Antinul.vbe
Forum Sécurité - Virus : Antinul.vbe
Bonjour,
j'ai ete infecte par "antinul.vbe" avec le message...
"Il est XX:XX:XX heures
il est de se mettre au travail..... etc...."
J'ai fait la procedure suivante (si dessous), mais je ne suis pas sur si j'ai completement nettoye ma machine - je recherche donc qqn qui pourrais m'aider a jeter un oeil sur les fichiers log de ComboFix et de HiJackThis.. merci beaucoup d'avance!
1) Ouvrez le bloc note et écrivez *kill vbscript travailplus*. "Enregistrez sous" antinul.vbe sur le bureau
2. Toujours sur le bloc note écrivez *kill vbscript travailplus*. "Enregistrez sous" autorun.inf sur le bureau
3. Copiez ces deux fichiers dans le dossier system32 (C:\windows\system32\) s'il vous propose d'écraser les anciens, vous les écrasez.
4) telecharge, installe et execute "Malwarebytes' Anti-Malware"
5) execute ComboFix
6) Execute HiJackThis.
effacte cle R0 ou il y avait "travaillez plus...."
voici les logs de ComboFix et de HiJackThis;
--------- COMBOFIX ----------------- BEG
ComboFix 08-12-28.01 - herodotus 2008-12-29 3:40:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2006.1366 [GMT 0:00]
Running from: d:\documents and settings\herodotus\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\MyWebEx
c:\windows\Downloaded Program Files\MyWebEx\419\atarm.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atas32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasanot.exe
c:\windows\Downloaded Program Files\MyWebEx\419\atasctrl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atasnt40.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atcarmcl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atdl2006.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atjpeg60.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atkbctl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atlchat.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atmemmgr.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atnetext.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atpack.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\attp.dll
c:\windows\Downloaded Program Files\MyWebEx\419\atwbxui6.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264dec.dll
c:\windows\Downloaded Program Files\MyWebEx\419\h264enc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\ieatgpc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mmssl32.dll
c:\windows\Downloaded Program Files\MyWebEx\419\msess.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mticket.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mutiltpd.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mvc.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwm.ini
c:\windows\Downloaded Program Files\MyWebEx\419\mwmcliun.exe
c:\windows\Downloaded Program Files\MyWebEx\419\mwmproxy.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\mwmtrace.txt
c:\windows\Downloaded Program Files\MyWebEx\419\mwmupd.exe
c:\windows\Downloaded Program Files\MyWebEx\419\ratrace.dll
c:\windows\Downloaded Program Files\MyWebEx\419\raurl.dll
c:\windows\Downloaded Program Files\MyWebEx\419\uilibres.dll
c:\windows\Downloaded Program Files\MyWebEx\419\wbxcrypt.dll
c:\windows\Downloaded Program Files\MyWebEx\419\webexmgr.dll
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\AutoRun.inf
c:\windows\system32\x64
F:\autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.
2008-12-29 03:14 . 2008-12-29 03:14 <DIR> d-------- d:\documents and settings\herodotus\Application Data\Malwarebytes
2008-12-29 03:14 . 2008-12-29 03:14 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-29 03:14 . 2008-12-29 03:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-29 03:14 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-29 03:14 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 00:08 . 2008-12-24 00:08 <DIR> d-------- d:\documents and settings\herodotus\Application Data\SparVoip
2008-12-23 23:56 . 2008-12-24 00:08 <DIR> d-------- c:\program files\SparVoip
2008-12-22 14:58 . 2008-12-22 14:58 <DIR> d-------- c:\program files\HooTech
2008-12-22 03:29 . 2008-12-24 02:04 <DIR> d-------- c:\program files\Mozilla Thunderbird 3 Beta 1
2008-12-16 02:01 . 2008-12-29 03:08 25 --a------ c:\windows\system32\antinul.vbe
2008-12-04 05:04 . 2008-12-23 04:46 <DIR> d-------- d:\documents and settings\herodotus\Application Data\Fund Manager
2008-12-04 05:04 . 2008-12-04 05:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\GrebleSoft
2008-12-04 05:03 . 2008-12-05 03:00 <DIR> d-------- c:\program files\Fund Manager
2008-12-04 02:04 . 2008-12-04 02:04 <DIR> d-------- c:\windows\system32\IOSUBSYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 03:46 --------- d-----w d:\documents and settings\NetworkService\Application Data\VMware
2008-12-29 03:46 --------- d-----w d:\documents and settings\herodotus\Application Data\VMware
2008-12-29 03:46 --------- d-----w d:\documents and settings\All Users\Application Data\VMware
2008-12-29 03:02 --------- d-----w d:\documents and settings\herodotus\Application Data\Wuala
2008-12-29 02:49 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-29 02:40 --------- d-----w d:\documents and settings\herodotus\Application Data\uTorrent
2008-12-29 02:38 --------- d-----w d:\documents and settings\herodotus\Application Data\Ditto
2008-12-27 22:08 --------- d-----w d:\documents and settings\herodotus\Application Data\Skype
2008-12-27 19:28 --------- d-----w c:\program files\Ditto
2008-12-22 03:29 --------- d-----w d:\documents and settings\herodotus\Application Data\Thunderbird
2008-12-14 13:57 --------- d-----w d:\documents and settings\herodotus\Application Data\foobar2000
2008-12-13 00:48 --------- d-----w c:\program files\FastStone Capture
2008-12-04 02:04 --------- d-----w c:\program files\Google
2008-11-25 18:16 --------- d---a-w d:\documents and settings\Administrator\Application Data\Lenovo
2008-11-25 18:16 --------- d-----w d:\documents and settings\Administrator\Application Data\VMware
2008-11-25 18:16 --------- d-----w d:\documents and settings\Administrator\Application Data\Skype
2008-11-25 17:30 --------- d-----w c:\program files\Synovel Spicebird
2008-11-25 17:30 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-25 03:38 --------- d-----w d:\documents and settings\Caz\Application Data\VMware
2008-11-24 17:05 --------- d-----w c:\program files\Jts
2008-11-22 00:00 --------- d-----w c:\program files\LogMeIn
2008-11-21 20:04 --------- d-----w d:\documents and settings\All Users\Application Data\LogMeIn
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2008-11-13 15:17 --------- d-----w c:\program files\Cain
2008-11-13 15:13 --------- d-----w d:\documents and settings\herodotus\Application Data\FastStone
2008-11-09 11:16 --------- d-----w c:\program files\MSECache
2008-11-08 20:38 --------- d-----w c:\program files\Common Files\Adobe
2008-11-08 02:05 --------- d-----w d:\documents and settings\All Users\Application Data\FLEXnet
2008-11-04 05:16 --------- d-----w c:\program files\GOLDMAN_SACHS
2008-11-03 01:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 01:25 --------- d-----w c:\program files\Samsung ML-1510_700 Series
2008-10-16 20:35 87,352 ----a-w c:\windows\system32\LMIinit.dll
2008-10-16 20:35 83,288 ----a-w c:\windows\system32\LMIRfsClientNP.dll
2008-10-16 20:35 28,984 ----a-w c:\windows\system32\LMIport.dll
2008-10-16 20:35 23,736 ----a-w c:\windows\system32\lmimirr.dll
2008-10-16 20:35 10,040 ----a-w c:\windows\system32\lmimirr2.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-02-19 22:57 32 ----a-w d:\documents and settings\All Users\Application Data\ezsid.dat
2008-02-28 13:30 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 13:33 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2005-07-14 18:31 27,648 -csha-w c:\windows\system32\AVSredirect.dll
2007-09-04 07:58 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2008-08-17 15:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081720080818\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2008-01-16 684032]
"Google Update"="d:\documents and settings\herodotus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-05-15 72240]
"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-05-15 55856]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-01-14 69632]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
d:\documents and settings\herodotus\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2007-02-13 1111552]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-05-15 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 14:54 89600 c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 21:37 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 20:35 87352 c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv50"= c:\progra~1\REPLAY~1\ir50_32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Market Data Ltd\\L2 Dealer\\DotNet\\L2DotNetLauncher.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\GS\\REDIPlus\\Primary\\Redi.exe"=
"c:\\Program Files\\InterVoip.com\\InterVoip\\intervoip.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\CounterPath\\eyeBeam 1.5\\eyeBeam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"d:\\LIVE1\\SOFTWARES\\superscan4\\SuperScan4.exe"=
"c:\\Program Files\\SparVoip\\SparVoip.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"94:TCP"= 94:TCP:VRS Recording System Web Control Panel
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"6112:TCP"= 6112:TCP:Utorrent_port_tcp
"6112:UDP"= 6112:UDP:Utorrent_port_udp
"5222:TCP"= 5222:TCP:HoN2_TCP
"5222:UDP"= 5222:UDP:HoN2_UDP
R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2007-09-04 11520]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2007-09-04 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2007-09-04 4442]
R1 tvtumon;tvtumon;c:\windows\system32\DRIVERS\tvtumon.sys [2007-12-05 46144]
R2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\c:\windows\system32\drivers\LMIRfsDriver.sys [2008-11-21 47640]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-08-17 94208]
R2 smihlp2;SMI Helper Driver (smihlp2);\??\c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-12-05 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2007-12-05 260672]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2007-09-04 22568]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 30336]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys []
S3 DirMngr;DirMngr;"c:\program files\GNU\GnuPG\dirmngr.exe" --service [2007-09-17 219136]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
S4 LMIRfsClientNP;LMIRfsClientNP; []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48611376-bb1d-11dd-8dfa-00197ef9f409}]
\Shell\AutoRun\command - wscript.exe antinul.vbe
\Shell\open\Command - wscript.exe antinul.vbe
.
Contents of the 'Scheduled Tasks' folder
2008-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2008-12-29 c:\windows\Tasks\GoogleUpdateTaskUser.job
- d:\documents and settings\herodotus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 23:47]
2008-12-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 01:47]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-CLRHost - (no file)
HKLM-Run-TunePat - c:\program files\TunePat\TunePat.exe
HKLM-Run-PATHPILOT - c:\program files\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk
.
------- Supplementary Scan -------
.
uStart Page = Travaillez plus.com
uInternet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - d:\documents and settings\herodotus\Application Data\Mozilla\Firefox\Profiles\8g22l527.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: d:\documents and settings\herodotus\Application Data\Mozilla\Firefox\Profiles\8g22l527.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_pb_mozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: d:\documents and settings\herodotus\Application Data\Mozilla\Firefox\Profiles\8g22l527.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 03:46:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1256)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1312)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-12-29 3:49:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-29 03:49:26
Pre-Run: 1,027,104,768 bytes free
Post-Run: 910,974,976 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
ECHO ON PRELOAD
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
360
------ END ---------
------ HiJackThis ------------ BEG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:19:06, on 29/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Ditto\Ditto.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
D:\Documents and Settings\herodotus\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Process Explorer\procexp.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\DOCUMENTS and SETTINGS\herodotus\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\herodotus\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118;https=localhost:8118;socks=localhost:9050
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 0093031906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 15015 bytes
--- END -----
Il y a 2225 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
