-32A6342A305B}

Client Security Solution-->MsiExec.exe /X{0F4EFCE8-E358-4430-A504-F55F32BA1816}

Corel Snapfire Plus-->MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}

Diskeeper Home-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}

DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Everest Poker (Remove Only)-->C:\Program Files\Everest Poker\cstart.exe /uninstall

Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)-->MsiExec.exe /X{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}

Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}

Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {69ca8988-1c6c-4285-b8af-db780a6e42af}

Gestionnaire de contacts professionnels pour Outlook 2007 SP1-->MsiExec.exe /X{69CA8988-1C6C-4285-B8AF-DB780A6E42AF}

Gestionnaire de présentation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x40c -AddRemove

GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"

Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x40c -AddRemove

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Incrustation-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_3k.inf

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe

iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

K-Lite Codec Pack 3.7.0 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}

Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\SETUP.EXE" -l0x40c -AddRemove

Lenovo Fingerprint Software-->MsiExec.exe /X{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}

Lenovo Multimedia Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall

Lenovo Registration-->C:\Program Files\Lenovo Registration\uninstall.exe

Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf

LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}

Maintenance Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\AWAYTASK.INF

Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x40c -AddRemove

Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{480DBB60-F0B6-45F2-B26F-1A2E11197791}

Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Native Client-->MsiExec.exe /I{9C7E944F-4502-40B8-A0AB-66B2FA9EE829}

Microsoft SQL Server VSS Writer-->MsiExec.exe /I{75FF1600-6330-43FA-9022-E0835BF20778}

MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

Network Magic-->MsiExec.exe /X{A32B11DB-B192-4F11-B4C3-4F04F2C8D8B3}

Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}

Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_fre.exe

Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}

Package de pilotes Windows - Nokia Modem (05/22/2008 3.-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_5e0e55c3\nokia_bluetooth.inf

Package de pilotes Windows - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_dcd936c5\nokbtmdm.inf

Package de pilotes Windows - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_7837a5db\nokbtmdm.inf

Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ee12375f\nokia_bluetooth.inf

Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf

PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}

PC-Doctor 5 pour Windows-->C:\Program Files\PCDR5\uninst.exe

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"

PM Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B}

Power Ux Customization-->MsiExec.exe /X{B1F625EB-9691-4889-A864-DA085739F3F0}

QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly

Registry patch for Windows Vista USB S3 PM Enablement-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf

Rescue and Recovery-->MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19}

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x40c anything

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Supplément à Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\SETUP.EXE" -l0x40c -AddRemove

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}

ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x40c anything

ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x40c anything

VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409

VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x40c UNINSTALL

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Mail-->MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}

WordPerfect Office X3-->C:\Program Files\WordPerfect Office X3\CabsFR\MSILauncher.exe {54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8} C:\Users\ADMINI~1\AppData\Local\Temp\WPO13.log

WordPerfect Office X3-->MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}

 

======Hosts File======

 

127.0.0.1 007guard.com

127.0.0.1 www.007guard.com

127.0.0.1 008i.com

127.0.0.1 008k.com

127.0.0.1 www.008k.com

127.0.0.1 00hq.com

127.0.0.1 www.00hq.com

127.0.0.1 010402.com

127.0.0.1 032439.com

127.0.0.1 www.032439.com

 

======Security center information======

 

AV: avast! antivirus 4.8.1229 [VPS 081207-0]

AS: Windows Defender

AS: avast! antivirus 4.8.1229 [VPS 081207-0]

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Lenovo\Client Security Solution;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel

"PROCESSOR_REVISION"=1601

"NUMBER_OF_PROCESSORS"=1

"TPCCommon"=C:\PROGRA~1\Lenovo\LENOVO~2

"TVT"=C:\Program Files\Lenovo

"RR"=C:\Program Files\Lenovo\Rescue and Recovery

"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24

"TVTCOMMON"=C:\Program Files\Common Files\Lenovo

"SWSHARE"=C:\SWSHARE

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

 

Merci de votre aide !!

Faustine

[Falkra]

Bonsoir, bienvenue.

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• On va te proposer de télécharger et installer la console de récupération, clique sur "Oui" au message, autorise le téléchargement dans ton firewall si demandé, puis accepte le message de contrat utilisateur final.
  
• Le bureau disparaît, c'est normal, et il va revenir.
  
• Ne ferme pas la fenêtre qui s'ouvre, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  

[gagen]

wow ca va faire quoi en gros ? pourquoi c'est dangereux ?? C'est risqué de perdre ses fichiers ?

[Falkra]

Ce n'est risqué que si on l'utilise au pif et sans savoir ce que l'on fait, si tu suis la procédure, pas de souci, pour ta machine c'est utile.

Quand il te proposera la console de récupération, dis oui, c'est une sécurité en plus.

[gagen]

Voici le rapport.

Merci

 

ComboFix 08-12-09.02 - Faustine 2008-12-10 11:57:12.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1082 [GMT 1:00]

Lancé depuis: c:\users\Faustine\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\x64

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-10 12:08 . 2008-12-10 12:08 <REP> d--h----l C:\A

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\Faustine\AppData\Roaming\Malwarebytes

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\All Users\Malwarebytes

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\programdata\Malwarebytes

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-08 22:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-08 22:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\users\All Users\Avira

2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\programdata\Avira

2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\program files\Avira

2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- C:\rsit

2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- c:\program files\trend micro

2008-12-04 17:14 . 2008-12-04 18:15 <REP> d-------- c:\program files\32 Vegas Casino

2008-11-26 16:31 . 2008-11-26 16:31 <REP> d-------- c:\program files\iPod

2008-11-26 16:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2008-11-26 16:31 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\program files\iTunes

2008-11-26 16:28 . 2008-11-26 16:28 <REP> d-------- c:\program files\Bonjour

2008-11-26 16:22 . 2008-11-26 16:22 <REP> d-------- c:\program files\Apple Software Update

2008-11-26 14:01 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 14:01 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 14:01 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 14:01 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-26 14:01 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2008-11-26 14:01 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

2008-11-26 14:00 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-24 14:32 . 2008-11-26 14:05 54,156 --ah----- c:\windows\QTFont.qfn

2008-11-24 14:32 . 2008-11-24 14:32 1,409 --a------ c:\windows\QTFont.for

2008-11-19 09:33 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-19 09:33 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-19 09:33 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-19 09:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-19 09:33 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-19 09:33 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-19 09:33 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-19 09:33 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-19 09:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-15 20:02 . 2008-11-24 20:16 <REP> d-------- c:\program files\Everest Poker

2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\PCSuite

2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\Nokia

2008-11-15 10:01 . 2008-11-26 16:31 <REP> d----c--- c:\windows\System32\DRVSTORE

2008-11-15 10:01 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys

2008-11-15 10:00 . 2008-11-15 10:01 <REP> d-------- c:\program files\PC Connectivity Solution

2008-11-12 21:13 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll

2008-11-12 21:13 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll

2008-11-12 21:13 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 21:13 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll

2008-11-12 21:13 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-10 09:47 --------- d-----w c:\program files\Microsoft SQL Server

2008-12-09 18:00 5,694 --sha-w c:\windows\System32\KGyGaAvL.sys

2008-11-26 15:30 --------- d-----w c:\program files\Common Files\Apple

2008-11-26 15:27 --------- d-----w c:\program files\QuickTime

2008-11-19 15:56 --------- d-----w c:\users\Faustine\AppData\Roaming\PC Suite

2008-11-15 09:07 --------- d-----w c:\program files\Nokia

2008-11-15 08:45 --------- d-----w c:\programdata\Installations

2008-11-12 11:48 --------- d-----w c:\users\Faustine\AppData\Roaming\Corel

2008-11-10 14:05 --------- d-----w c:\program files\Messenger Plus! Live

2008-11-10 08:52 --------- d-----w c:\program files\Windows Mail

2008-11-03 11:38 --------- d-----w c:\users\Faustine\AppData\Roaming\dvdcss

2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll

2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll

2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe

2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll

2008-09-23 16:46 245,408 ----a-w c:\windows\System32\unicows.dll

2008-09-18 04:27 3,506,744 ----a-w c:\windows\System32\ntkrnlpa.exe

2008-09-18 04:27 3,472,952 ----a-w c:\windows\System32\ntoskrnl.exe

2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys

2008-07-22 06:56 174 --sha-w c:\program files\desktop.ini

2007-11-18 00:44 1,402,448 ------w c:\users\All Users\pswi_preloaded.exe

2007-11-18 00:44 1,402,448 ------w c:\programdata\pswi_preloaded.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= c:\progra~1\LENOVO~3\Power2Go\CLMP3Enc.ACM

"msacm.divxa32"= msaud32_divx.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]

path=c:\users\Faustine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk

backup=c:\windows\pss\LenovoWelcome.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

--------- 2007-01-08 20:12 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--------- 2007-11-18 09:47 1006264 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--------- 2007-03-23 12:04 4423680 c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1213650756-4035086020-1559224673-1003]

"EnableNotificationsRef"=dword:00000009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A860998B-2C74-48DC-A8A4-97814B18E37A}"= c:\program files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express

"{A7109B73-7B6A-40DC-B9F2-20C60D58E8EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7ECE7A8-F334-4C40-8415-ED5EAAD68EE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{813C9255-6DAE-4903-8C27-A6485885BA14}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{C7FBC7BB-7398-44EB-A63E-FD1BAFA201D6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{58E7B29E-6B7E-4311-82DB-F95338D60150}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{78B68C9A-EAAD-48AB-9EA7-E255D46A4021}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{DA5AA21F-2424-49B8-AA88-0BC38A29ABA0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{93DF0DEA-2509-47BE-81BA-50686271C1A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{EBA0D531-1C4E-4253-822E-7CE3F98A86D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{4AF67011-306B-4CCB-9EDA-E918FB34742D}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

"{F13CBF6A-9B17-4529-AA2D-C3C0B4AE032D}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2007-02-19 13744]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]

R2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-05-11 54832]

R2 TPHKSVC;Incrustation;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-05-11 55936]

R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-08 569344]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]

S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-04-28 15872]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2007-02-10 29178224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

\shell\AutoRun\command - nsv.bat

\shell\explore\Command - nsv.bat

\shell\open\Command - nsv.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e84c-2b92-11dd-9a61-001dd9f5976e}]

\shell\Auto\command - G:\auto.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5635a4d8-38da-11dd-8587-001dd9f5976e}]

\shell\Autoplay\Command - D:\smss.exe

\shell\AutoRun\command - D:\smss.exe

\shell\Explore\Command - D:\smss.exe

\shell\Open\Command - D:\smss.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd6cfc1-2a03-11dd-9ce0-001dd9f5976e}]

\shell\Auto\command - G:\auto.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\auto.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e07429-7d67-11dd-b592-001dd9f5976e}]

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Mskernel32.vbs

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc19cb7e-141d-11dd-8737-001dd9f5976e}]

\shell\AutoRun\command - nsv.bat

\shell\explore\Command - nsv.bat

\shell\open\Command - nsv.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e34f4e11-6378-11dd-b647-001dd9f5976e}]

\shell\AutoRun\command - D:\nsv.bat

\shell\explore\Command - D:\nsv.bat

\shell\open\Command - D:\nsv.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffea8428-b551-11dd-86d4-001dd9f5976e}]

\shell\AutoRun\command - F:\AutoRunPro.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]

 

2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-10 12:06:46

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(4160)

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\System32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\windows\System32\agrsmsvc.exe

c:\windows\System32\conime.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Lenovo\PM Driver\PMSveH.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

c:\windows\System32\PSIService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Pure Networks\Network Magic\nmsrvc.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\servicing\TrustedInstaller.exe

.

**************************************************************************

.

Heure de fin: 2008-12-10 12:18:57 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-10 11:18:27

 

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Après-CF: 25,032,990,720 octets libres

 

270 --- E O F --- 2008-12-10 09:50:17

[Falkra]

:!: Ce qui suit n'est que pour ta machine, et ta machine seulement.

Ne surtout pas utiliser sur une autre machine : dangereux.

 

Branche tes supports amovibles (clés usb, disques durs externes, etc, notamment ce qui est à la lettre G de ton poste de travail habituellement : enfin tout).

A faire avant ce qui suit. Tes supports sont infectés et peuvent infecter les machines où on les utilise !

 

• Désactive ton antivirus, il peut gêner.
  
• Ouvre le Bloc-notes. Vérifie que dans le menu "Format", le "retour automatique à la ligne" est désactivé. Copie colle ceci dedans :
  

Killall::

 

files::

D:\smss.exe

 

dirlook:

C:\A

 

registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1499e84c-2b92-11dd-9a61-001dd9f5976e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5635a4d8-38da-11dd-8587-001dd9f5976e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cd6cfc1-2a03-11dd-9ce0-001dd9f5976e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82e07429-7d67-11dd-b592-001dd9f5976e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc19cb7e-141d-11dd-8737-001dd9f5976e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e34f4e11-6378-11dd-b647-001dd9f5976e}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffea8428-b551-11dd-86d4-001dd9f5976e}]

• Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
   
  
• Fais un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe comme sur la capture
  

• Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  
• Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
  

 

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là, et réactive ton antivirus.

[gagen]

Merci!

Alors voici le rapport de ComboFix :

 

ComboFix 08-12-09.02 - Faustine 2008-12-10 20:05:21.2 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1180 [GMT 1:00]

Lancé depuis: c:\users\Faustine\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\Faustine\Desktop\CFScript.txt

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

G:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-10 20:12 . 2008-12-10 20:12 <REP> d-------- C:\A

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\Faustine\AppData\Roaming\Malwarebytes

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\users\All Users\Malwarebytes

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\programdata\Malwarebytes

2008-12-08 22:34 . 2008-12-08 22:34 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-08 22:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys

2008-12-08 22:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys

2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\users\All Users\Avira

2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\programdata\Avira

2008-12-08 18:24 . 2008-12-08 18:24 <REP> d-------- c:\program files\Avira

2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- C:\rsit

2008-12-08 10:51 . 2008-12-08 10:51 <REP> d-------- c:\program files\trend micro

2008-12-04 17:14 . 2008-12-04 18:15 <REP> d-------- c:\program files\32 Vegas Casino

2008-11-26 16:31 . 2008-11-26 16:31 <REP> d-------- c:\program files\iPod

2008-11-26 16:31 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll

2008-11-26 16:31 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys

2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30 . 2008-11-26 16:31 <REP> d-------- c:\program files\iTunes

2008-11-26 16:28 . 2008-11-26 16:28 <REP> d-------- c:\program files\Bonjour

2008-11-26 16:22 . 2008-11-26 16:22 <REP> d-------- c:\program files\Apple Software Update

2008-11-26 14:01 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll

2008-11-26 14:01 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll

2008-11-26 14:01 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll

2008-11-26 14:01 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll

2008-11-26 14:01 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll

2008-11-26 14:01 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll

2008-11-26 14:00 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll

2008-11-24 14:32 . 2008-11-26 14:05 54,156 --ah----- c:\windows\QTFont.qfn

2008-11-24 14:32 . 2008-11-24 14:32 1,409 --a------ c:\windows\QTFont.for

2008-11-19 09:33 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll

2008-11-19 09:33 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll

2008-11-19 09:33 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll

2008-11-19 09:33 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll

2008-11-19 09:33 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll

2008-11-19 09:33 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe

2008-11-19 09:33 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll

2008-11-19 09:33 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll

2008-11-19 09:33 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe

2008-11-15 20:02 . 2008-11-24 20:16 <REP> d-------- c:\program files\Everest Poker

2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\PCSuite

2008-11-15 10:07 . 2008-11-15 10:07 <REP> d-------- c:\program files\Common Files\Nokia

2008-11-15 10:01 . 2008-11-26 16:31 <REP> d----c--- c:\windows\System32\DRVSTORE

2008-11-15 10:01 . 2007-09-17 15:53 21,632 --a------ c:\windows\System32\drivers\pccsmcfd.sys

2008-11-15 10:00 . 2008-11-15 10:01 <REP> d-------- c:\program files\PC Connectivity Solution

2008-11-12 21:13 . 2008-09-10 04:25 1,341,440 --a------ c:\windows\System32\msxml6.dll

2008-11-12 21:13 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll

2008-11-12 21:13 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys

2008-11-12 21:13 . 2008-09-10 04:21 2,048 --a------ c:\windows\System32\msxml6r.dll

2008-11-12 21:13 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-10 09:47 --------- d-----w c:\program files\Microsoft SQL Server

2008-11-26 15:30 --------- d-----w c:\program files\Common Files\Apple

2008-11-26 15:27 --------- d-----w c:\program files\QuickTime

2008-11-19 15:56 --------- d-----w c:\users\Faustine\AppData\Roaming\PC Suite

2008-11-15 09:07 --------- d-----w c:\program files\Nokia

2008-11-15 08:45 --------- d-----w c:\programdata\Installations

2008-11-12 11:48 --------- d-----w c:\users\Faustine\AppData\Roaming\Corel

2008-11-10 14:05 --------- d-----w c:\program files\Messenger Plus! Live

2008-11-10 08:52 --------- d-----w c:\program files\Windows Mail

2008-11-03 11:38 --------- d-----w c:\users\Faustine\AppData\Roaming\dvdcss

2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll

2008-07-22 06:56 174 --sha-w c:\program files\desktop.ini

2007-11-18 00:44 1,402,448 ------w c:\users\All Users\pswi_preloaded.exe

2007-11-18 00:44 1,402,448 ------w c:\programdata\pswi_preloaded.exe

.

 

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

---- Directory of C:\A ----

 

c:\a\

 

 

((((((((((((((((((((((((((((( snapshot@2008-12-10_12.16.23.99 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-12-10 11:05:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2008-12-10 19:10:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2008-12-10 11:05:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2008-12-10 19:10:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2008-12-10 11:07:13 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

+ 2008-12-10 19:11:17 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT

- 2008-12-10 11:07:42 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

+ 2008-12-10 19:11:17 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT

- 2008-12-10 11:00:31 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-12-10 17:25:40 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2008-12-10 11:00:31 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-10 17:25:40 32,768 --sh--w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-12-10 11:00:31 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-12-10 17:25:40 16,384 --sh--w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-12-10 11:09:10 10,242 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1213650756-4035086020-1559224673-1003_UserData.bin

+ 2008-12-10 19:13:40 10,290 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1213650756-4035086020-1559224673-1003_UserData.bin

- 2008-12-10 11:09:09 59,430 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-12-10 19:13:39 59,612 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-01-08 536576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.clmp3enc"= c:\progra~1\LENOVO~3\Power2Go\CLMP3Enc.ACM

"msacm.divxa32"= msaud32_divx.acm

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ACGina

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]

path=c:\users\Faustine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk

backup=c:\windows\pss\LenovoWelcome.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

--------- 2007-01-08 20:12 536576 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--------- 2007-11-18 09:47 1006264 c:\program files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--------- 2007-03-23 12:04 4423680 c:\windows\RtHDVCpl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1213650756-4035086020-1559224673-1003]

"EnableNotificationsRef"=dword:00000009

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{A860998B-2C74-48DC-A8A4-97814B18E37A}"= c:\program files\Lenovo Multimedia Center\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express

"{A7109B73-7B6A-40DC-B9F2-20C60D58E8EC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{D7ECE7A8-F334-4C40-8415-ED5EAAD68EE1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{813C9255-6DAE-4903-8C27-A6485885BA14}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{C7FBC7BB-7398-44EB-A63E-FD1BAFA201D6}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{58E7B29E-6B7E-4311-82DB-F95338D60150}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent

"{78B68C9A-EAAD-48AB-9EA7-E255D46A4021}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{DA5AA21F-2424-49B8-AA88-0BC38A29ABA0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{93DF0DEA-2509-47BE-81BA-50686271C1A2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{EBA0D531-1C4E-4253-822E-7CE3F98A86D3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{4AF67011-306B-4CCB-9EDA-E918FB34742D}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

"{F13CBF6A-9B17-4529-AA2D-C3C0B4AE032D}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]

"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

 

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2007-02-19 13744]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]

R2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-05-11 54832]

R2 TPHKSVC;Incrustation;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-05-11 55936]

R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-01-08 569344]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-04-28 15872]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2007-02-10 29178224]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

.

Contenu du dossier 'Tâches planifiées'

 

2008-12-10 c:\windows\Tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job

- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]

 

2008-12-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-10 20:11:24

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- DLLs chargées dans les processus actifs ---------------------

 

- - - - - - - > 'Explorer.exe'(5068)

c:\program files\Pure Networks\Network Magic\nmrsrc.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\System32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\windows\System32\conime.exe

c:\program files\Lenovo\PM Driver\PMSveH.exe

c:\windows\System32\PSIService.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Lenovo\System Update\SUService.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Pure Networks\Network Magic\nmsrvc.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\windows\System32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe

c:\windows\System32\igfxsrvc.exe

.

**************************************************************************

.

Heure de fin: 2008-12-10 20:22:59 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-10 19:22:28

ComboFix2.txt 2008-12-10 11:19:00

 

Avant-CF: 22 763 753 472 octets libres

Après-CF: 22,459,846,656 octets libres

 

248 --- E O F --- 2008-12-10 09:50:17

 

 

 

 

 

 

Et du RSIT :

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Faustine at 2008-12-10 20:33:11

Microsoft® Windows Vista™ Édition Familiale Basique

System drive C: has 21 GB (19%) free of 109 GB

Total RAM: 2038 MB (50% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:33:25, on 10/12/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\conime.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Windows\Explorer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Faustine\Desktop\RSIT.exe

C:\Users\Faustine\Desktop\Faustine.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: Incrustation (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

--

End of file - 10251 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job

C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-18 501384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]

CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-21 796224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]

"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2007-11-18 1006264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2007-03-29 719664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]

C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd [2007-03-15 972]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

ACGina

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2008-12-10 20:23:02 ----A---- C:\ComboFix.txt

2008-12-10 20:08:31 ----D---- C:\Windows\temp

2008-12-10 11:55:03 ----A---- C:\Windows\zip.exe

2008-12-10 11:55:03 ----A---- C:\Windows\VFIND.exe

2008-12-10 11:55:03 ----A---- C:\Windows\SWXCACLS.exe

2008-12-10 11:55:03 ----A---- C:\Windows\SWSC.exe

2008-12-10 11:55:03 ----A---- C:\Windows\SWREG.exe

2008-12-10 11:55:03 ----A---- C:\Windows\sed.exe

2008-12-10 11:55:03 ----A---- C:\Windows\NIRCMD.exe

2008-12-10 11:55:03 ----A---- C:\Windows\grep.exe

2008-12-10 11:55:03 ----A---- C:\Windows\fdsv.exe

2008-12-10 11:54:51 ----D---- C:\Windows\ERDNT

2008-12-10 11:54:51 ----D---- C:\Qoobox

2008-12-08 22:34:40 ----D---- C:\Users\Faustine\AppData\Roaming\Malwarebytes

2008-12-08 22:34:30 ----D---- C:\ProgramData\Malwarebytes

2008-12-08 22:34:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-08 18:44:08 ----A---- C:\Windows\ntbtlog.txt

2008-12-08 18:24:40 ----D---- C:\ProgramData\Avira

2008-12-08 18:24:40 ----D---- C:\Program Files\Avira

2008-12-08 10:51:14 ----D---- C:\Program Files\trend micro

2008-12-08 10:51:12 ----D---- C:\rsit

2008-12-04 17:14:18 ----D---- C:\Program Files\32 Vegas Casino

2008-11-26 16:31:31 ----A---- C:\Windows\system32\GEARAspi.dll

2008-11-26 16:31:03 ----D---- C:\Program Files\iPod

2008-11-26 16:30:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30:55 ----D---- C:\Program Files\iTunes

2008-11-26 16:28:18 ----D---- C:\Program Files\Bonjour

2008-11-26 16:22:29 ----D---- C:\Program Files\Apple Software Update

2008-11-26 14:01:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll

2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

2008-11-26 14:01:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2008-11-26 14:01:36 ----A---- C:\Windows\system32\WindowsCodecs.dll

2008-11-26 14:01:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2008-11-26 14:00:07 ----A---- C:\Windows\system32\connect.dll

2008-11-19 09:33:54 ----A---- C:\Windows\system32\wups2.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wucltux.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wups.dll

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wudriver.dll

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wuapi.dll

2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuapp.exe

2008-11-15 20:03:53 ----A---- C:\log_lobby_dumper.txt

2008-11-15 20:03:53 ----A---- C:\log_lobby.txt

2008-11-15 20:02:29 ----D---- C:\Program Files\Everest Poker

2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files\PCSuite

2008-11-15 10:07:15 ----D---- C:\Program Files\Common Files\Nokia

2008-11-15 10:01:19 ----DC---- C:\Windows\system32\DRVSTORE

2008-11-15 10:00:56 ----D---- C:\Program Files\PC Connectivity Solution

2008-11-12 21:13:53 ----A---- C:\Windows\system32\msxml3.dll

2008-11-12 21:13:52 ----A---- C:\Windows\system32\msxml3r.dll

2008-11-12 21:13:47 ----A---- C:\Windows\system32\msxml6.dll

2008-11-12 21:13:46 ----A---- C:\Windows\system32\msxml6r.dll

 

======List of files/folders modified in the last 1 months======

 

2008-12-10 20:33:12 ----D---- C:\Windows\Prefetch

2008-12-10 20:23:09 ----D---- C:\Windows\system32\drivers

2008-12-10 20:23:09 ----D---- C:\Windows\System32

2008-12-10 20:23:06 ----D---- C:\Windows

2008-12-10 20:14:41 ----SHD---- C:\System Volume Information

2008-12-10 20:13:24 ----A---- C:\Windows\system.ini

2008-12-10 20:11:45 ----A---- C:\Windows\system32\PROCDB.INI

2008-12-10 20:10:59 ----A---- C:\Windows\system32\IPSCtrl.INI

2008-12-10 20:09:21 ----D---- C:\Windows\system32\config

2008-12-10 20:07:39 ----D---- C:\Windows\AppPatch

2008-12-10 20:07:39 ----D---- C:\Program Files\Common Files

2008-12-10 12:01:34 ----D---- C:\SWSHARE

2008-12-10 10:59:41 ----D---- C:\Windows\system32\catroot

2008-12-10 10:59:40 ----D---- C:\Windows\winsxs

2008-12-10 10:59:08 ----D---- C:\Windows\system32\catroot2

2008-12-10 10:50:04 ----SHD---- C:\Windows\Installer

2008-12-10 10:47:57 ----D---- C:\Program Files\Microsoft SQL Server

2008-12-08 22:34:30 ----HD---- C:\ProgramData

2008-12-08 22:34:29 ----RD---- C:\Program Files

2008-12-08 20:53:53 ----D---- C:\Windows\Minidump

2008-12-08 20:53:44 ----SD---- C:\Windows\Downloaded Program Files

2008-11-26 16:30:58 ----D---- C:\Program Files\Common Files\Apple

2008-11-26 16:27:35 ----D---- C:\Program Files\QuickTime

2008-11-26 16:22:35 ----D---- C:\Windows\system32\Tasks

2008-11-26 16:20:59 ----D---- C:\Windows\inf

2008-11-24 14:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-20 17:11:37 ----D---- C:\Windows\rescache

2008-11-20 16:52:04 ----D---- C:\Windows\system32\fr-FR

2008-11-19 16:56:18 ----D---- C:\Users\Faustine\AppData\Roaming\PC Suite

2008-11-15 20:03:14 ----A---- C:\Windows\win.ini

2008-11-15 10:07:09 ----D---- C:\Program Files\Nokia

2008-11-15 09:45:15 ----D---- C:\ProgramData\Installations

2008-11-12 12:48:52 ----D---- C:\Users\Faustine\AppData\Roaming\Corel

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-12-09 75072]

R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 PROCDD;Pilote de support IPS; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]

R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]

R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-01 15872]

R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]

R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-24 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]

R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]

R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-18 82432]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]

R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]

R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-12-24 11264]

S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]

S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]

S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-30 91696]

R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-30 202288]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988]

R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 IPSSVC;Service de base IPS; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080]

R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088]

R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]

R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344]

R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024]

R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-15 11776]

R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-08 644672]

R2 TPHKSVC;Incrustation; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]

R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-21 722496]

R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344]

R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272]

R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

 

-----------------EOF-----------------

 

 

 

Merci beaucoup !!!

[Falkra]

Ta clés usb était infectée (G), elle a pu infecter d'autres machines.

 

Le rapport est ok, est-ce que tu constates encore des symptômes ?

[gagen]

Bonjour !

Oui malheuresement j'ai encore des problèmes !! Avant hier soir, j'ai eu 2 annonces de virus ! Dans des mails, mais je ne sais pas lesquels .

Ca m'a dit : Contient le code suspect : HEUR/HTML.Malware

j'ai mis en quarantaine.

Et Hier qd je reviens d'un entretien, qu'est ce que je vois? Mon email a encore envoyer des faux mails à tous mes contacts !!

C'est dc en rapport ac le virus tjrs là .

Je te renvois un RSIT :

 

 

Logfile of random's system information tool 1.04 (written by random/random)

Run by Faustine at 2008-12-12 10:54:56

Microsoft® Windows Vista™ Édition Familiale Basique

System drive C: has 20 GB (18%) free of 109 GB

Total RAM: 2038 MB (48% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:55:21, on 12/12/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\program files\avira\antivir personaledition classic\avcenter.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Faustine\Desktop\RSIT.exe

C:\Users\Faustine\Desktop\Faustine.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI02DC~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Ouvrir dans WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: System Update (SUService) - - c:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: Incrustation (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

 

--

End of file - 10335 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\User_Feed_Synchronization-{7EF5CC87-B7E2-45CF-82EB-C3E2E5868936}.job

C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-11-18 501384]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F040E541-A427-4CF7-85D8-75E3E0F476C5}]

CPwmIEBrowserHelper Object - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006-12-21 796224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-01-02 166424]

"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2007-03-23 4423680]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

C:\Program Files\Windows Defender\MSASCui.exe [2007-11-18 1006264]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

C:\PROGRA~1\Lenovo\BLUETO~1\BTTray.exe [2007-03-29 719664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Faustine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]

C:\SWTOOLS\LenovoWelcome\LenovoWelcome.cmd [2007-03-15 972]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

ACGina

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2008-12-11 20:36:36 ----A---- C:\Windows\system32\tzres.dll

2008-12-11 20:30:32 ----D---- C:\Windows\SQL9_KB954606_ENU

2008-12-10 20:23:02 ----A---- C:\ComboFix.txt

2008-12-10 20:08:31 ----D---- C:\Windows\temp

2008-12-10 11:55:03 ----A---- C:\Windows\zip.exe

2008-12-10 11:55:03 ----A---- C:\Windows\VFIND.exe

2008-12-10 11:55:03 ----A---- C:\Windows\SWXCACLS.exe

2008-12-10 11:55:03 ----A---- C:\Windows\SWSC.exe

2008-12-10 11:55:03 ----A---- C:\Windows\SWREG.exe

2008-12-10 11:55:03 ----A---- C:\Windows\sed.exe

2008-12-10 11:55:03 ----A---- C:\Windows\NIRCMD.exe

2008-12-10 11:55:03 ----A---- C:\Windows\grep.exe

2008-12-10 11:55:03 ----A---- C:\Windows\fdsv.exe

2008-12-10 11:54:51 ----D---- C:\Windows\ERDNT

2008-12-10 11:54:51 ----D---- C:\Qoobox

2008-12-10 11:06:31 ----A---- C:\Windows\system32\gdi32.dll

2008-12-10 11:06:24 ----A---- C:\Windows\system32\gameux.dll

2008-12-10 11:06:22 ----A---- C:\Windows\system32\Apphlpdm.dll

2008-12-10 11:06:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2008-12-10 11:05:24 ----A---- C:\Windows\system32\shell32.dll

2008-12-10 11:05:09 ----A---- C:\Windows\explorer.exe

2008-12-10 11:05:03 ----A---- C:\Windows\system32\mshtml.dll

2008-12-10 11:05:01 ----A---- C:\Windows\system32\urlmon.dll

2008-12-10 11:05:01 ----A---- C:\Windows\system32\ieframe.dll

2008-12-10 11:04:59 ----A---- C:\Windows\system32\wininet.dll

2008-12-10 11:04:59 ----A---- C:\Windows\system32\mstime.dll

2008-12-10 11:04:59 ----A---- C:\Windows\system32\mshtmled.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\ieui.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\iesetup.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\iertutil.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\iernonce.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\ieapfltr.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\ie4uinit.exe

2008-12-10 11:04:58 ----A---- C:\Windows\system32\icardie.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\dxtrans.dll

2008-12-10 11:04:58 ----A---- C:\Windows\system32\advpack.dll

2008-12-10 11:04:57 ----A---- C:\Windows\system32\pngfilt.dll

2008-12-10 11:04:57 ----A---- C:\Windows\system32\jsproxy.dll

2008-12-10 11:04:57 ----A---- C:\Windows\system32\ieUnatt.exe

2008-12-10 11:04:57 ----A---- C:\Windows\system32\dxtmsft.dll

2008-12-10 11:04:48 ----A---- C:\Windows\system32\WMVCORE.DLL

2008-12-10 11:04:48 ----A---- C:\Windows\system32\mf.dll

2008-12-10 11:04:47 ----A---- C:\Windows\system32\WMNetMgr.dll

2008-12-10 11:04:47 ----A---- C:\Windows\system32\logagent.exe

2008-12-10 11:04:46 ----A---- C:\Windows\system32\rrinstaller.exe

2008-12-10 11:04:46 ----A---- C:\Windows\system32\mfps.dll

2008-12-10 11:04:46 ----A---- C:\Windows\system32\mfpmp.exe

2008-12-10 11:04:46 ----A---- C:\Windows\system32\mferror.dll

2008-12-08 22:34:40 ----D---- C:\Users\Faustine\AppData\Roaming\Malwarebytes

2008-12-08 22:34:30 ----D---- C:\ProgramData\Malwarebytes

2008-12-08 22:34:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-08 18:44:08 ----A---- C:\Windows\ntbtlog.txt

2008-12-08 18:24:40 ----D---- C:\ProgramData\Avira

2008-12-08 18:24:40 ----D---- C:\Program Files\Avira

2008-12-08 10:51:14 ----D---- C:\Program Files\trend micro

2008-12-08 10:51:12 ----D---- C:\rsit

2008-12-04 17:14:18 ----D---- C:\Program Files\32 Vegas Casino

2008-11-26 16:31:31 ----A---- C:\Windows\system32\GEARAspi.dll

2008-11-26 16:31:03 ----D---- C:\Program Files\iPod

2008-11-26 16:30:55 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-26 16:30:55 ----D---- C:\Program Files\iTunes

2008-11-26 16:28:18 ----D---- C:\Program Files\Bonjour

2008-11-26 16:22:29 ----D---- C:\Program Files\Apple Software Update

2008-11-26 14:01:50 ----A---- C:\Windows\system32\PortableDeviceApi.dll

2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceTypes.dll

2008-11-26 14:01:49 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll

2008-11-26 14:01:38 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll

2008-11-26 14:01:36 ----A---- C:\Windows\system32\WindowsCodecs.dll

2008-11-26 14:01:35 ----A---- C:\Windows\system32\WindowsCodecsExt.dll

2008-11-26 14:00:07 ----A---- C:\Windows\system32\connect.dll

2008-11-19 09:33:54 ----A---- C:\Windows\system32\wups2.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wucltux.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-19 09:33:53 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wups.dll

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wudriver.dll

2008-11-19 09:33:27 ----A---- C:\Windows\system32\wuapi.dll

2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-19 09:33:07 ----A---- C:\Windows\system32\wuapp.exe

2008-11-15 20:03:53 ----A---- C:\log_lobby_dumper.txt

2008-11-15 20:03:53 ----A---- C:\log_lobby.txt

2008-11-15 20:02:29 ----D---- C:\Program Files\Everest Poker

2008-11-15 10:07:19 ----D---- C:\Program Files\Common Files\PCSuite

2008-11-15 10:07:15 ----D---- C:\Program Files\Common Files\Nokia

2008-11-15 10:01:19 ----DC---- C:\Windows\system32\DRVSTORE

2008-11-15 10:00:56 ----D---- C:\Program Files\PC Connectivity Solution

 

======List of files/folders modified in the last 1 months======

 

2008-12-12 10:55:12 ----D---- C:\Windows\Prefetch

2008-12-12 10:45:58 ----SHD---- C:\Windows\Installer

2008-12-12 10:44:56 ----D---- C:\Program Files\Microsoft SQL Server

2008-12-12 10:40:55 ----SHD---- C:\System Volume Information

2008-12-12 10:36:55 ----A---- C:\Windows\system32\PROCDB.INI

2008-12-12 10:36:22 ----D---- C:\Windows\System32

2008-12-12 10:36:22 ----A---- C:\Windows\system32\IPSCtrl.INI

2008-12-11 21:06:50 ----D---- C:\SWSHARE

2008-12-11 21:04:43 ----D---- C:\Windows\rescache

2008-12-11 20:49:34 ----D---- C:\Windows\winsxs

2008-12-11 20:49:24 ----D---- C:\Windows\system32\catroot

2008-12-11 20:49:10 ----ASH---- C:\Program Files\desktop.ini

2008-12-11 20:46:00 ----D---- C:\Windows\AppPatch

2008-12-11 20:46:00 ----D---- C:\Program Files\Windows Mail

2008-12-11 20:45:59 ----D---- C:\Windows\system32\fr-FR

2008-12-11 20:45:59 ----D---- C:\Windows

2008-12-11 20:45:57 ----D---- C:\Windows\system32\migration

2008-12-11 20:45:57 ----D---- C:\Program Files\Internet Explorer

2008-12-11 20:37:16 ----D---- C:\Windows\system32\catroot2

2008-12-10 20:23:09 ----D---- C:\Windows\system32\drivers

2008-12-10 20:13:24 ----A---- C:\Windows\system.ini

2008-12-10 20:09:21 ----D---- C:\Windows\system32\config

2008-12-10 20:07:39 ----D---- C:\Program Files\Common Files

2008-12-08 22:34:30 ----HD---- C:\ProgramData

2008-12-08 22:34:29 ----RD---- C:\Program Files

2008-12-08 20:53:53 ----D---- C:\Windows\Minidump

2008-12-08 20:53:44 ----SD---- C:\Windows\Downloaded Program Files

2008-11-26 16:30:58 ----D---- C:\Program Files\Common Files\Apple

2008-11-26 16:27:35 ----D---- C:\Program Files\QuickTime

2008-11-26 16:22:35 ----D---- C:\Windows\system32\Tasks

2008-11-26 16:20:59 ----D---- C:\Windows\inf

2008-11-24 14:30:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-19 16:56:18 ----D---- C:\Users\Faustine\AppData\Roaming\PC Suite

2008-11-15 20:03:14 ----A---- C:\Windows\win.ini

2008-11-15 10:07:09 ----D---- C:\Program Files\Nokia

2008-11-15 09:45:15 ----D---- C:\ProgramData\Installations

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-12-09 75072]

R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]

R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 PROCDD;Pilote de support IPS; C:\Windows\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]

R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]

R3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\Windows\system32\drivers\bfturboh.sys [2007-08-01 15872]

R3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]

R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]

R3 btwaudio;Périphérique audio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664]

R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432]

R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-12-24 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-03-26 1761696]

R3 NETw3v32;Pilote de carte réseau Intel® PRO/Wireless 3945ABG pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]

R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2006-09-13 28224]

R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-11-18 82432]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]

R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]

R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2007-12-24 11264]

S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2006-11-02 45696]

S3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]

S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2006-11-02 40448]

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2006-11-02 93184]

S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]

S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2006-11-02 52608]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2007-10-31 30464]

S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-30 91696]

R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-30 202288]

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988]

R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 IPSSVC;Service de base IPS; C:\Windows\system32\IPSSVC.EXE [2007-01-30 108080]

R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]

R2 nmservice;Pure Networks Network Magic Service; C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe [2007-03-14 321088]

R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 554352]

R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2007-03-16 57344]

R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024]

R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

R2 SQLWriter;Enregistreur VSS SQL Server; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]

R2 SUService;System Update; c:\Program Files\Lenovo\System Update\SUService.exe [2006-12-15 11776]

R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-08 644672]

R2 TPHKSVC;Incrustation; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]

R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-12-21 722496]

R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344]

R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272]

R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208]

R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]

R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]

S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-26 2999664]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]

S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2007-03-14 12800]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

 

-----------------EOF-----------------

 

 

 

Voili voilou, je ne sais que faire !!Merci d'avance !

[Falkra]

• Fais un scan en ligne Kaspersky, en utilisant Internet Explorer.
  
• Clique sur Accept
  
• Patiente le temps d'installation du Webscanner.
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis de le faire vers le bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie-colle ce rapport dans ta prochaine réponse.