Votre question

Redirection des pages Google...virus ? RESOLU

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Février 2009 13:49:53

Bonjour,

Depuis 3 jours j'observe un comportement erratique de mon PC:

- Lors du click, redirection des liens Google obtenus suite à recherche vers des pages sans aucun rapport
- Gels intempestifs de ma connexion réseau
- Crashs sporadiques du process système "svchost.exe"

Ceci après avoir été dirigé une première fois vers un site plein popups, donc je soupconne l'installation sur mon PC d'un malware.

Un scan de mon anti-virus (McAfee) n'indique rien de particulier.

Quelqu'un peut-il m'aider ?

Merci d'avance.

-Sho

Autres pages sur : redirection pages google virus resolu

a c 296 8 Sécurité
20 Février 2009 14:43:57

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.
    20 Février 2009 15:05:07

    Destrio5 a dit :
    Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : les rapports sont sauvegardés dans le dossier C:\rsit\.



  • Bonjour,

    Merci de la réaction rapide.
    Voici le résultat de la manip:

    Log.txt:
    ======

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by ceccald2 at 2009-02-20 14:58:38
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 26 GB (66%) free of 40 GB
    Total RAM: 1992 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:58:40, on 20/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\IPSec Client\LucentIKESvc.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\IPSec Client\LucentIKE.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\WINNT\system32\igfxtray.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\System32\TPHDEXLG.exe
    C:\WINNT\system32\igfxpers.exe
    C:\WINNT\system32\TpKmpSVC.exe
    C:\WINNT\system32\igfxsrvc.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\WINNT\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\WINNT\system32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\IPSec Client\trayicon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\system32\svchost.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Setup Programs\RSIT.exe
    C:\Program Files\HiJackThis\ceccald2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://all.alcatel-lucent.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://all.alcatel-lucent.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
    O15 - Trusted Zone: http://*.alcatel-lucent.com
    O15 - Trusted Zone: http://*.alcatel.com
    O15 - Trusted Zone: http://*.lucent.com
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://usdals908.ad3.ad.alcatel.com/sales_enu/16279/ap...
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://usdals908.ad3.ad.alcatel.com/sales_enu/16279/ap...
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework....
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.lucent.com
    O17 - HKLM\Software\..\Telephony: DomainName = emea.lucent.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.lucent.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

    --
    End of file - 13591 bytes

    ======Scheduled tasks folder======

    C:\WINNT\tasks\PMTask.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-10 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
    "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
    "Outlook2003_conf"=C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe [2008-09-12 127219]
    "Ptipbmf"=C:\WINNT\system32\ptipbmf.dll [2003-06-20 118784]
    "IgfxTray"=C:\WINNT\system32\igfxtray.exe [2008-10-13 150040]
    "HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2008-10-13 178712]
    "Persistence"=C:\WINNT\system32\igfxpers.exe [2008-10-13 150040]
    "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
    "ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-08-15 425984]
    "ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
    ""= []
    "TpShocks"=C:\WINNT\system32\TpShocks.exe [2008-06-06 181536]
    "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-07-29 242976]
    "TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
    "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
    "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
    "TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
    "LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-09 165208]
    "LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-09 124248]
    "McAfee Host Intrusion Prevention Tray"=C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-07-17 963904]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
    "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
    "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-11-21 3297280]
    "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-10 39408]

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    IPSecClient Icon.lnk - C:\Program Files\IPSec Client\trayicon.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
    C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-08-15 32768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINNT\system32\igfxdev.dll [2008-09-11 217088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "notification packages"=scecli
    ACGina

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "legalnoticecaption"=
    "legalnoticetext"=

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "Btn_Back"=0
    "Btn_Forward"=0
    "Btn_Stop"=0
    "Btn_Refresh"=0
    "Btn_Home"=0
    "Btn_Search"=0
    "Btn_History"=0
    "Btn_Favorites"=0
    "Btn_Media"=0
    "Btn_Folders"=0
    "Btn_Fullscreen"=0
    "Btn_Tools"=0
    "Btn_MailNews"=0
    "Btn_Size"=0
    "Btn_Print"=0
    "Btn_Edit"=0
    "Btn_Discussions"=0
    "Btn_Cut"=0
    "Btn_Copy"=0
    "Btn_Paste"=0
    "Btn_Encoding"=0
    "Btn_PrintPreview"=0
    "NoActiveDesktop"=0
    "NoActiveDesktopChanges"=0
    "NoDesktop"=0
    "NoFavoritesMenu"=0
    "NoFind"=0
    "NoRun"=0
    "NoSetActiveDesktop"=0
    "NoWindowsUpdate"=0
    "NoFolderOptions"=0
    "NoLogoff"=0
    "NoClose"=0
    "NoSetFolders"=0
    "NoTrayContextMenu"=0
    "NoViewContextMenu"=0
    "EnforceShellExtensionSecurity"=0
    "NoDrives"=0
    "NoDeletePrinter"=0
    "NoAddPrinter"=0
    "NoPrinterTabs"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoToolbarCustomize"=
    "NoBandCustomize"=
    "NoSMConfigurePrograms"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

    ======List of files/folders created in the last 1 months======

    2009-02-20 14:54:16 ----D---- C:\rsit
    2009-02-20 13:26:16 ----D---- C:\Program Files\Process Explorer
    2009-02-20 13:13:10 ----D---- C:\Program Files\InfoPC
    2009-02-20 13:13:02 ----N---- C:\WINNT\Setup1.exe
    2009-02-20 13:13:01 ----A---- C:\WINNT\ST6UNST.EXE
    2009-02-20 12:44:16 ----A---- C:\WINNT\system32\HIPIS0e0015b.dll
    2009-02-19 12:48:15 ----D---- C:\Program Files\HiJackThis
    2009-02-19 12:21:57 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-19 12:21:53 ----D---- C:\Program Files\SpywareBlaster
    2009-02-19 10:03:02 ----HDC---- C:\WINNT\$NtUninstallKB951748$
    2009-02-19 10:02:18 ----D---- C:\Program Files\BeClean
    2009-02-19 10:01:59 ----HDC---- C:\WINNT\$NtUninstallKB951698$
    2009-02-19 10:01:38 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
    2009-02-19 10:01:17 ----HDC---- C:\WINNT\$NtUninstallKB950762$
    2009-02-19 10:00:56 ----HDC---- C:\WINNT\$NtUninstallKB950760$
    2009-02-19 09:59:37 ----HDC---- C:\WINNT\$NtUninstallKB950974$
    2009-02-19 09:58:12 ----HDC---- C:\WINNT\$NtUninstallKB952954$
    2009-02-19 09:57:15 ----HDC---- C:\WINNT\$NtUninstallKB951066$
    2009-02-18 21:05:00 ----D---- D:\Documents and Settings\ceccald2\Application Data\Sonic
    2009-02-18 21:04:54 ----D---- D:\Documents and Settings\ceccald2\Application Data\Leadertech
    2009-02-18 10:10:48 ----D---- D:\Documents and Settings\ceccald2\Application Data\TotalRecorder
    2009-02-18 10:10:10 ----D---- C:\Program Files\HighCriteria
    2009-02-18 10:10:10 ----A---- C:\WINNT\system32\DrvTrNTl.dll
    2009-02-18 10:10:09 ----A---- C:\WINNT\system32\DrvTrNTm.dll
    2009-02-18 09:21:14 ----D---- C:\Program Files\Microsoft Common
    2009-02-18 09:20:05 ----D---- C:\Quarantine
    2009-02-18 08:14:21 ----A---- C:\WINNT\SmAudio.INI
    2009-02-18 01:02:41 ----A---- C:\WINNT\system32\TweakUI.exe
    2009-02-17 15:46:07 ----D---- D:\Documents and Settings\ceccald2\Application Data\pokerth
    2009-02-17 15:44:48 ----D---- C:\Program Files\PokerTH
    2009-02-17 07:52:27 ----D---- C:\Program Files\RadarSync
    2009-02-17 07:48:40 ----D---- C:\Program Files\Common Files\Download Manager
    2009-02-17 07:41:02 ----D---- C:\Program Files\Setup Programs
    2009-02-17 07:03:46 ----D---- D:\Documents and Settings\ceccald2\Application Data\Windows Search
    2009-02-17 06:37:23 ----D---- C:\WINNT\system32\libmp3lame-3.98.2
    2009-02-17 06:33:50 ----D---- C:\Program Files\Audacity
    2009-02-15 18:06:56 ----D---- D:\Documents and Settings\ceccald2\Application Data\Sun
    2009-02-15 18:06:56 ----D---- C:\WINNT\Sun
    2009-02-12 10:33:22 ----A---- C:\WINNT\hpbafd.ini
    2009-02-11 19:09:27 ----A---- C:\WINNT\IE4 Error Log.txt
    2009-02-11 17:21:21 ----D---- D:\Documents and Settings\ceccald2\Application Data\Real
    2009-02-10 23:59:45 ----D---- C:\Program Files\AC3Filter
    2009-02-10 23:52:47 ----D---- C:\Program Files\GSpot
    2009-02-10 23:33:56 ----D---- C:\Program Files\e-Carte Bleue Société Générale
    2009-02-10 23:18:20 ----D---- D:\Documents and Settings\ceccald2\Application Data\GrabIt
    2009-02-10 22:21:31 ----D---- D:\Documents and Settings\ceccald2\Application Data\DivX
    2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxinsi64.exe
    2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxinsa64.exe
    2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxhpinst.exe
    2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxcpyi64.exe
    2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxcpya64.exe
    2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxafs.dll
    2009-02-10 22:07:35 ----D---- C:\Program Files\DivX
    2009-02-10 21:01:38 ----D---- C:\Program Files\Holdem Indicator
    2009-02-10 20:53:19 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2009-02-10 20:42:53 ----D---- C:\Program Files\PokerStars
    2009-02-10 17:59:20 ----HDC---- C:\WINNT\$NtUninstallKB958215$
    2009-02-10 17:00:35 ----HDC---- C:\WINNT\$NtUninstallKB954600$
    2009-02-10 16:59:58 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
    2009-02-10 16:59:19 ----HDC---- C:\WINNT\$NtUninstallKB956802$
    2009-02-10 15:08:43 ----HDC---- C:\WINNT\$NtUninstallKB960714$
    2009-02-10 15:07:30 ----HDC---- C:\WINNT\$NtUninstallKB938464$
    2009-02-10 15:05:15 ----HDC---- C:\WINNT\$NtUninstallKB954154_WM11$
    2009-02-10 15:01:33 ----HDC---- C:\WINNT\$NtUninstallKB955069$
    2009-02-10 15:01:06 ----D---- C:\Program Files\MSXML 4.0
    2009-02-10 15:00:24 ----HDC---- C:\WINNT\$NtUninstallKB957097$
    2009-02-10 14:59:24 ----HDC---- C:\WINNT\$NtUninstallKB954459$
    2009-02-10 14:36:49 ----D---- C:\Program Files\QuickPar
    2009-02-10 14:27:01 ----D---- C:\Program Files\GrabIt
    2009-02-10 14:20:03 ----D---- D:\Documents and Settings\ceccald2\Application Data\profile
    2009-02-10 14:19:50 ----D---- C:\Program Files\Robocopy
    2009-02-10 13:08:13 ----D---- D:\Documents and Settings\ceccald2\Application Data\Google
    2009-02-10 13:07:43 ----D---- D:\Documents and Settings\All Users\Application Data\Google
    2009-02-10 13:04:27 ----D---- C:\Program Files\Google
    2009-02-10 13:02:43 ----D---- D:\Documents and Settings\ceccald2\Application Data\Macromedia
    2009-02-10 13:02:38 ----D---- D:\Documents and Settings\ceccald2\Application Data\Adobe
    2009-02-10 12:49:13 ----A---- C:\WINNT\system32\hidserv.dll
    2009-02-10 12:18:29 ----HDC---- C:\WINNT\$NtUninstallKB958687$
    2009-02-10 12:16:55 ----HDC---- C:\WINNT\$NtUninstallKB954211$
    2009-02-10 12:16:27 ----HDC---- C:\WINNT\$NtUninstallKB956841$
    2009-02-10 12:15:53 ----HDC---- C:\WINNT\$NtUninstallKB956803$
    2009-02-10 12:15:53 ----HD---- C:\WINNT\$hf_mig$
    2009-02-10 12:05:20 ----SHD---- C:\RECYCLER
    2009-02-10 12:03:29 ----D---- D:\Documents and Settings\ceccald2\Application Data\Windows Desktop Search
    2009-02-10 12:03:23 ----D---- D:\Documents and Settings\ceccald2\Application Data\Lenovo
    2009-02-10 12:02:26 ----D---- D:\Documents and Settings\ceccald2\Application Data\Apple Computer
    2009-02-10 12:01:16 ----A---- C:\FRVELN0L015104-secu.txt
    2009-02-09 16:47:31 ----SD---- D:\Documents and Settings\ceccald2\Application Data\Microsoft
    2009-02-09 16:47:31 ----D---- D:\Documents and Settings\ceccald2\Application Data\Intel
    2009-02-09 16:47:31 ----D---- D:\Documents and Settings\ceccald2\Application Data\Identities
    2009-02-09 16:47:31 ----ASH---- D:\Documents and Settings\ceccald2\Application Data\desktop.ini
    2009-02-09 16:30:50 ----D---- C:\Program Files\SMS Packages
    2009-01-26 20:18:22 ----SHD---- C:\WINNT\CSC
    2009-01-26 20:16:46 ----D---- C:\WINNT\SchCache
    2009-01-26 20:11:02 ----D---- D:\Documents and Settings\All Users\Application Data\InstallShield
    2009-01-26 20:11:02 ----A---- C:\WINNT\WININIT.INI
    2009-01-26 20:10:59 ----D---- C:\Program Files\Common Files\SureThing Shared
    2009-01-26 20:10:32 ----D---- C:\Program Files\Sonic
    2009-01-26 20:10:30 ----D---- C:\Program Files\Common Files\Sonic Shared
    2009-01-26 20:09:43 ----D---- C:\Icons
    2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeW7.dll
    2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizePX.dll
    2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeP6.dll
    2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeM6.dll
    2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeA6.dll
    2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresize.dll
    2009-01-26 20:07:42 ----D---- C:\Program Files\InterVideo
    2009-01-26 20:07:31 ----D---- C:\Program Files\Common Files\InterVideo
    2009-01-26 20:05:29 ----A---- C:\WINNT\system32\TDDL.dll
    2009-01-26 20:04:01 ----D---- D:\Documents and Settings\All Users\Application Data\Lenovo
    2009-01-26 20:02:54 ----N---- C:\WINNT\PWMBTHLP.EXE
    2009-01-26 20:02:28 ----RA---- C:\WINNT\system32\tpinspm.dll
    2009-01-26 20:02:28 ----RA---- C:\WINNT\system32\ibmpmsvc.exe
    2009-01-26 20:02:05 ----A---- C:\WINNT\system32\TpKmpSvc.exe
    2009-01-26 20:01:40 ----N---- C:\WINNT\system32\ahlprun.exe
    2009-01-26 20:01:40 ----A---- C:\WINNT\system32\msxml4r.dll
    2009-01-26 20:01:40 ----A---- C:\WINNT\system32\msxml4a.dll
    2009-01-26 20:01:38 ----D---- C:\Program Files\ThinkVantage
    2009-01-26 19:59:16 ----A---- C:\WINNT\system32\btw_ci.dll
    2009-01-26 19:53:39 ----A---- C:\WINNT\system32\tvt_gina_api.dll
    2009-01-26 19:53:39 ----A---- C:\WINNT\system32\tvt_gina.dll
    2009-01-26 19:53:39 ----A---- C:\WINNT\system32\MFC71u.dll
    2009-01-26 19:53:39 ----A---- C:\WINNT\system32\MFC71.dll
    2009-01-26 19:53:34 ----D---- C:\Program Files\ThinkPad
    2009-01-26 19:53:11 ----A---- C:\WINNT\system32\EEPROMInfo.ini
    2009-01-26 19:53:00 ----A---- C:\WINNT\system32\pmemW.dll
    2009-01-26 19:53:00 ----A---- C:\WINNT\ibmnames.ini
    2009-01-26 19:52:59 ----A---- C:\WINNT\system32\IBMasstW.dll
    2009-01-26 19:52:59 ----A---- C:\WINNT\system32\i2cW.dll
    2009-01-26 19:51:46 ----A---- C:\WINNT\system32\UCI32M27.dll
    2009-01-26 19:51:46 ----A---- C:\WINNT\system32\mdmxsdk.dll
    2009-01-26 19:47:35 ----D---- C:\Program Files\Ericsson
    2009-01-26 19:46:44 ----A---- C:\WINNT\system32\NETw5r32.dll
    2009-01-26 19:46:44 ----A---- C:\WINNT\system32\NETw5c32.dll
    2009-01-26 19:46:38 ----D---- D:\Documents and Settings\All Users\Application Data\Intel
    2009-01-26 19:46:38 ----D---- C:\Program Files\Common Files\Intel
    2009-01-26 19:46:37 ----D---- C:\Program Files\Intel
    2009-01-26 19:45:51 ----D---- C:\Program Files\Synaptics
    2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynTPCo4.dll
    2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynTPAPI.dll
    2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynCtrl.dll
    2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynCOM.dll
    2009-01-26 19:45:49 ----D---- C:\Program Files\Common Files\InstallShield
    2009-01-26 19:44:56 ----D---- C:\Program Files\Lenovo
    2009-01-26 19:43:21 ----D---- C:\Program Files\CONEXANT
    2009-01-26 19:43:20 ----A---- C:\WINNT\system32\ksuser.dll
    2009-01-26 19:42:52 ----N---- C:\WINNT\system32\UCI32A31.dll
    2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\igfxext.exe
    2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\igfxexps.dll
    2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\igfxCoIn_v4990.dll
    2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\ig4icd32.dll
    2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\ig4dev32.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igxpdx32.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igxpdv32.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxtray.exe
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxsrvc.exe
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxsrvc.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxress.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxpph.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxpers.exe
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxdo.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxdev.dll
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxcfg.exe
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\hkcmd.exe
    2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\hccutils.dll
    2009-01-26 19:40:49 ----RA---- C:\WINNT\system32\igxprd32.dll
    2009-01-26 19:40:49 ----RA---- C:\WINNT\system32\igxpgd32.dll
    2009-01-26 19:40:45 ----D---- C:\WINNT\system32\Lang
    2009-01-26 19:40:45 ----A---- C:\WINNT\system32\difxapi.dll
    2009-01-26 19:40:44 ----RA---- C:\WINNT\system32\igxpun.exe
    2009-01-26 19:34:17 ----D---- C:\Program Files\DIFX
    2009-01-26 19:33:48 ----D---- C:\WINNT\system32\ReinstallBackups
    2009-01-26 19:33:46 ----DC---- C:\WINNT\system32\DRVSTORE
    2009-01-26 19:28:41 ----A---- C:\WINNT\system32\setupcl.exe
    2009-01-26 18:26:07 ----SHD---- C:\System Volume Information
    2009-01-26 13:30:38 ----D---- C:\WINNT\system32\VPCache
    2009-01-26 13:18:34 ----D---- C:\WINNT\ms
    2009-01-26 13:15:35 ----A---- C:\WINNT\system32\POWERDOWN.vbs
    2009-01-26 13:14:55 ----A---- C:\WINNT\the_end.exe
    2009-01-26 13:14:38 ----D---- C:\WINNT\system32\SoftwareDistribution
    2009-01-26 13:14:38 ----A---- C:\WINNT\system32\wups2.dll
    2009-01-26 13:14:38 ----A---- C:\WINNT\system32\wucltui.dll.mui
    2009-01-26 13:14:38 ----A---- C:\WINNT\system32\wuaueng.dll.mui
    2009-01-26 13:14:37 ----A---- C:\WINNT\system32\wuapi.dll.mui
    2009-01-26 12:53:15 ----D---- C:\WINNT\system32\CCM
    2009-01-26 12:53:04 ----D---- C:\WINNT\system32\ccmsetup
    2009-01-26 12:51:45 ----A---- C:\WINNT\system32\KevlarSigs.dll
    2009-01-26 12:51:45 ----A---- C:\WINNT\system32\HcSvc.dll
    2009-01-26 12:51:45 ----A---- C:\WINNT\system32\HcSql.dll
    2009-01-26 12:51:45 ----A---- C:\WINNT\system32\HcApi.dll
    2009-01-26 12:51:36 ----A---- C:\WINNT\system32\mfehida.dll
    2009-01-26 12:51:36 ----A---- C:\WINNT\system32\hipqa.dll
    2009-01-26 12:51:22 ----D---- C:\Program Files\Common Files\McAfee Inc
    2009-01-26 12:50:52 ----A---- C:\WINNT\IE.exe
    2009-01-26 12:50:52 ----A---- C:\WINNT\DOTNET.exe
    2009-01-26 12:45:30 ----D---- C:\Program Files\Alcatel
    2009-01-26 12:42:38 ----D---- C:\Program Files\Common Files\Research In Motion
    2009-01-26 12:42:37 ----D---- C:\Program Files\Research In Motion
    2009-01-26 12:41:52 ----D---- C:\Program Files\VPNLOGINSCRIPT
    2009-01-26 12:41:52 ----A---- C:\WINNT\system32\RunAsDOS.exe
    2009-01-26 12:41:52 ----A---- C:\UNWISE.EXE
    2009-01-26 12:40:59 ----A---- C:\WINNT\HPMProp.INI
    2009-01-26 12:40:31 ----D---- D:\Documents and Settings\All Users\Application Data\Hewlett-Packard
    2009-01-26 12:40:05 ----A---- C:\WINNT\system32\hpmtp081.dll
    2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmpw081.dll
    2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmpm081.dll
    2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmml081.dll
    2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmja081.dll
    2009-01-26 12:40:03 ----A---- C:\WINNT\system32\HPMNQUE.DLL
    2009-01-26 12:40:03 ----A---- C:\WINNT\system32\HPMNNDPS.DLL
    2009-01-26 12:40:03 ----A---- C:\WINNT\system32\hpcpn081.dll
    2009-01-26 12:40:03 ----A---- C:\WINNT\system32\fxcompchannel.dll
    2009-01-26 12:39:48 ----D---- C:\Program Files\rasphone_PBK
    2009-01-26 12:35:20 ----A---- C:\WINNT\uninstalllucentclient.exe
    2009-01-26 12:35:20 ----A---- C:\WINNT\system32\luinst.dll
    2009-01-26 12:35:20 ----A---- C:\WINNT\system32\enterr.dll
    2009-01-26 12:35:19 ----D---- C:\Program Files\IPSec Client
    2009-01-26 12:35:13 ----D---- C:\Local_installation_source
    2009-01-26 12:32:09 ----A---- C:\WINNT\system32\WMErrFRA.dll
    2009-01-26 12:32:08 ----D---- C:\WINNT\system32\1036
    2009-01-26 12:30:46 ----A---- C:\ag_FRVELN0L015104.ini
    2009-01-26 12:29:57 ----A---- C:\VSFRVELN0L015104.ini

    ======List of files/folders modified in the last 1 months======

    2009-02-20 14:44:42 ----D---- C:\WINNT\Temp
    2009-02-20 13:56:59 ----D---- C:\WINNT\system32
    2009-02-20 13:26:21 ----RD---- C:\Program Files
    2009-02-20 13:21:18 ----D---- C:\WINNT\system32\CatRoot2
    2009-02-20 13:16:38 ----D---- C:\WINNT\system32\drivers
    2009-02-20 13:13:27 ----D---- C:\WINNT
    2009-02-20 12:47:49 ----A---- C:\WINNT\system32\PerfStringBackup.INI
    2009-02-20 12:44:43 ----A---- C:\WINNT\smscfg.ini
    2009-02-20 12:43:40 ----D---- C:\Temp
    2009-02-20 12:42:08 ----A---- C:\WINNT\SchedLgU.Txt
    2009-02-19 22:08:30 ----A---- C:\WINNT\win.ini
    2009-02-19 21:53:51 ----D---- C:\WINNT\Prefetch
    2009-02-19 18:09:08 ----D---- C:\WINNT\security
    2009-02-19 16:24:37 ----SD---- C:\WINNT\Downloaded Program Files
    2009-02-19 16:24:03 ----RSHDC---- C:\WINNT\system32\dllcache
    2009-02-19 12:52:22 ----D---- C:\WINNT\system32\FxsTmp
    2009-02-19 10:05:33 ----D---- C:\WINNT\inf
    2009-02-19 10:02:02 ----A---- C:\WINNT\imsins.BAK
    2009-02-19 10:00:17 ----SHD---- C:\WINNT\Installer
    2009-02-18 14:27:19 ----D---- C:\Program Files\Microsoft Office Communicator
    2009-02-18 09:30:18 ----D---- C:\drivers
    2009-02-18 03:01:49 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-02-17 07:48:40 ----D---- C:\Program Files\Common Files
    2009-02-17 07:10:57 ----D---- C:\WINNT\SoftwareDistribution
    2009-02-12 15:09:21 ----D---- C:\WINNT\system32\wbem
    2009-02-11 02:27:50 ----RSD---- C:\WINNT\Fonts
    2009-02-11 02:11:03 ----D---- C:\Program Files\Microsoft ActiveSync
    2009-02-10 20:26:35 ----D---- C:\WINNT\Help
    2009-02-10 15:07:30 ----D---- C:\WINNT\WinSxS
    2009-02-10 12:58:04 ----D---- C:\Program Files\NetMeeting
    2009-02-09 17:26:20 ----D---- D:\Documents and Settings\ceccald2\Application Data\Mozilla
    2009-02-09 17:26:17 ----D---- D:\Documents and Settings\ceccald2\Application Data\Notes
    2009-01-26 20:21:24 ----A---- C:\WINNT\IE55UserRightsDeployment.txt
    2009-01-26 20:21:23 ----HD---- C:\WINNT\msdownld.tmp
    2009-01-26 20:21:23 ----A---- C:\WINNT\Active Setup Log.txt
    2009-01-26 20:21:17 ----D---- C:\WINNT\Cursors
    2009-01-26 20:02:59 ----SD---- C:\WINNT\Tasks
    2009-01-26 20:02:54 ----D---- C:\WINNT\Media
    2009-01-26 19:59:16 ----SD---- C:\WINNT\system32\Microsoft
    2009-01-26 19:27:33 ----A---- C:\WINNT\setuplog.txt
    2009-01-26 18:26:58 ----D---- C:\WINNT\Registration
    2009-01-26 18:25:50 ----D---- C:\WINNT\repair
    2009-01-26 13:21:15 ----HD---- C:\WINNT\system32\GroupPolicy
    2009-01-26 13:14:24 ----D---- C:\WINNT\system32\Restore
    2009-01-26 12:52:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-01-26 12:51:40 ----D---- D:\Documents and Settings\All Users\Application Data\McAfee
    2009-01-26 12:51:22 ----D---- C:\Program Files\McAfee
    2009-01-26 12:51:06 ----D---- C:\Program Files\Microsoft Office
    2009-01-26 12:50:35 ----D---- C:\Program Files\Userguides
    2009-01-26 12:50:30 ----D---- C:\Program Files\IEsettings_10
    2009-01-26 12:44:23 ----A---- C:\WINNT\ODBC.INI
    2009-01-26 12:43:50 ----D---- C:\WINNT\system
    2009-01-26 12:39:48 ----D---- C:\WINNT\system32\ras
    2009-01-26 12:38:39 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
    2009-01-26 12:34:31 ----RASH---- C:\boot.ini
    2009-01-26 12:33:22 ----D---- C:\WINNT\mui
    2009-01-26 12:32:12 ----D---- C:\WINNT\pchealth
    2009-01-26 12:32:10 ----D---- C:\Program Files\Windows Media Player
    2009-01-26 12:32:06 ----D---- C:\WINNT\system32\oobe
    2009-01-26 12:32:05 ----D---- C:\Program Files\Common Files\System
    2009-01-26 12:32:04 ----D---- C:\WINNT\system32\CatRoot
    2009-01-26 12:32:04 ----D---- C:\WINNT\AppPatch
    2009-01-26 12:31:44 ----A---- C:\WINNT\system.ini
    2009-01-26 12:31:39 ----A---- C:\WINNT\keyb.txt

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ANC;ANC; C:\WINNT\System32\drivers\ANC.SYS [2008-08-15 11520]
    R1 FireTDI;McAfee HIP Component FireTDI; \??\C:\WINNT\system32\Drivers\FireTDI.sys []
    R1 IBMTPCHK;IBMTPCHK; \??\C:\WINNT\system32\Drivers\IBMBLDID.sys []
    R1 intelppm;Intel Processor Driver; C:\WINNT\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2008-04-28 205608]
    R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
    R1 mfetdik;McAfee Inc. mfetdik; C:\WINNT\system32\drivers\mfetdik.sys [2008-04-28 55112]
    R1 nfr.sys;nfr.sys; \??\C:\WINNT\system32\drivers\nfr.sys []
    R1 Smapint;Smapint; C:\WINNT\System32\drivers\Smapint.sys [2006-10-02 14848]
    R1 TDSMAPI;TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
    R1 TPHKDRV;TPHKDRV; C:\WINNT\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
    R1 TPPWRIF;TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [2008-07-28 4442]
    R1 TSMAPIP;TSMAPIP; C:\WINNT\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINNT\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
    R2 I2C;I2C; \??\C:\WINNT\system32\wbem\agent\ci\i2cnt.sys []
    R2 mdmxsdk;mdmxsdk; C:\WINNT\system32\DRIVERS\mdmxsdk.sys [2008-07-11 12672]
    R2 PMEM;PMEM; \??\C:\WINNT\system32\wbem\agent\ci\pmemnt.sys []
    R2 s24trans;WLAN Transport; C:\WINNT\system32\DRIVERS\s24trans.sys [2008-08-04 11904]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    R3 btaudio;Bluetooth Audio Device; C:\WINNT\system32\drivers\btaudio.sys [2008-05-30 534568]
    R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINNT\system32\DRIVERS\btport.sys [2008-02-04 37160]
    R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINNT\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
    R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINNT\System32\Drivers\btwusb.sys [2008-08-19 47272]
    R3 CmBatt;Microsoft AC Adapter Driver; C:\WINNT\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINNT\system32\DRIVERS\e1y5132.sys [2008-06-13 243856]
    R3 FirehkMP;FirehkMP; C:\WINNT\system32\DRIVERS\firehk.sys [2008-04-29 42056]
    R3 firelm01;firelm01; \??\C:\WINNT\system32\drivers\firelm01.sys []
    R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINNT\system32\drivers\CHDAud.sys [2007-12-18 732160]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINNT\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
    R3 HECI;Intel(R) Management Engine Interface; C:\WINNT\system32\DRIVERS\HECI.sys [2008-07-11 40832]
    R3 hidusb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 HIPK;McAfee Inc. HIPK; C:\WINNT\system32\drivers\HIPK.sys [2008-04-28 100104]
    R3 HIPPSK;McAfee Inc. HIPPSK; C:\WINNT\system32\drivers\HIPPSK.sys [2008-04-28 30856]
    R3 HIPQK;McAfee Inc. HIPQK; C:\WINNT\system32\drivers\HIPQK.sys [2008-04-28 27976]
    R3 HSF_DPV;HSF_DPV; C:\WINNT\system32\DRIVERS\HSF_DPV.sys [2008-07-11 985472]
    R3 HSFHWAZL;HSFHWAZL; C:\WINNT\system32\DRIVERS\HSFHWAZL.sys [2008-07-11 210560]
    R3 ialm;ialm; C:\WINNT\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
    R3 IBMPMDRV;IBMPMDRV; C:\WINNT\system32\DRIVERS\ibmpmdrv.sys [2008-03-31 23720]
    R3 LuIPSec;Alcatel-Lucent VPN Miniport; C:\WINNT\system32\DRIVERS\luipsec.sys [2008-02-20 320768]
    R3 mfeapfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeapfk.sys [2008-01-24 64232]
    R3 mfeavfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeavfk.sys [2008-01-24 72936]
    R3 mfebopk;McAfee Inc.; C:\WINNT\system32\drivers\mfebopk.sys [2008-01-24 33960]
    R3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
    R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINNT\system32\DRIVERS\NETw5x32.sys [2008-08-29 3632384]
    R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    R3 prepdrvr;SMS Process Event Driver; \??\C:\WINNT\system32\CCM\prepdrv.sys []
    R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINNT\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
    R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2004-08-04 5888]
    R3 SynTP;Synaptics TouchPad Driver; C:\WINNT\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
    R3 TotRec7;Total Recorder WDM audio driver; C:\WINNT\system32\drivers\TotRec7.sys [2008-04-17 120472]
    R3 tpm;tpm; C:\WINNT\system32\DRIVERS\tpm.sys [2008-07-11 13824]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2008-07-11 731264]
    S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINNT\system32\DRIVERS\e1k5132.sys [2008-07-22 144992]
    S3 Firehk;McAfee NDIS Intermediate Filter; C:\WINNT\system32\DRIVERS\firehk.sys [2008-04-29 42056]
    S3 nm;Network Monitor Driver; C:\WINNT\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
    S3 RimUsb;Téléphone intelligent BlackBerry ; C:\WINNT\System32\Drivers\RimUsb.sys [2007-05-31 22656]
    S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WPRO_40_1040;WinPcap Packet Driver (WPRO_40_1040); C:\WINNT\system32\drivers\WPRO_40_1040.sys []
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-08-15 90112]
    R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-08-15 212992]
    R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-08-18 346720]
    R2 CcmExec;SMS Agent Host; C:\WINNT\system32\CCM\CcmExec.exe [2007-04-13 590712]
    R2 enterceptAgent;McAfee Host Intrusion Prevention Service; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2008-07-17 1455424]
    R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
    R2 IBMPMSVC;ThinkPad PM Service; C:\WINNT\system32\ibmpmsvc.exe [2008-03-31 36640]
    R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
    R2 LucentIKE;LucentIKE; C:\Program Files\IPSec Client\LucentIKESvc.exe [2008-02-20 147456]
    R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
    R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
    R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINNT\System32\svchost.exe [2008-04-14 14336]
    R2 NFRAgent;NFRAgent; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\svchost.exe [2008-04-14 14336]
    R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
    R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-08-20 905216]
    R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINNT\System32\TPHDEXLG.exe [2008-05-14 37416]
    R2 TpKmpSVC;IBM KCU Service; C:\WINNT\system32\TpKmpSVC.exe [2006-06-29 32768]
    R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
    R2 WSearch;Windows Search; C:\WINNT\system32\SearchIndexer.exe [2008-05-26 439808]
    R3 hips;McAfee HIPSCore Service; C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2008-04-28 46400]
    S2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-28 94208]
    S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
    S3 Fax;Fax; C:\WINNT\system32\fxssvc.exe [2008-04-14 267776]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 137200]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 OPNET Application Capture Agent;OPNET Application Capture Agent; C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe [2007-12-05 929792]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-14 14336]

    -----------------EOF-----------------


    Info.txt
    ======

    info.txt logfile of random's system information tool 1.05 2009-02-20 14:54:27

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
    -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    -->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
    -->C:\WINNT\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINNT\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINNT\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
    AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
    Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
    AcrobatReader_81-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    ACTIVESYNC_45-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Shockwave Player 11-->MsiExec.exe /I{F33E4247-AD8E-4D52-A405-1CFD884216C7}
    Alcatel 4980 Client-->MsiExec.exe /I{FDFFB6D1-0F28-4989-9BA1-478078DDBA84}
    Alcatel-Lucent IPSec Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0F57A2C-7392-11D4-8126-00C04F04AEDF}\Setup.exe" -l0x9 AnyText
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    BeClean-->"C:\Program Files\BeClean\unins000.exe"
    BlackBerry Desktop Software 4.6-->MsiExec.exe /I{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
    BlackBerry Desktop Software 4.6-->MsiExec.exe /i{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
    Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -I*.INF
    DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
    DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    DVD Decoder Pak for Windows XP-->MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
    Ericsson Wireless Module Core-->MsiExec.exe /X{64211D43-D195-413C-A7E7-666C10B53E1F}
    FileZilla_2218-->MsiExec.exe /I{A816E2DF-11E3-4140-A583-ECD6590AFD64}
    FrameworkDotnet_11-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    FRAMEWORKDOTNET_20-->C:\WINNT\Microsoft.NET\Framework\v2.0.50727\FRAMEWORKDOTNET_20\install.exe
    Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
    GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe"
    Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.exe" -l0x9 -AddRemove
    HijackThis 2.0.2-->"C:\Program Files\HiJackThis\HijackThis.exe" /uninstall
    Holdem Indicator 1.6.3-->"C:\Program Files\Holdem Indicator\unins000.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINNT\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    IE5 Registration-->MsiExec.exe /I{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}
    InfoPC-->C:\WINNT\st6unst.exe -n "C:\Program Files\InfoPC\ST6UNST.LOG"
    Intel PROSet Wireless-->Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver-->C:\WINNT\system32\igxpun.exe -uninstall
    InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    JRE_16006-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Keyboard Layout Changer For .DEFAULT User (Login Screen)-->MsiExec.exe /I{014DF7EF-6A6E-4195-A82F-8DB2B00BCB2A}
    LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
    McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
    McAfee Host Intrusion Prevention-->MsiExec.exe /X{B332732A-4958-41DD-B439-DDA2D32753C5}
    McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
    Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Office 2003 French User Interface Pack-->MsiExec.exe /I{901E040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Communicator 2005-->MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
    Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Module de support technique BlackBerry S/MIME Version 4.1-->MsiExec.exe /X{367929F8-DC4B-4AA9-8A4B-A3C4EAAB1D63}
    Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSOfficeCOMPPACK_2007-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
    OPNET Application Capture Agent 3.8-->"C:\Program Files\InstallShield Installation Information\{132F7D38-FA45-11D5-BDC3-00104B938A09}\setup.exe" -runfromtemp -l0x0009Add_Remove -removeonly
    PaintDotNet_305-->MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}
    PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:p okerStars
    PokerTH-->C:\Program Files\PokerTH\uninstall.exe
    Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\setup.exe" -l0x9 -AddRemove
    Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
    QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
    QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    RadarSync -->C:\Program Files\RadarSync\uninst.exe
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
    ROAMINGPROFILE_10-->MsiExec.exe /I{99695FD9-A9AB-40C2-9CCD-74513F1E9D0C}
    Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
    SHADOWCOPYCLIENT_20-->MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
    Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
    Startload-->MsiExec.exe /I{735CE24E-E792-472D-BEB4-E5CBDE6957CF}
    ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
    ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
    ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x9 -AddRemove
    ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
    ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
    ThinkPad Modem Adapter-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -AWB -ITkp5051k.INF
    ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
    ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\setup.exe" -l0x9 -AddRemove
    ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
    ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
    ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
    ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
    ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
    Total Recorder 7.0-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
    Tweak UI-->"C:\WINNT\system32\mshta.exe" "res://C:\WINNT\system32\TweakUI.exe/uninstall.hta"
    UPHClean_16D-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
    VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
    VPNLOGINSCRIPT_30-->C:\UNWISE.EXE C:\PROGRA~1\VPNLOGINSCRIPT\INSTALL.LOG
    Windows Driver Package - Intel (HECI) System (03/26/2008 4.0.1.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\heci_8A158C73CCCAE3063FB7B79D050439E0EFC1F5F0\heci.inf
    Windows Driver Package - Intel (Serial) Ports (03/26/2008 5.4.0.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\mesrl_9AA500529278C95047EC72C38353B35AD06F3459\mesrl.inf
    Windows Driver Package - Intel (tpm) System (03/26/2008 4.0.1.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\tpm.inf
    Windows Driver Package - Intel Ports (03/26/2008 5.4.0.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\mesrle_B00653EB3AA15AF1D9DBD28FB6D
    Contenus similaires
    a c 296 8 Sécurité
    20 Février 2009 15:11:12

    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    20 Février 2009 16:01:27

    Destrio5 a dit :
    [#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix



  • Voici ci-dessous (heureusement que vous êtes là car pour moi c'est du Tamoul !):

    ComboFix 09-02-19.01 - ceccald2 2009-02-20 15:43:59.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1033.18.1992.1376 [GMT 1:00]
    Lancé depuis: c:\program files\Setup Programs\ComboFix.exe
    AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)
    FW: McAfee Host Intrusion Prevention Firewall *disabled*
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Microsoft Common
    c:\winnt\ie.exe
    c:\winnt\IE4 Error Log.txt
    c:\winnt\system32\drivers\nfr.sys
    d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    d:\documents and settings\All Users\Start Menu\Internet Explorer.lnk

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://FRVELSSMS32:8081
    hxxp://139.54.202.226:8081
    hxxp://FRORMSSMS03.AD2.AD.ALCATEL.COM:8081
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NFR.SYS
    -------\Service_nfr.sys


    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-20 au 2009-02-20 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-20 15:47 . 2008-04-28 16:19 75,072 --a------ c:\winnt\system32\HIPIS0e0015b.dll
    2009-02-20 14:54 . 2009-02-20 14:54 <DIR> d-------- C:\rsit
    2009-02-20 13:26 . 2009-02-20 13:26 <DIR> d-------- c:\program files\Process Explorer
    2009-02-20 13:13 . 2009-02-20 13:13 <DIR> d-------- c:\program files\InfoPC
    2009-02-20 13:13 . 2009-02-20 13:13 253,952 --------- c:\winnt\Setup1.exe
    2009-02-20 13:13 . 2009-02-20 13:13 74,752 --a------ c:\winnt\ST6UNST.EXE
    2009-02-19 16:23 . 2008-04-14 00:15 26,368 --a--c--- c:\winnt\system32\dllcache\usbstor.sys
    2009-02-19 12:21 . 2009-02-20 02:37 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
    2009-02-19 12:21 . 2009-02-19 12:21 <DIR> d-------- c:\program files\SpywareBlaster
    2009-02-19 10:02 . 2009-02-19 11:47 <DIR> d-------- c:\program files\BeClean
    2009-02-19 10:01 . 2008-06-13 12:05 272,128 --------- c:\winnt\system32\drivers\bthport.sys
    2009-02-19 10:01 . 2008-06-13 12:05 272,128 -----c--- c:\winnt\system32\dllcache\bthport.sys
    2009-02-18 21:05 . 2009-02-18 21:05 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Sonic
    2009-02-18 21:04 . 2009-02-18 21:04 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Leadertech
    2009-02-18 13:26 . 2009-02-18 13:27 <DIR> d-------- d:\documents and settings\ceccald2\DoctorWeb
    2009-02-18 10:10 . 2009-02-18 10:11 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\TotalRecorder
    2009-02-18 10:10 . 2009-02-18 10:10 <DIR> d-------- c:\program files\HighCriteria
    2009-02-18 10:10 . 2008-04-17 01:34 120,472 --a------ c:\winnt\system32\drivers\TotRec7.sys
    2009-02-18 10:10 . 2008-04-12 12:29 106,496 --a------ c:\winnt\system32\DrvTrNTl.dll
    2009-02-18 10:10 . 2008-04-17 01:34 59,032 --a------ c:\winnt\system32\DrvTrNTm.dll
    2009-02-18 09:21 . 2009-02-18 09:21 12,804 --a------ c:\winnt\system32\drivers\nfr.dll
    2009-02-18 09:21 . 2009-02-18 09:21 0 --a------ c:\winnt\system32\drivers\nfr.dll.gpref
    2009-02-18 09:21 . 2009-02-18 09:21 0 --a------ c:\winnt\system32\drivers\nfr.dll.assembly
    2009-02-18 09:20 . 2009-02-18 14:36 <DIR> d-------- C:\Quarantine
    2009-02-18 08:14 . 2009-02-18 08:14 27 --a------ c:\winnt\SmAudio.INI
    2009-02-18 01:02 . 2003-06-25 16:05 266,360 --a------ c:\winnt\system32\TweakUI.exe
    2009-02-18 01:02 . 2002-06-21 15:09 160,217 --a------ c:\winnt\system32\PowerToysLicense.rtf
    2009-02-17 15:46 . 2009-02-17 15:46 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\pokerth
    2009-02-17 15:44 . 2009-02-17 15:45 <DIR> d-------- c:\program files\PokerTH
    2009-02-17 07:52 . 2009-02-17 07:52 <DIR> d-------- c:\program files\RadarSync
    2009-02-17 07:48 . 2009-02-17 07:48 <DIR> d-------- c:\program files\Common Files\Download Manager
    2009-02-17 07:41 . 2009-02-20 15:36 <DIR> d-------- c:\program files\Setup Programs
    2009-02-17 07:03 . 2009-02-17 07:03 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Windows Search
    2009-02-17 06:37 . 2009-02-17 06:37 <DIR> d-------- c:\winnt\system32\libmp3lame-3.98.2
    2009-02-17 06:33 . 2009-02-17 06:33 <DIR> d-------- c:\program files\Audacity
    2009-02-15 18:06 . 2009-02-15 18:06 <DIR> d-------- c:\winnt\Sun
    2009-02-12 10:33 . 2009-02-19 17:45 464 --a------ c:\winnt\hpbafd.ini
    2009-02-11 19:08 . 2009-02-11 19:08 54,156 --ah----- c:\winnt\QTFont.qfn
    2009-02-10 23:59 . 2009-02-10 23:59 <DIR> d-------- c:\program files\AC3Filter
    2009-02-10 23:59 . 2008-07-09 09:05 421,888 --a------ c:\winnt\system32\ac3filter.acm
    2009-02-10 23:52 . 2009-02-10 23:52 <DIR> d-------- c:\program files\GSpot
    2009-02-10 23:33 . 2009-02-10 23:33 <DIR> d-------- c:\program files\e-Carte Bleue Société Générale
    2009-02-10 23:19 . 2009-02-10 23:19 <DIR> d---s---- d:\documents and settings\ceccald2\UserData
    2009-02-10 23:18 . 2009-02-11 02:18 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\GrabIt
    2009-02-10 22:21 . 2009-02-10 22:21 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\DivX
    2009-02-10 22:07 . 2009-02-10 22:08 <DIR> d-------- c:\program files\DivX
    2009-02-10 22:07 . 2008-11-06 17:37 129,784 --------- c:\winnt\system32\pxafs.dll
    2009-02-10 22:07 . 2008-11-06 17:37 120,056 --------- c:\winnt\system32\pxcpyi64.exe
    2009-02-10 22:07 . 2008-11-06 17:37 118,520 --------- c:\winnt\system32\pxinsi64.exe
    2009-02-10 22:07 . 2008-11-06 17:37 9,464 --------- c:\winnt\system32\drivers\cdralw2k.sys
    2009-02-10 22:07 . 2008-11-06 17:37 9,336 --------- c:\winnt\system32\drivers\cdr4_xp.sys
    2009-02-10 21:01 . 2009-02-20 03:59 <DIR> d-------- c:\program files\Holdem Indicator
    2009-02-10 20:42 . 2009-02-20 00:39 <DIR> d-------- c:\program files\PokerStars
    2009-02-10 15:01 . 2009-02-10 15:01 <DIR> d-------- c:\program files\MSXML 4.0
    2009-02-10 15:00 . 2008-10-24 12:21 455,296 -----c--- c:\winnt\system32\dllcache\mrxsmb.sys
    2009-02-10 14:36 . 2009-02-10 14:36 <DIR> d-------- c:\program files\QuickPar
    2009-02-10 14:27 . 2009-02-10 14:27 <DIR> d-------- c:\program files\GrabIt
    2009-02-10 14:20 . 2009-02-10 14:20 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\profile
    2009-02-10 14:19 . 2009-02-10 14:19 <DIR> d-------- c:\program files\Robocopy
    2009-02-10 13:04 . 2009-02-10 13:08 <DIR> d-------- c:\program files\Google
    2009-02-10 12:49 . 2008-04-14 05:41 21,504 --a------ c:\winnt\system32\hidserv.dll
    2009-02-10 12:49 . 2008-04-14 05:41 21,504 --a--c--- c:\winnt\system32\dllcache\hidserv.dll
    2009-02-10 12:48 . 2008-04-14 00:15 32,128 --a------ c:\winnt\system32\drivers\usbccgp.sys
    2009-02-10 12:48 . 2008-04-14 00:15 32,128 --a--c--- c:\winnt\system32\dllcache\usbccgp.sys
    2009-02-10 12:16 . 2008-08-14 11:11 2,189,184 -----c--- c:\winnt\system32\dllcache\ntoskrnl.exe
    2009-02-10 12:16 . 2008-08-14 11:09 2,145,280 -----c--- c:\winnt\system32\dllcache\ntkrnlmp.exe
    2009-02-10 12:16 . 2008-08-14 10:33 2,066,048 -----c--- c:\winnt\system32\dllcache\ntkrnlpa.exe
    2009-02-10 12:16 . 2008-08-14 10:33 2,023,936 -----c--- c:\winnt\system32\dllcache\ntkrpamp.exe
    2009-02-10 12:15 . 2009-02-19 10:03 <DIR> d--h----- c:\winnt\$hf_mig$
    2009-02-10 12:03 . 2009-02-10 12:03 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Windows Desktop Search
    2009-02-10 12:03 . 2009-02-10 12:03 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Lenovo
    2009-02-10 12:02 . 2009-02-10 12:02 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Apple Computer
    2009-02-09 16:47 . 2009-02-09 16:47 <DIR> d-------- d:\documents and settings\prichter
    2009-02-09 16:47 . 2009-01-26 19:46 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Intel
    2009-02-09 16:47 . 2009-02-19 09:55 <DIR> d-------- d:\documents and settings\ceccald2
    2009-02-09 16:30 . 2009-02-18 10:20 <DIR> d-------- c:\program files\SMS Packages
    2009-01-26 20:17 . 2009-01-26 20:17 262,144 --a------ c:\winnt\system32\default_user_class.dat
    2009-01-26 20:16 . 2009-01-26 20:16 <DIR> d-------- d:\documents and settings\admin\Application Data\Lenovo
    2009-01-26 20:16 . 2009-01-26 20:16 <DIR> d-------- c:\winnt\SchCache
    2009-01-26 20:11 . 2009-01-26 20:11 <DIR> d-------- d:\documents and settings\All Users\Application Data\InstallShield
    2009-01-26 20:11 . 2009-01-26 20:11 102 --a------ c:\winnt\WININIT.INI
    2009-01-26 20:10 . 2009-01-26 20:11 <DIR> d-------- c:\program files\Sonic
    2009-01-26 20:10 . 2009-01-26 20:10 <DIR> d-------- c:\program files\Common Files\SureThing Shared
    2009-01-26 20:10 . 2009-01-26 20:11 <DIR> d-------- c:\program files\Common Files\Sonic Shared
    2009-01-26 20:09 . 2009-01-26 20:09 <DIR> d-------- C:\Icons
    2009-01-26 20:08 . 2009-01-26 20:08 <DIR> d-------- d:\documents and settings\LocalService\Application Data\Avaya
    2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- d:\documents and settings\admin\Application Data\InstallShield
    2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- c:\program files\InterVideo
    2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- c:\program files\Common Files\InterVideo
    2009-01-26 20:07 . 2002-11-22 03:57 204,800 --a------ c:\winnt\system32\IVIresizeW7.dll
    2009-01-26 20:07 . 2002-11-22 03:57 200,704 --a------ c:\winnt\system32\IVIresizeA6.dll
    2009-01-26 20:07 . 2002-11-22 03:57 192,512 --a------ c:\winnt\system32\IVIresizeP6.dll
    2009-01-26 20:07 . 2002-11-22 03:57 192,512 --a------ c:\winnt\system32\IVIresizeM6.dll
    2009-01-26 20:07 . 2002-11-22 03:57 188,416 --a------ c:\winnt\system32\IVIresizePX.dll
    2009-01-26 20:07 . 2002-11-22 03:57 20,480 --a------ c:\winnt\system32\IVIresize.dll
    2009-01-26 20:06 . 2006-10-02 00:55 55,296 --------- c:\winnt\system32\TP98.CPL
    2009-01-26 20:06 . 2006-10-02 00:55 14,848 --------- c:\winnt\system32\drivers\SMAPINT.SYS
    2009-01-26 20:06 . 2006-10-02 00:55 9,343 --------- c:\winnt\system32\drivers\TDSMAPI.SYS
    2009-01-26 20:05 . 2008-07-11 15:48 13,824 --a------ c:\winnt\system32\drivers\tpm.sys
    2009-01-26 20:05 . 2008-07-11 15:48 10,752 --a------ c:\winnt\system32\TDDL.dll
    2009-01-26 20:04 . 2009-01-26 20:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Lenovo
    2009-01-26 20:03 . 2008-07-31 03:01 4,608 --------- c:\winnt\system32\drivers\TSMAPIP.SYS
    2009-01-26 20:02 . 2008-03-31 16:10 36,640 -ra------ c:\winnt\system32\ibmpmsvc.exe
    2009-01-26 20:02 . 2008-03-31 16:10 35,104 -ra------ c:\winnt\system32\tpinspm.dll
    2009-01-26 20:02 . 2006-06-29 22:57 32,768 --a------ c:\winnt\system32\TpKmpSvc.exe
    2009-01-26 20:02 . 2008-03-31 16:10 23,720 -ra------ c:\winnt\system32\drivers\ibmpmdrv.sys
    2009-01-26 20:02 . 2008-07-28 17:43 16,384 --------- c:\winnt\PWMBTHLP.EXE
    2009-01-26 20:02 . 2008-07-28 17:43 4,442 --------- c:\winnt\system32\drivers\TPPWRIF.SYS
    2009-01-26 20:01 . 2009-01-26 20:09 <DIR> d-------- c:\program files\ThinkVantage
    2009-01-26 20:01 . 2007-09-14 04:01 922,920 --------- c:\winnt\system32\ahlprun.exe
    2009-01-26 20:01 . 2002-02-04 05:13 82,432 --a------ c:\winnt\system32\msxml4r.dll
    2009-01-26 20:01 . 2002-02-04 05:13 44,544 --a------ c:\winnt\system32\msxml4a.dll
    2009-01-26 20:01 . 2002-02-07 17:43 9,679 --a------ c:\winnt\system32\msxml4r.cat
    2009-01-26 20:01 . 2002-02-07 17:43 9,675 --a------ c:\winnt\system32\msxml4.cat
    2009-01-26 20:01 . 2002-02-06 19:31 3,489 --a------ c:\winnt\system32\msxml4.Manifest
    2009-01-26 20:01 . 2002-02-06 19:31 500 --a------ c:\winnt\system32\msxml4r.Manifest
    2009-01-26 20:00 . 2009-01-26 20:00 <DIR> d-------- d:\documents and settings\admin\Bluetooth Software
    2009-01-26 19:59 . 2008-08-19 22:15 991,656 --a------ c:\winnt\system32\drivers\btkrnl.sys
    2009-01-26 19:59 . 2008-05-30 12:46 534,568 --a------ c:\winnt\system32\drivers\btaudio.sys
    2009-01-26 19:59 . 2007-09-20 12:59 106,557 --a------ c:\winnt\system32\btw_ci.dll
    2009-01-26 19:59 . 2008-06-11 15:14 89,896 --a------ c:\winnt\system32\drivers\btwsecfl.sys
    2009-01-26 19:59 . 2008-08-19 22:15 47,272 --a------ c:\winnt\system32\drivers\btwusb.sys
    2009-01-26 19:59 . 2008-02-04 18:57 37,160 --a------ c:\winnt\system32\drivers\btport.sys
    2009-01-26 19:53 . 2009-01-26 20:10 <DIR> d-------- c:\program files\ThinkPad
    2009-01-26 19:53 . 2003-03-19 15:20 1,060,864 --a------ c:\winnt\system32\MFC71.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-18 13:27 --------- d-----w c:\program files\Microsoft Office Communicator
    2009-02-18 02:01 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-11 01:11 --------- d-----w c:\program files\Microsoft ActiveSync
    2009-02-09 16:26 --------- d-----w d:\documents and settings\ceccald2\Application Data\Notes
    2009-01-26 11:51 --------- d-----w d:\documents and settings\All Users\Application Data\McAfee
    2009-01-26 11:51 --------- d-----w c:\program files\McAfee
    2009-01-26 11:50 --------- d-----w c:\program files\Userguides
    2009-01-26 11:50 --------- d-----w c:\program files\IEsettings_10
    2008-07-02 18:36 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
    2008-07-02 18:36 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
    2008-07-02 18:36 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
    2008-07-02 18:36 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
    2008-07-02 18:36 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
    "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
    "Outlook2003_conf"="c:\winnt\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe" [2008-09-12 127219]
    "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-13 150040]
    "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-13 178712]
    "Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-13 150040]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-07-29 242976]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
    "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776]
    "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896]
    "TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
    "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-09 165208]
    "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
    "McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2008-07-17 963904]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
    "Ptipbmf"="ptipbmf.dll" [2003-06-20 c:\winnt\system32\ptipbmf.dll]
    "TpShocks"="TpShocks.exe" [2008-06-06 c:\winnt\system32\TpShocks.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
    "Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-12-05 3900936]

    d:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-08-18 604776]
    IPSecClient Icon.lnk - c:\program files\IPSec Client\trayicon.exe [2009-01-26 675840]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMConfigurePrograms"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    2008-08-15 22:37 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ac3filter"= ac3filter.acm
    "wave"= DrvTrNTm.dll
    "mixer"= DrvTrNTm.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli ACGina

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
    "Script"=\\emea.lucent.com\SysVol\emea.lucent.com\Policies\{889529DF-E7A8-4D43-A01E-994C0DBC162F}\Machine\Scripts\Startup\SMS.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-14602\Scripts\Logoff\0\0]
    "Script"=KEYBOARD.CMD

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-14602\Scripts\Logoff\0\1]
    "Script"=c:\program files\Profile Light\Logoff.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-1004\Scripts\Logoff\0\0]
    "Script"=KEYBOARD.CMD

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-1004\Scripts\Logoff\0\1]
    "Script"=c:\program files\Profile Light\Logoff.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-500\Scripts\Logoff\0\0]
    "Script"=KEYBOARD.CMD

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-500\Scripts\Logoff\0\1]
    "Script"=c:\program files\Profile Light\Logoff.bat

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 Fasttrak;Fasttrak;c:\winnt\system32\drivers\Fasttrak.sys [2008-11-19 75520]
    R0 Shockprf;Shockprf;c:\winnt\system32\drivers\ApsX86.sys [2008-05-14 114728]
    R0 TPDIGIMN;TPDIGIMN;c:\winnt\system32\drivers\ApsHM86.sys [2008-05-14 19496]
    R0 vmscsi;vmscsi;c:\winnt\system32\drivers\vmscsi.sys [2008-11-19 11026]
    R1 ANC;ANC;c:\winnt\system32\drivers\ANC.sys [2009-01-26 11520]
    R1 IBMTPCHK;IBMTPCHK;c:\winnt\system32\drivers\IBMBLDID.sys [2009-01-26 4224]
    R1 TPPWRIF;TPPWRIF;c:\winnt\system32\drivers\TPPWRIF.SYS [2009-01-26 4442]
    R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [2008-07-17 1455424]
    R2 I2C;I2C;c:\winnt\system32\wbem\agent\ci\i2cnt.sys [2009-01-26 35704]
    R2 LucentIKE;LucentIKE;c:\program files\IPSec Client\lucentikesvc.exe [2009-01-26 147456]
    R2 NFRAgent;NFRAgent;c:\winnt\system32\svchost.exe -k nfrsvc [2008-11-19 14336]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2008-11-19 243856]
    R3 FirehkMP;FirehkMP;c:\winnt\system32\drivers\firehk.sys [2008-04-29 42056]
    R3 LuIPSec;Alcatel-Lucent VPN Miniport;c:\winnt\system32\drivers\luipsec.sys [2009-01-26 320768]
    R3 TotRec7;Total Recorder WDM audio driver;c:\winnt\system32\drivers\TotRec7.sys [2009-02-18 120472]
    S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009-01-26 94208]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [2008-11-19 144992]
    S3 Firehk;McAfee NDIS Intermediate Filter;c:\winnt\system32\drivers\firehk.sys [2008-04-29 42056]
    S3 HIPK;McAfee Inc. HIPK;c:\winnt\system32\drivers\HIPK.sys [2009-01-26 100104]
    S3 HIPPSK;McAfee Inc. HIPPSK;c:\winnt\system32\drivers\HIPPSK.sys [2009-01-26 30856]
    S3 HIPQK;McAfee Inc. HIPQK;c:\winnt\system32\drivers\HIPQK.sys [2009-01-26 27976]
    S3 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2009-01-26 46400]
    S3 WPRO_40_1040;WinPcap Packet Driver (WPRO_40_1040);c:\winnt\system32\drivers\WPRO_40_1040.sys --> c:\winnt\system32\drivers\WPRO_40_1040.sys [?]
    SUnknown OPNET Application Capture Agent;OPNET Application Capture Agent;c:\program files\OPNET\AppCapture3.8\op_capture_server.exe [2008-11-19 929792]

    --- Autres Services/Pilotes en mémoire ---

    *Deregistered* - uphcleanhlp

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    nfrsvc REG_MULTI_SZ NFRAgent

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{Profile}]
    d:\config\master\profile\profile.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{QIESettings_10}]
    c:\program files\IEsettings_10\cu.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\BTooth]
    c:\winnt\Installer\BTooth\LBTScript.exe /s

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Hibernate]
    powercfg /CHANGE Portable/Laptop /hibernate-timeout-ac 0

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MSOffice_2003]
    c:\program files\Microsoft Office\Office11\cu.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NetmeetingConf_10]
    c:\winnt\INSTALLER\NetmeetingConf.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OfficeTemplates_10]
    c:\program files\Microsoft Office\Templates\Alcatel-Lucent\Templates.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PDFCreator_091]
    c:\winnt\Installer\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}\PDFCreator_CU.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\QuickTime_745]
    d:\documents and settings\All Users\Application Data\Apple Computer\QuickTime\cu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\RealPlayer_1061]
    c:\program files\Real\RealPlayer\cu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shockwave11]
    c:\winnt\INSTALLER\MACROMEDIA\cu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SonicDigitalMediaPlus_70]
    c:\program files\Common Files\Sonic Shared\Sonic Central\cu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Standby]
    powercfg /CHANGE Portable/Laptop /standby-timeout-ac 0

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7WMP_USER]
    c:\program files\Windows Media Player\cu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    c:\winnt\IE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    c:\winnt\DOTNET.EXE
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-20 c:\winnt\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-07-28 17:43]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://all.alcatel-lucent.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar =
    uInternet Settings,ProxyServer = http=localhost:7070
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
    Trusted Zone: alcatel-lucent.com
    Trusted Zone: alcatel-lucent.de
    Trusted Zone: alcatel-lucent.fr
    Trusted Zone: alcatel.com
    Trusted Zone: alcatel.de
    Trusted Zone: alcatel.fr
    Trusted Zone: frillslib01
    Trusted Zone: lucent.com
    Trusted Zone: alcatel-lucent.com
    Trusted Zone: alcatel-lucent.de
    Trusted Zone: alcatel-lucent.fr
    Trusted Zone: alcatel.com
    Trusted Zone: alcatel.de
    Trusted Zone: alcatel.fr
    Trusted Zone: automation.local
    Trusted Zone: frillslib01
    Trusted Zone: frmeus0dvp01
    Trusted Zone: lucent.com
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} - hxxps://usdals908.ad3.ad.alcatel.com/sales_enu/16279/applets/siebelhtml.cab
    DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxps://usdals908.ad3.ad.alcatel.com/sales_enu/16279/applets/SiebelOptionPack.cab
    FF - ProfilePath -
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-20 15:49:47
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(216)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\Lenovo\HOTKEY\tphklock.dll

    - - - - - - - > 'lsass.exe'(288)
    c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACON.dll
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
    c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
    c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
    c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\winnt\system32\ibmpmsvc.exe
    c:\program files\Intel\WiFi\bin\S24EvMon.exe
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Intel\WiFi\bin\EvtEng.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\IPSec Client\lucentike.exe
    c:\program files\McAfee\Common Framework\FrameworkService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\McAfee\Common Framework\naPrdMgr.exe
    c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\winnt\system32\TPHDEXLG.exe
    c:\winnt\system32\TpKmpSvc.exe
    c:\program files\UPHClean\uphclean.exe
    c:\winnt\system32\searchindexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\winnt\system32\CCM\CcmExec.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\winnt\system32\msiexec.exe
    c:\winnt\system32\igfxsrvc.exe
    c:\program files\McAfee\Common Framework\Mctray.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\ZOOM\TpScrex.exe
    c:\program files\Synaptics\SynTP\SynTPLpr.exe
    c:\winnt\system32\rundll32.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\winnt\system32\mmc.exe
    c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\winnt\system32\wbem\wmiadap.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-02-20 15:50:54 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-02-20 14:50:52

    Avant-CF: 27 512 938 496 bytes free
    Après-CF: 27,561,390,080 octets libres

    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    a c 296 8 Sécurité
    20 Février 2009 18:12:19

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    21 Février 2009 08:45:41

    Destrio5 a dit :
  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
    Citation :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.



  • Bonjour,

    Voilà ci-dessous:

    ====================

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1783
    Windows 5.1.2600 Service Pack 3

    2009-02-21 08:19:17
    mbam-log-2009-02-21 (08-19-17).txt

    Type de recherche: Examen rapide
    Eléments examinés: 76504
    Temps écoulé: 4 minute(s), 27 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfragent (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nfragent (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfragent (Trojan.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINNT\system32\drivers\nfr.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINNT\system32\drivers\nfr.dll.assembly (Trojan.Agent) -> Quarantined and deleted successfully.

    ====================

    -Sho
    a c 296 8 Sécurité
    21 Février 2009 08:55:31

  • Refais un examen rapide avec MBAM et poste le rapport.
    21 Février 2009 11:08:26

    Destrio5 a dit :
  • Refais un examen rapide avec MBAM et poste le rapport.



  • Tout à l'air ok now..
    Voici:

    ============

    Malwarebytes' Anti-Malware 1.34
    Version de la base de données: 1783
    Windows 5.1.2600 Service Pack 3

    2009-02-21 11:06:02
    mbam-log-2009-02-21 (11-06-02).txt

    Type de recherche: Examen rapide
    Eléments examinés: 76462
    Temps écoulé: 3 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    ==================
    a c 296 8 Sécurité
    21 Février 2009 13:12:59

  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Mets à jour Internet Explorer.

  • Refais un scan RSIT et poste le rapport log.
    21 Février 2009 23:32:55

    Destrio5 a dit :
  • Relance MBAM, va dans Quarantaine et supprime tout.

  • Mets à jour Java.

  • Mets à jour Adobe Reader.

  • Mets à jour Internet Explorer.

  • Refais un scan RSIT et poste le rapport log.



  • Voici (je ne mets pas IE à la dernière version pour des raisons de compatibilité avec un autre outil):

    ===========

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by ceccald2 at 2009-02-21 23:30:30
    Microsoft Windows XP Professionnel Service Pack 3
    System drive C: has 26 GB (65%) free of 40 GB
    Total RAM: 1992 MB (70% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:30, on 2009-02-21
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\ibmpmsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\IPSec Client\LucentIKESvc.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\IPSec Client\LucentIKE.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINNT\System32\TPHDEXLG.exe
    C:\WINNT\system32\TpKmpSVC.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\CCM\CcmExec.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    C:\WINNT\system32\igfxtray.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\igfxsrvc.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\WINNT\system32\TpShocks.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
    C:\Program Files\IPSec Client\trayicon.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
    C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
    C:\WINNT\system32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Setup Programs\RSIT.exe
    C:\Program Files\HiJackThis\ceccald2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://all.alcatel-lucent.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
    O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
    O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
    O15 - Trusted Zone: http://*.alcatel-lucent.com
    O15 - Trusted Zone: http://*.alcatel.com
    O15 - Trusted Zone: http://*.lucent.com
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://usdals908.ad3.ad.alcatel.com/sales_enu/16279/ap...
    O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
    O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://usdals908.ad3.ad.alcatel.com/sales_enu/16279/ap...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=...
    O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab70018....
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework....
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrob...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.lucent.com
    O17 - HKLM\Software\..\Telephony: DomainName = emea.lucent.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.lucent.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe
    O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

    --
    End of file - 13922 bytes

    ======Scheduled tasks folder======

    C:\WINNT\tasks\PMTask.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-10 522224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
    "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
    "Outlook2003_conf"=C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe [2008-09-12 127219]
    "Ptipbmf"=C:\WINNT\system32\ptipbmf.dll [2003-06-20 118784]
    "IgfxTray"=C:\WINNT\system32\igfxtray.exe [2008-10-13 150040]
    "HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2008-10-13 178712]
    "Persistence"=C:\WINNT\system32\igfxpers.exe [2008-10-13 150040]
    "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
    "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
    "ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-08-15 425984]
    "ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
    "TpShocks"=C:\WINNT\system32\TpShocks.exe [2008-06-06 181536]
    "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-07-29 242976]
    "TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
    "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
    "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
    "TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
    "LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-09 165208]
    "LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-09 124248]
    "McAfee Host Intrusion Prevention Tray"=C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-07-17 963904]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
    "H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

    =============
    a c 296 8 Sécurité
    21 Février 2009 23:49:09

    Le PC va comment ?
    21 Février 2009 23:55:32

    Destrio5 a dit :
    Le PC va comment ?



    Il a l'air de bien aller. Plus d'indirections Google pour l'instant, plus de crash intempestiv de svchost.exe...

    Merci beaucoup !
    a c 296 8 Sécurité
    22 Février 2009 00:02:15

    1/

  • Désinstalle HijackThis.
  • Menu Démarrer > Exécuter > Tape combofix /u et valide.

  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).


    2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).


    3/

  • Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

  • Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème.


    ==Prévention==

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

    Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

    Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


    ==Problème résolu ?==

    Si tu estimes que ton problème est résolu :

    ---> Ajoute maintenant [Résolu] au titre. Pour cela :
  • Clique, dans ton premier message, sur le bouton Editer .
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.


    Sois plus vigilant(e) sur Internet ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS