Tom's Guide > Forum > Sécurité - Virus > Redirection des pages Google...virus ? RESOLU

Redirection des pages Google...virus ? RESOLU

Forum Sécurité - Virus : Redirection des pages Google...virus ? RESOLU

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
sholinam   20-02-2009 à 13:49:53

Bonjour,

Depuis 3 jours j'observe un comportement erratique de mon PC:

- Lors du click, redirection des liens Google obtenus suite à recherche vers des pages sans aucun rapport
- Gels intempestifs de ma connexion réseau
- Crashs sporadiques du process système "svchost.exe"

Ceci après avoir été dirigé une première fois vers un site plein popups, donc je soupconne l'installation sur mon PC d'un malware.

Un scan de mon anti-virus (McAfee) n'indique rien de particulier.

Quelqu'un peut-il m'aider ?

Merci d'avance.

-Sho


Message édité par sholinam le 22-02-2009 à 01:15:29
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Destrio5   20-02-2009 à 14:43:57
- 0 +

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit\.

Message cité 1 fois
Répondre à Destrio5
sholinam   20-02-2009 à 15:05:07
- 0 +

Destrio5 a écrit :

Salut,

  • Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
  • Double-clique sur RSIT.exe afin de lancer le programme.
  • Clique sur Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).


Note : les rapports sont sauvegardés dans le dossier C:\rsit\.




Bonjour,

Merci de la réaction rapide.
Voici le résultat de la manip:

Log.txt:
======

Logfile of random's system information tool 1.05 (written by random/random)
Run by ceccald2 at 2009-02-20 14:58:38
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 26 GB (66%) free of 40 GB
Total RAM: 1992 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:40, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\System32\TPHDEXLG.exe
C:\WINNT\system32\igfxpers.exe
C:\WINNT\system32\TpKmpSVC.exe
C:\WINNT\system32\igfxsrvc.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINNT\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Setup Programs\RSIT.exe
C:\Program Files\HiJackThis\ceccald2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://all.alcatel-lucent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://all.alcatel-lucent.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://gautoconf.alcatel.fr/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O15 - Trusted Zone: http://*.alcatel-lucent.com
O15 - Trusted Zone: http://*.alcatel.com
O15 - Trusted Zone: http://*.lucent.com
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://usdals908.ad3.ad.alcatel.co [...] elhtml.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://usdals908.ad3.ad.alcatel.co [...] onPack.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagam [...] b70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramew [...] b56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.lucent.com
O17 - HKLM\Software\..\Telephony: DomainName = emea.lucent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.lucent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

--
End of file - 13591 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-10 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"Outlook2003_conf"=C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe [2008-09-12 127219]
"Ptipbmf"=C:\WINNT\system32\ptipbmf.dll [2003-06-20 118784]
"IgfxTray"=C:\WINNT\system32\igfxtray.exe [2008-10-13 150040]
"HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2008-10-13 178712]
"Persistence"=C:\WINNT\system32\igfxpers.exe [2008-10-13 150040]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-08-15 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
""= []
"TpShocks"=C:\WINNT\system32\TpShocks.exe [2008-06-06 181536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-07-29 242976]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-09 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-09 124248]
"McAfee Host Intrusion Prevention Tray"=C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-07-17 963904]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-11-21 3297280]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-10 39408]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
IPSecClient Icon.lnk - C:\Program Files\IPSec Client\trayicon.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-08-15 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2008-09-11 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"legalnoticecaption"=
"legalnoticetext"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"Btn_Back"=0
"Btn_Forward"=0
"Btn_Stop"=0
"Btn_Refresh"=0
"Btn_Home"=0
"Btn_Search"=0
"Btn_History"=0
"Btn_Favorites"=0
"Btn_Media"=0
"Btn_Folders"=0
"Btn_Fullscreen"=0
"Btn_Tools"=0
"Btn_MailNews"=0
"Btn_Size"=0
"Btn_Print"=0
"Btn_Edit"=0
"Btn_Discussions"=0
"Btn_Cut"=0
"Btn_Copy"=0
"Btn_Paste"=0
"Btn_Encoding"=0
"Btn_PrintPreview"=0
"NoActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoDesktop"=0
"NoFavoritesMenu"=0
"NoFind"=0
"NoRun"=0
"NoSetActiveDesktop"=0
"NoWindowsUpdate"=0
"NoFolderOptions"=0
"NoLogoff"=0
"NoClose"=0
"NoSetFolders"=0
"NoTrayContextMenu"=0
"NoViewContextMenu"=0
"EnforceShellExtensionSecurity"=0
"NoDrives"=0
"NoDeletePrinter"=0
"NoAddPrinter"=0
"NoPrinterTabs"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoToolbarCustomize"=
"NoBandCustomize"=
"NoSMConfigurePrograms"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2009-02-20 14:54:16 ----D---- C:\rsit
2009-02-20 13:26:16 ----D---- C:\Program Files\Process Explorer
2009-02-20 13:13:10 ----D---- C:\Program Files\InfoPC
2009-02-20 13:13:02 ----N---- C:\WINNT\Setup1.exe
2009-02-20 13:13:01 ----A---- C:\WINNT\ST6UNST.EXE
2009-02-20 12:44:16 ----A---- C:\WINNT\system32\HIPIS0e0015b.dll
2009-02-19 12:48:15 ----D---- C:\Program Files\HiJackThis
2009-02-19 12:21:57 ----AD---- D:\Documents and Settings\All Users\Application Data\TEMP
2009-02-19 12:21:53 ----D---- C:\Program Files\SpywareBlaster
2009-02-19 10:03:02 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2009-02-19 10:02:18 ----D---- C:\Program Files\BeClean
2009-02-19 10:01:59 ----HDC---- C:\WINNT\$NtUninstallKB951698$
2009-02-19 10:01:38 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2009-02-19 10:01:17 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2009-02-19 10:00:56 ----HDC---- C:\WINNT\$NtUninstallKB950760$
2009-02-19 09:59:37 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2009-02-19 09:58:12 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2009-02-19 09:57:15 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2009-02-18 21:05:00 ----D---- D:\Documents and Settings\ceccald2\Application Data\Sonic
2009-02-18 21:04:54 ----D---- D:\Documents and Settings\ceccald2\Application Data\Leadertech
2009-02-18 10:10:48 ----D---- D:\Documents and Settings\ceccald2\Application Data\TotalRecorder
2009-02-18 10:10:10 ----D---- C:\Program Files\HighCriteria
2009-02-18 10:10:10 ----A---- C:\WINNT\system32\DrvTrNTl.dll
2009-02-18 10:10:09 ----A---- C:\WINNT\system32\DrvTrNTm.dll
2009-02-18 09:21:14 ----D---- C:\Program Files\Microsoft Common
2009-02-18 09:20:05 ----D---- C:\Quarantine
2009-02-18 08:14:21 ----A---- C:\WINNT\SmAudio.INI
2009-02-18 01:02:41 ----A---- C:\WINNT\system32\TweakUI.exe
2009-02-17 15:46:07 ----D---- D:\Documents and Settings\ceccald2\Application Data\pokerth
2009-02-17 15:44:48 ----D---- C:\Program Files\PokerTH
2009-02-17 07:52:27 ----D---- C:\Program Files\RadarSync
2009-02-17 07:48:40 ----D---- C:\Program Files\Common Files\Download Manager
2009-02-17 07:41:02 ----D---- C:\Program Files\Setup Programs
2009-02-17 07:03:46 ----D---- D:\Documents and Settings\ceccald2\Application Data\Windows Search
2009-02-17 06:37:23 ----D---- C:\WINNT\system32\libmp3lame-3.98.2
2009-02-17 06:33:50 ----D---- C:\Program Files\Audacity
2009-02-15 18:06:56 ----D---- D:\Documents and Settings\ceccald2\Application Data\Sun
2009-02-15 18:06:56 ----D---- C:\WINNT\Sun
2009-02-12 10:33:22 ----A---- C:\WINNT\hpbafd.ini
2009-02-11 19:09:27 ----A---- C:\WINNT\IE4 Error Log.txt
2009-02-11 17:21:21 ----D---- D:\Documents and Settings\ceccald2\Application Data\Real
2009-02-10 23:59:45 ----D---- C:\Program Files\AC3Filter
2009-02-10 23:52:47 ----D---- C:\Program Files\GSpot
2009-02-10 23:33:56 ----D---- C:\Program Files\e-Carte Bleue Société Générale
2009-02-10 23:18:20 ----D---- D:\Documents and Settings\ceccald2\Application Data\GrabIt
2009-02-10 22:21:31 ----D---- D:\Documents and Settings\ceccald2\Application Data\DivX
2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxinsi64.exe
2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxinsa64.exe
2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxhpinst.exe
2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxcpyi64.exe
2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxcpya64.exe
2009-02-10 22:07:51 ----N---- C:\WINNT\system32\pxafs.dll
2009-02-10 22:07:35 ----D---- C:\Program Files\DivX
2009-02-10 21:01:38 ----D---- C:\Program Files\Holdem Indicator
2009-02-10 20:53:19 ----D---- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-02-10 20:42:53 ----D---- C:\Program Files\PokerStars
2009-02-10 17:59:20 ----HDC---- C:\WINNT\$NtUninstallKB958215$
2009-02-10 17:00:35 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2009-02-10 16:59:58 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2009-02-10 16:59:19 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2009-02-10 15:08:43 ----HDC---- C:\WINNT\$NtUninstallKB960714$
2009-02-10 15:07:30 ----HDC---- C:\WINNT\$NtUninstallKB938464$
2009-02-10 15:05:15 ----HDC---- C:\WINNT\$NtUninstallKB954154_WM11$
2009-02-10 15:01:33 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2009-02-10 15:01:06 ----D---- C:\Program Files\MSXML 4.0
2009-02-10 15:00:24 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2009-02-10 14:59:24 ----HDC---- C:\WINNT\$NtUninstallKB954459$
2009-02-10 14:36:49 ----D---- C:\Program Files\QuickPar
2009-02-10 14:27:01 ----D---- C:\Program Files\GrabIt
2009-02-10 14:20:03 ----D---- D:\Documents and Settings\ceccald2\Application Data\profile
2009-02-10 14:19:50 ----D---- C:\Program Files\Robocopy
2009-02-10 13:08:13 ----D---- D:\Documents and Settings\ceccald2\Application Data\Google
2009-02-10 13:07:43 ----D---- D:\Documents and Settings\All Users\Application Data\Google
2009-02-10 13:04:27 ----D---- C:\Program Files\Google
2009-02-10 13:02:43 ----D---- D:\Documents and Settings\ceccald2\Application Data\Macromedia
2009-02-10 13:02:38 ----D---- D:\Documents and Settings\ceccald2\Application Data\Adobe
2009-02-10 12:49:13 ----A---- C:\WINNT\system32\hidserv.dll
2009-02-10 12:18:29 ----HDC---- C:\WINNT\$NtUninstallKB958687$
2009-02-10 12:16:55 ----HDC---- C:\WINNT\$NtUninstallKB954211$
2009-02-10 12:16:27 ----HDC---- C:\WINNT\$NtUninstallKB956841$
2009-02-10 12:15:53 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2009-02-10 12:15:53 ----HD---- C:\WINNT\$hf_mig$
2009-02-10 12:05:20 ----SHD---- C:\RECYCLER
2009-02-10 12:03:29 ----D---- D:\Documents and Settings\ceccald2\Application Data\Windows Desktop Search
2009-02-10 12:03:23 ----D---- D:\Documents and Settings\ceccald2\Application Data\Lenovo
2009-02-10 12:02:26 ----D---- D:\Documents and Settings\ceccald2\Application Data\Apple Computer
2009-02-10 12:01:16 ----A---- C:\FRVELN0L015104-secu.txt
2009-02-09 16:47:31 ----SD---- D:\Documents and Settings\ceccald2\Application Data\Microsoft
2009-02-09 16:47:31 ----D---- D:\Documents and Settings\ceccald2\Application Data\Intel
2009-02-09 16:47:31 ----D---- D:\Documents and Settings\ceccald2\Application Data\Identities
2009-02-09 16:47:31 ----ASH---- D:\Documents and Settings\ceccald2\Application Data\desktop.ini
2009-02-09 16:30:50 ----D---- C:\Program Files\SMS Packages
2009-01-26 20:18:22 ----SHD---- C:\WINNT\CSC
2009-01-26 20:16:46 ----D---- C:\WINNT\SchCache
2009-01-26 20:11:02 ----D---- D:\Documents and Settings\All Users\Application Data\InstallShield
2009-01-26 20:11:02 ----A---- C:\WINNT\WININIT.INI
2009-01-26 20:10:59 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-01-26 20:10:32 ----D---- C:\Program Files\Sonic
2009-01-26 20:10:30 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-01-26 20:09:43 ----D---- C:\Icons
2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeW7.dll
2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizePX.dll
2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeP6.dll
2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeM6.dll
2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresizeA6.dll
2009-01-26 20:07:45 ----A---- C:\WINNT\system32\IVIresize.dll
2009-01-26 20:07:42 ----D---- C:\Program Files\InterVideo
2009-01-26 20:07:31 ----D---- C:\Program Files\Common Files\InterVideo
2009-01-26 20:05:29 ----A---- C:\WINNT\system32\TDDL.dll
2009-01-26 20:04:01 ----D---- D:\Documents and Settings\All Users\Application Data\Lenovo
2009-01-26 20:02:54 ----N---- C:\WINNT\PWMBTHLP.EXE
2009-01-26 20:02:28 ----RA---- C:\WINNT\system32\tpinspm.dll
2009-01-26 20:02:28 ----RA---- C:\WINNT\system32\ibmpmsvc.exe
2009-01-26 20:02:05 ----A---- C:\WINNT\system32\TpKmpSvc.exe
2009-01-26 20:01:40 ----N---- C:\WINNT\system32\ahlprun.exe
2009-01-26 20:01:40 ----A---- C:\WINNT\system32\msxml4r.dll
2009-01-26 20:01:40 ----A---- C:\WINNT\system32\msxml4a.dll
2009-01-26 20:01:38 ----D---- C:\Program Files\ThinkVantage
2009-01-26 19:59:16 ----A---- C:\WINNT\system32\btw_ci.dll
2009-01-26 19:53:39 ----A---- C:\WINNT\system32\tvt_gina_api.dll
2009-01-26 19:53:39 ----A---- C:\WINNT\system32\tvt_gina.dll
2009-01-26 19:53:39 ----A---- C:\WINNT\system32\MFC71u.dll
2009-01-26 19:53:39 ----A---- C:\WINNT\system32\MFC71.dll
2009-01-26 19:53:34 ----D---- C:\Program Files\ThinkPad
2009-01-26 19:53:11 ----A---- C:\WINNT\system32\EEPROMInfo.ini
2009-01-26 19:53:00 ----A---- C:\WINNT\system32\pmemW.dll
2009-01-26 19:53:00 ----A---- C:\WINNT\ibmnames.ini
2009-01-26 19:52:59 ----A---- C:\WINNT\system32\IBMasstW.dll
2009-01-26 19:52:59 ----A---- C:\WINNT\system32\i2cW.dll
2009-01-26 19:51:46 ----A---- C:\WINNT\system32\UCI32M27.dll
2009-01-26 19:51:46 ----A---- C:\WINNT\system32\mdmxsdk.dll
2009-01-26 19:47:35 ----D---- C:\Program Files\Ericsson
2009-01-26 19:46:44 ----A---- C:\WINNT\system32\NETw5r32.dll
2009-01-26 19:46:44 ----A---- C:\WINNT\system32\NETw5c32.dll
2009-01-26 19:46:38 ----D---- D:\Documents and Settings\All Users\Application Data\Intel
2009-01-26 19:46:38 ----D---- C:\Program Files\Common Files\Intel
2009-01-26 19:46:37 ----D---- C:\Program Files\Intel
2009-01-26 19:45:51 ----D---- C:\Program Files\Synaptics
2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynTPCo4.dll
2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynTPAPI.dll
2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynCtrl.dll
2009-01-26 19:45:51 ----A---- C:\WINNT\system32\SynCOM.dll
2009-01-26 19:45:49 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-26 19:44:56 ----D---- C:\Program Files\Lenovo
2009-01-26 19:43:21 ----D---- C:\Program Files\CONEXANT
2009-01-26 19:43:20 ----A---- C:\WINNT\system32\ksuser.dll
2009-01-26 19:42:52 ----N---- C:\WINNT\system32\UCI32A31.dll
2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\igfxext.exe
2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\igfxexps.dll
2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\igfxCoIn_v4990.dll
2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\ig4icd32.dll
2009-01-26 19:40:51 ----RA---- C:\WINNT\system32\ig4dev32.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igxpdx32.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igxpdv32.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxtray.exe
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxsrvc.exe
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxsrvc.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxress.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxpph.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxpers.exe
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxdo.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxdev.dll
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\igfxcfg.exe
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\hkcmd.exe
2009-01-26 19:40:50 ----RA---- C:\WINNT\system32\hccutils.dll
2009-01-26 19:40:49 ----RA---- C:\WINNT\system32\igxprd32.dll
2009-01-26 19:40:49 ----RA---- C:\WINNT\system32\igxpgd32.dll
2009-01-26 19:40:45 ----D---- C:\WINNT\system32\Lang
2009-01-26 19:40:45 ----A---- C:\WINNT\system32\difxapi.dll
2009-01-26 19:40:44 ----RA---- C:\WINNT\system32\igxpun.exe
2009-01-26 19:34:17 ----D---- C:\Program Files\DIFX
2009-01-26 19:33:48 ----D---- C:\WINNT\system32\ReinstallBackups
2009-01-26 19:33:46 ----DC---- C:\WINNT\system32\DRVSTORE
2009-01-26 19:28:41 ----A---- C:\WINNT\system32\setupcl.exe
2009-01-26 18:26:07 ----SHD---- C:\System Volume Information
2009-01-26 13:30:38 ----D---- C:\WINNT\system32\VPCache
2009-01-26 13:18:34 ----D---- C:\WINNT\ms
2009-01-26 13:15:35 ----A---- C:\WINNT\system32\POWERDOWN.vbs
2009-01-26 13:14:55 ----A---- C:\WINNT\the_end.exe
2009-01-26 13:14:38 ----D---- C:\WINNT\system32\SoftwareDistribution
2009-01-26 13:14:38 ----A---- C:\WINNT\system32\wups2.dll
2009-01-26 13:14:38 ----A---- C:\WINNT\system32\wucltui.dll.mui
2009-01-26 13:14:38 ----A---- C:\WINNT\system32\wuaueng.dll.mui
2009-01-26 13:14:37 ----A---- C:\WINNT\system32\wuapi.dll.mui
2009-01-26 12:53:15 ----D---- C:\WINNT\system32\CCM
2009-01-26 12:53:04 ----D---- C:\WINNT\system32\ccmsetup
2009-01-26 12:51:45 ----A---- C:\WINNT\system32\KevlarSigs.dll
2009-01-26 12:51:45 ----A---- C:\WINNT\system32\HcSvc.dll
2009-01-26 12:51:45 ----A---- C:\WINNT\system32\HcSql.dll
2009-01-26 12:51:45 ----A---- C:\WINNT\system32\HcApi.dll
2009-01-26 12:51:36 ----A---- C:\WINNT\system32\mfehida.dll
2009-01-26 12:51:36 ----A---- C:\WINNT\system32\hipqa.dll
2009-01-26 12:51:22 ----D---- C:\Program Files\Common Files\McAfee Inc
2009-01-26 12:50:52 ----A---- C:\WINNT\IE.exe
2009-01-26 12:50:52 ----A---- C:\WINNT\DOTNET.exe
2009-01-26 12:45:30 ----D---- C:\Program Files\Alcatel
2009-01-26 12:42:38 ----D---- C:\Program Files\Common Files\Research In Motion
2009-01-26 12:42:37 ----D---- C:\Program Files\Research In Motion
2009-01-26 12:41:52 ----D---- C:\Program Files\VPNLOGINSCRIPT
2009-01-26 12:41:52 ----A---- C:\WINNT\system32\RunAsDOS.exe
2009-01-26 12:41:52 ----A---- C:\UNWISE.EXE
2009-01-26 12:40:59 ----A---- C:\WINNT\HPMProp.INI
2009-01-26 12:40:31 ----D---- D:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-01-26 12:40:05 ----A---- C:\WINNT\system32\hpmtp081.dll
2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmpw081.dll
2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmpm081.dll
2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmml081.dll
2009-01-26 12:40:04 ----A---- C:\WINNT\system32\hpmja081.dll
2009-01-26 12:40:03 ----A---- C:\WINNT\system32\HPMNQUE.DLL
2009-01-26 12:40:03 ----A---- C:\WINNT\system32\HPMNNDPS.DLL
2009-01-26 12:40:03 ----A---- C:\WINNT\system32\hpcpn081.dll
2009-01-26 12:40:03 ----A---- C:\WINNT\system32\fxcompchannel.dll
2009-01-26 12:39:48 ----D---- C:\Program Files\rasphone_PBK
2009-01-26 12:35:20 ----A---- C:\WINNT\uninstalllucentclient.exe
2009-01-26 12:35:20 ----A---- C:\WINNT\system32\luinst.dll
2009-01-26 12:35:20 ----A---- C:\WINNT\system32\enterr.dll
2009-01-26 12:35:19 ----D---- C:\Program Files\IPSec Client
2009-01-26 12:35:13 ----D---- C:\Local_installation_source
2009-01-26 12:32:09 ----A---- C:\WINNT\system32\WMErrFRA.dll
2009-01-26 12:32:08 ----D---- C:\WINNT\system32\1036
2009-01-26 12:30:46 ----A---- C:\ag_FRVELN0L015104.ini
2009-01-26 12:29:57 ----A---- C:\VSFRVELN0L015104.ini

======List of files/folders modified in the last 1 months======

2009-02-20 14:44:42 ----D---- C:\WINNT\Temp
2009-02-20 13:56:59 ----D---- C:\WINNT\system32
2009-02-20 13:26:21 ----RD---- C:\Program Files
2009-02-20 13:21:18 ----D---- C:\WINNT\system32\CatRoot2
2009-02-20 13:16:38 ----D---- C:\WINNT\system32\drivers
2009-02-20 13:13:27 ----D---- C:\WINNT
2009-02-20 12:47:49 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2009-02-20 12:44:43 ----A---- C:\WINNT\smscfg.ini
2009-02-20 12:43:40 ----D---- C:\Temp
2009-02-20 12:42:08 ----A---- C:\WINNT\SchedLgU.Txt
2009-02-19 22:08:30 ----A---- C:\WINNT\win.ini
2009-02-19 21:53:51 ----D---- C:\WINNT\Prefetch
2009-02-19 18:09:08 ----D---- C:\WINNT\security
2009-02-19 16:24:37 ----SD---- C:\WINNT\Downloaded Program Files
2009-02-19 16:24:03 ----RSHDC---- C:\WINNT\system32\dllcache
2009-02-19 12:52:22 ----D---- C:\WINNT\system32\FxsTmp
2009-02-19 10:05:33 ----D---- C:\WINNT\inf
2009-02-19 10:02:02 ----A---- C:\WINNT\imsins.BAK
2009-02-19 10:00:17 ----SHD---- C:\WINNT\Installer
2009-02-18 14:27:19 ----D---- C:\Program Files\Microsoft Office Communicator
2009-02-18 09:30:18 ----D---- C:\drivers
2009-02-18 03:01:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-17 07:48:40 ----D---- C:\Program Files\Common Files
2009-02-17 07:10:57 ----D---- C:\WINNT\SoftwareDistribution
2009-02-12 15:09:21 ----D---- C:\WINNT\system32\wbem
2009-02-11 02:27:50 ----RSD---- C:\WINNT\Fonts
2009-02-11 02:11:03 ----D---- C:\Program Files\Microsoft ActiveSync
2009-02-10 20:26:35 ----D---- C:\WINNT\Help
2009-02-10 15:07:30 ----D---- C:\WINNT\WinSxS
2009-02-10 12:58:04 ----D---- C:\Program Files\NetMeeting
2009-02-09 17:26:20 ----D---- D:\Documents and Settings\ceccald2\Application Data\Mozilla
2009-02-09 17:26:17 ----D---- D:\Documents and Settings\ceccald2\Application Data\Notes
2009-01-26 20:21:24 ----A---- C:\WINNT\IE55UserRightsDeployment.txt
2009-01-26 20:21:23 ----HD---- C:\WINNT\msdownld.tmp
2009-01-26 20:21:23 ----A---- C:\WINNT\Active Setup Log.txt
2009-01-26 20:21:17 ----D---- C:\WINNT\Cursors
2009-01-26 20:02:59 ----SD---- C:\WINNT\Tasks
2009-01-26 20:02:54 ----D---- C:\WINNT\Media
2009-01-26 19:59:16 ----SD---- C:\WINNT\system32\Microsoft
2009-01-26 19:27:33 ----A---- C:\WINNT\setuplog.txt
2009-01-26 18:26:58 ----D---- C:\WINNT\Registration
2009-01-26 18:25:50 ----D---- C:\WINNT\repair
2009-01-26 13:21:15 ----HD---- C:\WINNT\system32\GroupPolicy
2009-01-26 13:14:24 ----D---- C:\WINNT\system32\Restore
2009-01-26 12:52:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-26 12:51:40 ----D---- D:\Documents and Settings\All Users\Application Data\McAfee
2009-01-26 12:51:22 ----D---- C:\Program Files\McAfee
2009-01-26 12:51:06 ----D---- C:\Program Files\Microsoft Office
2009-01-26 12:50:35 ----D---- C:\Program Files\Userguides
2009-01-26 12:50:30 ----D---- C:\Program Files\IEsettings_10
2009-01-26 12:44:23 ----A---- C:\WINNT\ODBC.INI
2009-01-26 12:43:50 ----D---- C:\WINNT\system
2009-01-26 12:39:48 ----D---- C:\WINNT\system32\ras
2009-01-26 12:38:39 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-26 12:34:31 ----RASH---- C:\boot.ini
2009-01-26 12:33:22 ----D---- C:\WINNT\mui
2009-01-26 12:32:12 ----D---- C:\WINNT\pchealth
2009-01-26 12:32:10 ----D---- C:\Program Files\Windows Media Player
2009-01-26 12:32:06 ----D---- C:\WINNT\system32\oobe
2009-01-26 12:32:05 ----D---- C:\Program Files\Common Files\System
2009-01-26 12:32:04 ----D---- C:\WINNT\system32\CatRoot
2009-01-26 12:32:04 ----D---- C:\WINNT\AppPatch
2009-01-26 12:31:44 ----A---- C:\WINNT\system.ini
2009-01-26 12:31:39 ----A---- C:\WINNT\keyb.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINNT\System32\drivers\ANC.SYS [2008-08-15 11520]
R1 FireTDI;McAfee HIP Component FireTDI; \??\C:\WINNT\system32\Drivers\FireTDI.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINNT\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINNT\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINNT\system32\drivers\mfehidk.sys [2008-04-28 205608]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc. mfetdik; C:\WINNT\system32\drivers\mfetdik.sys [2008-04-28 55112]
R1 nfr.sys;nfr.sys; \??\C:\WINNT\system32\drivers\nfr.sys []
R1 Smapint;Smapint; C:\WINNT\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINNT\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINNT\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINNT\System32\drivers\Tppwrif.sys [2008-07-28 4442]
R1 TSMAPIP;TSMAPIP; C:\WINNT\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINNT\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 I2C;I2C; \??\C:\WINNT\system32\wbem\agent\ci\i2cnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINNT\system32\DRIVERS\mdmxsdk.sys [2008-07-11 12672]
R2 PMEM;PMEM; \??\C:\WINNT\system32\wbem\agent\ci\pmemnt.sys []
R2 s24trans;WLAN Transport; C:\WINNT\system32\DRIVERS\s24trans.sys [2008-08-04 11904]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 btaudio;Bluetooth Audio Device; C:\WINNT\system32\drivers\btaudio.sys [2008-05-30 534568]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINNT\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINNT\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINNT\System32\Drivers\btwusb.sys [2008-08-19 47272]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINNT\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\WINNT\system32\DRIVERS\e1y5132.sys [2008-06-13 243856]
R3 FirehkMP;FirehkMP; C:\WINNT\system32\DRIVERS\firehk.sys [2008-04-29 42056]
R3 firelm01;firelm01; \??\C:\WINNT\system32\drivers\firelm01.sys []
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINNT\system32\drivers\CHDAud.sys [2007-12-18 732160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINNT\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINNT\system32\DRIVERS\HECI.sys [2008-07-11 40832]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HIPK;McAfee Inc. HIPK; C:\WINNT\system32\drivers\HIPK.sys [2008-04-28 100104]
R3 HIPPSK;McAfee Inc. HIPPSK; C:\WINNT\system32\drivers\HIPPSK.sys [2008-04-28 30856]
R3 HIPQK;McAfee Inc. HIPQK; C:\WINNT\system32\drivers\HIPQK.sys [2008-04-28 27976]
R3 HSF_DPV;HSF_DPV; C:\WINNT\system32\DRIVERS\HSF_DPV.sys [2008-07-11 985472]
R3 HSFHWAZL;HSFHWAZL; C:\WINNT\system32\DRIVERS\HSFHWAZL.sys [2008-07-11 210560]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
R3 IBMPMDRV;IBMPMDRV; C:\WINNT\system32\DRIVERS\ibmpmdrv.sys [2008-03-31 23720]
R3 LuIPSec;Alcatel-Lucent VPN Miniport; C:\WINNT\system32\DRIVERS\luipsec.sys [2008-02-20 320768]
R3 mfeapfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeapfk.sys [2008-01-24 64232]
R3 mfeavfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeavfk.sys [2008-01-24 72936]
R3 mfebopk;McAfee Inc.; C:\WINNT\system32\drivers\mfebopk.sys [2008-01-24 33960]
R3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINNT\system32\DRIVERS\NETw5x32.sys [2008-08-29 3632384]
R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 prepdrvr;SMS Process Event Driver; \??\C:\WINNT\system32\CCM\prepdrv.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINNT\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINNT\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 SynTP;Synaptics TouchPad Driver; C:\WINNT\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINNT\system32\drivers\TotRec7.sys [2008-04-17 120472]
R3 tpm;tpm; C:\WINNT\system32\DRIVERS\tpm.sys [2008-07-11 13824]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2008-07-11 731264]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\WINNT\system32\DRIVERS\e1k5132.sys [2008-07-22 144992]
S3 Firehk;McAfee NDIS Intermediate Filter; C:\WINNT\system32\DRIVERS\firehk.sys [2008-04-29 42056]
S3 nm;Network Monitor Driver; C:\WINNT\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 RimUsb;Téléphone intelligent BlackBerry ; C:\WINNT\System32\Drivers\RimUsb.sys [2007-05-31 22656]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WPRO_40_1040;WinPcap Packet Driver (WPRO_40_1040); C:\WINNT\system32\drivers\WPRO_40_1040.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-08-15 90112]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-08-15 212992]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-08-18 346720]
R2 CcmExec;SMS Agent Host; C:\WINNT\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2008-07-17 1455424]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-08-20 860160]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINNT\system32\ibmpmsvc.exe [2008-03-31 36640]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LucentIKE;LucentIKE; C:\Program Files\IPSec Client\LucentIKESvc.exe [2008-02-20 147456]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2008-01-24 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2008-01-24 54608]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINNT\System32\svchost.exe [2008-04-14 14336]
R2 NFRAgent;NFRAgent; C:\WINNT\system32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-08-20 466944]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2008-08-20 905216]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINNT\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINNT\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
R2 WSearch;Windows Search; C:\WINNT\system32\SearchIndexer.exe [2008-05-26 439808]
R3 hips;McAfee HIPSCore Service; C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2008-04-28 46400]
S2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-07-28 94208]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINNT\system32\fxssvc.exe [2008-04-14 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-10 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 OPNET Application Capture Agent;OPNET Application Capture Agent; C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe [2007-12-05 929792]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


Info.txt
======

info.txt logfile of random's system information tool 1.05 2009-02-20 14:54:27

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINNT\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINNT\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINNT\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
AcrobatReader_81-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ACTIVESYNC_45-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11-->MsiExec.exe /I{F33E4247-AD8E-4D52-A405-1CFD884216C7}
Alcatel 4980 Client-->MsiExec.exe /I{FDFFB6D1-0F28-4989-9BA1-478078DDBA84}
Alcatel-Lucent IPSec Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C0F57A2C-7392-11D4-8126-00C04F04AEDF}\Setup.exe" -l0x9 AnyText
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BeClean-->"C:\Program Files\BeClean\unins000.exe"
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -I*.INF
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decoder Pak for Windows XP-->MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
Ericsson Wireless Module Core-->MsiExec.exe /X{64211D43-D195-413C-A7E7-666C10B53E1F}
FileZilla_2218-->MsiExec.exe /I{A816E2DF-11E3-4140-A583-ECD6590AFD64}
FrameworkDotnet_11-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
FRAMEWORKDOTNET_20-->C:\WINNT\Microsoft.NET\Framework\v2.0.50727\FRAMEWORKDOTNET_20\install.exe
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
GrabIt 1.7.2 Beta 3 (build 996)-->"C:\Program Files\GrabIt\unins000.exe"
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\HiJackThis\HijackThis.exe" /uninstall
Holdem Indicator 1.6.3-->"C:\Program Files\Holdem Indicator\unins000.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINNT\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
IE5 Registration-->MsiExec.exe /I{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}
InfoPC-->C:\WINNT\st6unst.exe -n "C:\Program Files\InfoPC\ST6UNST.LOG"
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINNT\system32\igxpun.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
JRE_16006-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Keyboard Layout Changer For .DEFAULT User (Login Screen)-->MsiExec.exe /I{014DF7EF-6A6E-4195-A82F-8DB2B00BCB2A}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee Host Intrusion Prevention-->MsiExec.exe /X{B332732A-4958-41DD-B439-DDA2D32753C5}
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2003 French User Interface Pack-->MsiExec.exe /I{901E040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Communicator 2005-->MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Project Standard 2003-->MsiExec.exe /I{903A0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de support technique BlackBerry S/MIME Version 4.1-->MsiExec.exe /X{367929F8-DC4B-4AA9-8A4B-A3C4EAAB1D63}
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSOfficeCOMPPACK_2007-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
OPNET Application Capture Agent 3.8-->"C:\Program Files\InstallShield Installation Information\{132F7D38-FA45-11D5-BDC3-00104B938A09}\setup.exe" -runfromtemp -l0x0009Add_Remove -removeonly
PaintDotNet_305-->MsiExec.exe /X{6A8DEA40-B4AA-4687-B9F8-4E8185E65B05}
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
PokerTH-->C:\Program Files\PokerTH\uninstall.exe
Presentation Director-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RadarSync -->C:\Program Files\RadarSync\uninst.exe
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
ROAMINGPROFILE_10-->MsiExec.exe /I{99695FD9-A9AB-40C2-9CCD-74513F1E9D0C}
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINNT\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINNT\$NtUninstallKB960714$\spuninst\spuninst.exe"
SHADOWCOPYCLIENT_20-->MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Startload-->MsiExec.exe /I{735CE24E-E792-472D-BEB4-E5CBDE6957CF}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
ThinkPad Modem Adapter-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -AWB -ITkp5051k.INF
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\setup.exe" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\setup.exe" -l0x9 UNINSTALL
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
Total Recorder 7.0-->"C:\Program Files\HighCriteria\TotalRecorder\setup.exe" U
Tweak UI-->"C:\WINNT\system32\mshta.exe" "res://C:\WINNT\system32\TweakUI.exe/uninstall.hta"
UPHClean_16D-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VPNLOGINSCRIPT_30-->C:\UNWISE.EXE C:\PROGRA~1\VPNLOGINSCRIPT\INSTALL.LOG
Windows Driver Package - Intel (HECI) System (03/26/2008 4.0.1.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\heci_8A158C73CCCAE3063FB7B79D050439E0EFC1F5F0\heci.inf
Windows Driver Package - Intel (Serial) Ports (03/26/2008 5.4.0.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\mesrl_9AA500529278C95047EC72C38353B35AD06F3459\mesrl.inf
Windows Driver Package - Intel (tpm) System (03/26/2008 4.0.1.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\tpm_F4B269EF8C38A562CB6889B0566281F519459752\tpm.inf
Windows Driver Package - Intel Ports (03/26/2008 5.4.0.1074)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\Dpinst.exe /u C:\WINNT\system32\DRVSTORE\mesrle_B00653EB3AA15AF1D9DBD28FB6D

Répondre à sholinam
Destrio5   20-02-2009 à 15:11:12
- 0 +

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.


Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

Message cité 1 fois
Répondre à Destrio5
sholinam   20-02-2009 à 16:01:27
- 0 +

Destrio5 a écrit :

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Il va te demander d'installer la console de récupération : accepte.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.


Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix




Voici ci-dessous (heureusement que vous êtes là car pour moi c'est du Tamoul !):

ComboFix 09-02-19.01 - ceccald2 2009-02-20 15:43:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1033.18.1992.1376 [GMT 1:00]
Lancé depuis: c:\program files\Setup Programs\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated)
FW: McAfee Host Intrusion Prevention Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft Common
c:\winnt\ie.exe
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\drivers\nfr.sys
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\All Users\Start Menu\Internet Explorer.lnk

----- BITS: Il y a peut-être des sites infectés -----

hxxp://FRVELSSMS32:8081
hxxp://139.54.202.226:8081
hxxp://FRORMSSMS03.AD2.AD.ALCATEL.COM:8081
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NFR.SYS
-------\Service_nfr.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-20 au 2009-02-20 ))))))))))))))))))))))))))))))))))))
.

2009-02-20 15:47 . 2008-04-28 16:19 75,072 --a------ c:\winnt\system32\HIPIS0e0015b.dll
2009-02-20 14:54 . 2009-02-20 14:54 <DIR> d-------- C:\rsit
2009-02-20 13:26 . 2009-02-20 13:26 <DIR> d-------- c:\program files\Process Explorer
2009-02-20 13:13 . 2009-02-20 13:13 <DIR> d-------- c:\program files\InfoPC
2009-02-20 13:13 . 2009-02-20 13:13 253,952 --------- c:\winnt\Setup1.exe
2009-02-20 13:13 . 2009-02-20 13:13 74,752 --a------ c:\winnt\ST6UNST.EXE
2009-02-19 16:23 . 2008-04-14 00:15 26,368 --a--c--- c:\winnt\system32\dllcache\usbstor.sys
2009-02-19 12:21 . 2009-02-20 02:37 <DIR> d-a------ d:\documents and settings\All Users\Application Data\TEMP
2009-02-19 12:21 . 2009-02-19 12:21 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-19 10:02 . 2009-02-19 11:47 <DIR> d-------- c:\program files\BeClean
2009-02-19 10:01 . 2008-06-13 12:05 272,128 --------- c:\winnt\system32\drivers\bthport.sys
2009-02-19 10:01 . 2008-06-13 12:05 272,128 -----c--- c:\winnt\system32\dllcache\bthport.sys
2009-02-18 21:05 . 2009-02-18 21:05 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Sonic
2009-02-18 21:04 . 2009-02-18 21:04 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Leadertech
2009-02-18 13:26 . 2009-02-18 13:27 <DIR> d-------- d:\documents and settings\ceccald2\DoctorWeb
2009-02-18 10:10 . 2009-02-18 10:11 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\TotalRecorder
2009-02-18 10:10 . 2009-02-18 10:10 <DIR> d-------- c:\program files\HighCriteria
2009-02-18 10:10 . 2008-04-17 01:34 120,472 --a------ c:\winnt\system32\drivers\TotRec7.sys
2009-02-18 10:10 . 2008-04-12 12:29 106,496 --a------ c:\winnt\system32\DrvTrNTl.dll
2009-02-18 10:10 . 2008-04-17 01:34 59,032 --a------ c:\winnt\system32\DrvTrNTm.dll
2009-02-18 09:21 . 2009-02-18 09:21 12,804 --a------ c:\winnt\system32\drivers\nfr.dll
2009-02-18 09:21 . 2009-02-18 09:21 0 --a------ c:\winnt\system32\drivers\nfr.dll.gpref
2009-02-18 09:21 . 2009-02-18 09:21 0 --a------ c:\winnt\system32\drivers\nfr.dll.assembly
2009-02-18 09:20 . 2009-02-18 14:36 <DIR> d-------- C:\Quarantine
2009-02-18 08:14 . 2009-02-18 08:14 27 --a------ c:\winnt\SmAudio.INI
2009-02-18 01:02 . 2003-06-25 16:05 266,360 --a------ c:\winnt\system32\TweakUI.exe
2009-02-18 01:02 . 2002-06-21 15:09 160,217 --a------ c:\winnt\system32\PowerToysLicense.rtf
2009-02-17 15:46 . 2009-02-17 15:46 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\pokerth
2009-02-17 15:44 . 2009-02-17 15:45 <DIR> d-------- c:\program files\PokerTH
2009-02-17 07:52 . 2009-02-17 07:52 <DIR> d-------- c:\program files\RadarSync
2009-02-17 07:48 . 2009-02-17 07:48 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-02-17 07:41 . 2009-02-20 15:36 <DIR> d-------- c:\program files\Setup Programs
2009-02-17 07:03 . 2009-02-17 07:03 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Windows Search
2009-02-17 06:37 . 2009-02-17 06:37 <DIR> d-------- c:\winnt\system32\libmp3lame-3.98.2
2009-02-17 06:33 . 2009-02-17 06:33 <DIR> d-------- c:\program files\Audacity
2009-02-15 18:06 . 2009-02-15 18:06 <DIR> d-------- c:\winnt\Sun
2009-02-12 10:33 . 2009-02-19 17:45 464 --a------ c:\winnt\hpbafd.ini
2009-02-11 19:08 . 2009-02-11 19:08 54,156 --ah----- c:\winnt\QTFont.qfn
2009-02-10 23:59 . 2009-02-10 23:59 <DIR> d-------- c:\program files\AC3Filter
2009-02-10 23:59 . 2008-07-09 09:05 421,888 --a------ c:\winnt\system32\ac3filter.acm
2009-02-10 23:52 . 2009-02-10 23:52 <DIR> d-------- c:\program files\GSpot
2009-02-10 23:33 . 2009-02-10 23:33 <DIR> d-------- c:\program files\e-Carte Bleue Société Générale
2009-02-10 23:19 . 2009-02-10 23:19 <DIR> d---s---- d:\documents and settings\ceccald2\UserData
2009-02-10 23:18 . 2009-02-11 02:18 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\GrabIt
2009-02-10 22:21 . 2009-02-10 22:21 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\DivX
2009-02-10 22:07 . 2009-02-10 22:08 <DIR> d-------- c:\program files\DivX
2009-02-10 22:07 . 2008-11-06 17:37 129,784 --------- c:\winnt\system32\pxafs.dll
2009-02-10 22:07 . 2008-11-06 17:37 120,056 --------- c:\winnt\system32\pxcpyi64.exe
2009-02-10 22:07 . 2008-11-06 17:37 118,520 --------- c:\winnt\system32\pxinsi64.exe
2009-02-10 22:07 . 2008-11-06 17:37 9,464 --------- c:\winnt\system32\drivers\cdralw2k.sys
2009-02-10 22:07 . 2008-11-06 17:37 9,336 --------- c:\winnt\system32\drivers\cdr4_xp.sys
2009-02-10 21:01 . 2009-02-20 03:59 <DIR> d-------- c:\program files\Holdem Indicator
2009-02-10 20:42 . 2009-02-20 00:39 <DIR> d-------- c:\program files\PokerStars
2009-02-10 15:01 . 2009-02-10 15:01 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-10 15:00 . 2008-10-24 12:21 455,296 -----c--- c:\winnt\system32\dllcache\mrxsmb.sys
2009-02-10 14:36 . 2009-02-10 14:36 <DIR> d-------- c:\program files\QuickPar
2009-02-10 14:27 . 2009-02-10 14:27 <DIR> d-------- c:\program files\GrabIt
2009-02-10 14:20 . 2009-02-10 14:20 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\profile
2009-02-10 14:19 . 2009-02-10 14:19 <DIR> d-------- c:\program files\Robocopy
2009-02-10 13:04 . 2009-02-10 13:08 <DIR> d-------- c:\program files\Google
2009-02-10 12:49 . 2008-04-14 05:41 21,504 --a------ c:\winnt\system32\hidserv.dll
2009-02-10 12:49 . 2008-04-14 05:41 21,504 --a--c--- c:\winnt\system32\dllcache\hidserv.dll
2009-02-10 12:48 . 2008-04-14 00:15 32,128 --a------ c:\winnt\system32\drivers\usbccgp.sys
2009-02-10 12:48 . 2008-04-14 00:15 32,128 --a--c--- c:\winnt\system32\dllcache\usbccgp.sys
2009-02-10 12:16 . 2008-08-14 11:11 2,189,184 -----c--- c:\winnt\system32\dllcache\ntoskrnl.exe
2009-02-10 12:16 . 2008-08-14 11:09 2,145,280 -----c--- c:\winnt\system32\dllcache\ntkrnlmp.exe
2009-02-10 12:16 . 2008-08-14 10:33 2,066,048 -----c--- c:\winnt\system32\dllcache\ntkrnlpa.exe
2009-02-10 12:16 . 2008-08-14 10:33 2,023,936 -----c--- c:\winnt\system32\dllcache\ntkrpamp.exe
2009-02-10 12:15 . 2009-02-19 10:03 <DIR> d--h----- c:\winnt\$hf_mig$
2009-02-10 12:03 . 2009-02-10 12:03 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Windows Desktop Search
2009-02-10 12:03 . 2009-02-10 12:03 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Lenovo
2009-02-10 12:02 . 2009-02-10 12:02 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Apple Computer
2009-02-09 16:47 . 2009-02-09 16:47 <DIR> d-------- d:\documents and settings\prichter
2009-02-09 16:47 . 2009-01-26 19:46 <DIR> d-------- d:\documents and settings\ceccald2\Application Data\Intel
2009-02-09 16:47 . 2009-02-19 09:55 <DIR> d-------- d:\documents and settings\ceccald2
2009-02-09 16:30 . 2009-02-18 10:20 <DIR> d-------- c:\program files\SMS Packages
2009-01-26 20:17 . 2009-01-26 20:17 262,144 --a------ c:\winnt\system32\default_user_class.dat
2009-01-26 20:16 . 2009-01-26 20:16 <DIR> d-------- d:\documents and settings\admin\Application Data\Lenovo
2009-01-26 20:16 . 2009-01-26 20:16 <DIR> d-------- c:\winnt\SchCache
2009-01-26 20:11 . 2009-01-26 20:11 <DIR> d-------- d:\documents and settings\All Users\Application Data\InstallShield
2009-01-26 20:11 . 2009-01-26 20:11 102 --a------ c:\winnt\WININIT.INI
2009-01-26 20:10 . 2009-01-26 20:11 <DIR> d-------- c:\program files\Sonic
2009-01-26 20:10 . 2009-01-26 20:10 <DIR> d-------- c:\program files\Common Files\SureThing Shared
2009-01-26 20:10 . 2009-01-26 20:11 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2009-01-26 20:09 . 2009-01-26 20:09 <DIR> d-------- C:\Icons
2009-01-26 20:08 . 2009-01-26 20:08 <DIR> d-------- d:\documents and settings\LocalService\Application Data\Avaya
2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- d:\documents and settings\admin\Application Data\InstallShield
2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- c:\program files\InterVideo
2009-01-26 20:07 . 2009-01-26 20:07 <DIR> d-------- c:\program files\Common Files\InterVideo
2009-01-26 20:07 . 2002-11-22 03:57 204,800 --a------ c:\winnt\system32\IVIresizeW7.dll
2009-01-26 20:07 . 2002-11-22 03:57 200,704 --a------ c:\winnt\system32\IVIresizeA6.dll
2009-01-26 20:07 . 2002-11-22 03:57 192,512 --a------ c:\winnt\system32\IVIresizeP6.dll
2009-01-26 20:07 . 2002-11-22 03:57 192,512 --a------ c:\winnt\system32\IVIresizeM6.dll
2009-01-26 20:07 . 2002-11-22 03:57 188,416 --a------ c:\winnt\system32\IVIresizePX.dll
2009-01-26 20:07 . 2002-11-22 03:57 20,480 --a------ c:\winnt\system32\IVIresize.dll
2009-01-26 20:06 . 2006-10-02 00:55 55,296 --------- c:\winnt\system32\TP98.CPL
2009-01-26 20:06 . 2006-10-02 00:55 14,848 --------- c:\winnt\system32\drivers\SMAPINT.SYS
2009-01-26 20:06 . 2006-10-02 00:55 9,343 --------- c:\winnt\system32\drivers\TDSMAPI.SYS
2009-01-26 20:05 . 2008-07-11 15:48 13,824 --a------ c:\winnt\system32\drivers\tpm.sys
2009-01-26 20:05 . 2008-07-11 15:48 10,752 --a------ c:\winnt\system32\TDDL.dll
2009-01-26 20:04 . 2009-01-26 20:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Lenovo
2009-01-26 20:03 . 2008-07-31 03:01 4,608 --------- c:\winnt\system32\drivers\TSMAPIP.SYS
2009-01-26 20:02 . 2008-03-31 16:10 36,640 -ra------ c:\winnt\system32\ibmpmsvc.exe
2009-01-26 20:02 . 2008-03-31 16:10 35,104 -ra------ c:\winnt\system32\tpinspm.dll
2009-01-26 20:02 . 2006-06-29 22:57 32,768 --a------ c:\winnt\system32\TpKmpSvc.exe
2009-01-26 20:02 . 2008-03-31 16:10 23,720 -ra------ c:\winnt\system32\drivers\ibmpmdrv.sys
2009-01-26 20:02 . 2008-07-28 17:43 16,384 --------- c:\winnt\PWMBTHLP.EXE
2009-01-26 20:02 . 2008-07-28 17:43 4,442 --------- c:\winnt\system32\drivers\TPPWRIF.SYS
2009-01-26 20:01 . 2009-01-26 20:09 <DIR> d-------- c:\program files\ThinkVantage
2009-01-26 20:01 . 2007-09-14 04:01 922,920 --------- c:\winnt\system32\ahlprun.exe
2009-01-26 20:01 . 2002-02-04 05:13 82,432 --a------ c:\winnt\system32\msxml4r.dll
2009-01-26 20:01 . 2002-02-04 05:13 44,544 --a------ c:\winnt\system32\msxml4a.dll
2009-01-26 20:01 . 2002-02-07 17:43 9,679 --a------ c:\winnt\system32\msxml4r.cat
2009-01-26 20:01 . 2002-02-07 17:43 9,675 --a------ c:\winnt\system32\msxml4.cat
2009-01-26 20:01 . 2002-02-06 19:31 3,489 --a------ c:\winnt\system32\msxml4.Manifest
2009-01-26 20:01 . 2002-02-06 19:31 500 --a------ c:\winnt\system32\msxml4r.Manifest
2009-01-26 20:00 . 2009-01-26 20:00 <DIR> d-------- d:\documents and settings\admin\Bluetooth Software
2009-01-26 19:59 . 2008-08-19 22:15 991,656 --a------ c:\winnt\system32\drivers\btkrnl.sys
2009-01-26 19:59 . 2008-05-30 12:46 534,568 --a------ c:\winnt\system32\drivers\btaudio.sys
2009-01-26 19:59 . 2007-09-20 12:59 106,557 --a------ c:\winnt\system32\btw_ci.dll
2009-01-26 19:59 . 2008-06-11 15:14 89,896 --a------ c:\winnt\system32\drivers\btwsecfl.sys
2009-01-26 19:59 . 2008-08-19 22:15 47,272 --a------ c:\winnt\system32\drivers\btwusb.sys
2009-01-26 19:59 . 2008-02-04 18:57 37,160 --a------ c:\winnt\system32\drivers\btport.sys
2009-01-26 19:53 . 2009-01-26 20:10 <DIR> d-------- c:\program files\ThinkPad
2009-01-26 19:53 . 2003-03-19 15:20 1,060,864 --a------ c:\winnt\system32\MFC71.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 13:27 --------- d-----w c:\program files\Microsoft Office Communicator
2009-02-18 02:01 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 01:11 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-09 16:26 --------- d-----w d:\documents and settings\ceccald2\Application Data\Notes
2009-01-26 11:51 --------- d-----w d:\documents and settings\All Users\Application Data\McAfee
2009-01-26 11:51 --------- d-----w c:\program files\McAfee
2009-01-26 11:50 --------- d-----w c:\program files\Userguides
2009-01-26 11:50 --------- d-----w c:\program files\IEsettings_10
2008-07-02 18:36 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-07-02 18:36 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-07-02 18:36 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-07-02 18:36 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-07-02 18:36 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"Outlook2003_conf"="c:\winnt\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe" [2008-09-12 127219]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-13 150040]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-13 178712]
"Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-13 150040]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-08-15 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-08-15 143360]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-07-29 242976]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-28 331776]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-28 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"McAfee Host Intrusion Prevention Tray"="c:\program files\McAfee\Host Intrusion Prevention\FireTray.exe" [2008-07-17 963904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 c:\winnt\system32\ptipbmf.dll]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\winnt\system32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-12-05 3900936]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2008-08-18 604776]
IPSecClient Icon.lnk - c:\program files\IPSec Client\trayicon.exe [2009-01-26 675840]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-08-15 22:37 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"wave"= DrvTrNTm.dll
"mixer"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\emea.lucent.com\SysVol\emea.lucent.com\Policies\{889529DF-E7A8-4D43-A01E-994C0DBC162F}\Machine\Scripts\Startup\SMS.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-14602\Scripts\Logoff\0\0]
"Script"=KEYBOARD.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1220945662-796845957-725345543-14602\Scripts\Logoff\0\1]
"Script"=c:\program files\Profile Light\Logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-1004\Scripts\Logoff\0\0]
"Script"=KEYBOARD.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-1004\Scripts\Logoff\0\1]
"Script"=c:\program files\Profile Light\Logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-500\Scripts\Logoff\0\0]
"Script"=KEYBOARD.CMD

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2771389641-1448483085-95018141-500\Scripts\Logoff\0\1]
"Script"=c:\program files\Profile Light\Logoff.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Fasttrak;Fasttrak;c:\winnt\system32\drivers\Fasttrak.sys [2008-11-19 75520]
R0 Shockprf;Shockprf;c:\winnt\system32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\winnt\system32\drivers\ApsHM86.sys [2008-05-14 19496]
R0 vmscsi;vmscsi;c:\winnt\system32\drivers\vmscsi.sys [2008-11-19 11026]
R1 ANC;ANC;c:\winnt\system32\drivers\ANC.sys [2009-01-26 11520]
R1 IBMTPCHK;IBMTPCHK;c:\winnt\system32\drivers\IBMBLDID.sys [2009-01-26 4224]
R1 TPPWRIF;TPPWRIF;c:\winnt\system32\drivers\TPPWRIF.SYS [2009-01-26 4442]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\McAfee\Host Intrusion Prevention\FireSvc.exe [2008-07-17 1455424]
R2 I2C;I2C;c:\winnt\system32\wbem\agent\ci\i2cnt.sys [2009-01-26 35704]
R2 LucentIKE;LucentIKE;c:\program files\IPSec Client\lucentikesvc.exe [2009-01-26 147456]
R2 NFRAgent;NFRAgent;c:\winnt\system32\svchost.exe -k nfrsvc [2008-11-19 14336]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\winnt\system32\drivers\e1y5132.sys [2008-11-19 243856]
R3 FirehkMP;FirehkMP;c:\winnt\system32\drivers\firehk.sys [2008-04-29 42056]
R3 LuIPSec;Alcatel-Lucent VPN Miniport;c:\winnt\system32\drivers\luipsec.sys [2009-01-26 320768]
R3 TotRec7;Total Recorder WDM audio driver;c:\winnt\system32\drivers\TotRec7.sys [2009-02-18 120472]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009-01-26 94208]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [2008-11-19 144992]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\winnt\system32\drivers\firehk.sys [2008-04-29 42056]
S3 HIPK;McAfee Inc. HIPK;c:\winnt\system32\drivers\HIPK.sys [2009-01-26 100104]
S3 HIPPSK;McAfee Inc. HIPPSK;c:\winnt\system32\drivers\HIPPSK.sys [2009-01-26 30856]
S3 HIPQK;McAfee Inc. HIPQK;c:\winnt\system32\drivers\HIPQK.sys [2009-01-26 27976]
S3 hips;McAfee HIPSCore Service;c:\program files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe [2009-01-26 46400]
S3 WPRO_40_1040;WinPcap Packet Driver (WPRO_40_1040);c:\winnt\system32\drivers\WPRO_40_1040.sys --> c:\winnt\system32\drivers\WPRO_40_1040.sys [?]
SUnknown OPNET Application Capture Agent;OPNET Application Capture Agent;c:\program files\OPNET\AppCapture3.8\op_capture_server.exe [2008-11-19 929792]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nfrsvc REG_MULTI_SZ NFRAgent

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{Profile}]
d:\config\master\profile\profile.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{QIESettings_10}]
c:\program files\IEsettings_10\cu.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\BTooth]
c:\winnt\Installer\BTooth\LBTScript.exe /s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Hibernate]
powercfg /CHANGE Portable/Laptop /hibernate-timeout-ac 0

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MSOffice_2003]
c:\program files\Microsoft Office\Office11\cu.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NetmeetingConf_10]
c:\winnt\INSTALLER\NetmeetingConf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OfficeTemplates_10]
c:\program files\Microsoft Office\Templates\Alcatel-Lucent\Templates.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PDFCreator_091]
c:\winnt\Installer\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}\PDFCreator_CU.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\QuickTime_745]
d:\documents and settings\All Users\Application Data\Apple Computer\QuickTime\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\RealPlayer_1061]
c:\program files\Real\RealPlayer\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shockwave11]
c:\winnt\INSTALLER\MACROMEDIA\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SonicDigitalMediaPlus_70]
c:\program files\Common Files\Sonic Shared\Sonic Central\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Standby]
powercfg /CHANGE Portable/Laptop /standby-timeout-ac 0

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7WMP_USER]
c:\program files\Windows Media Player\cu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
c:\winnt\IE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
c:\winnt\DOTNET.EXE
.
Contenu du dossier 'Tâches planifiées'

2009-02-20 c:\winnt\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-07-28 17:43]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://all.alcatel-lucent.com/
uSearch Page = hxxp://www.google.com
uSearch Bar =
uInternet Settings,ProxyServer = http=localhost:7070
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Trusted Zone: alcatel-lucent.com
Trusted Zone: alcatel-lucent.de
Trusted Zone: alcatel-lucent.fr
Trusted Zone: alcatel.com
Trusted Zone: alcatel.de
Trusted Zone: alcatel.fr
Trusted Zone: frillslib01
Trusted Zone: lucent.com
Trusted Zone: alcatel-lucent.com
Trusted Zone: alcatel-lucent.de
Trusted Zone: alcatel-lucent.fr
Trusted Zone: alcatel.com
Trusted Zone: alcatel.de
Trusted Zone: alcatel.fr
Trusted Zone: automation.local
Trusted Zone: frillslib01
Trusted Zone: frmeus0dvp01
Trusted Zone: lucent.com
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} - hxxps://usdals908.ad3.ad.alcatel.com/sales_enu/16279/applets/siebelhtml.cab
DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxps://usdals908.ad3.ad.alcatel.com/sales_enu/16279/applets/SiebelOptionPack.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 15:49:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(216)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(288)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\winnt\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\IPSec Client\lucentike.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\winnt\system32\TPHDEXLG.exe
c:\winnt\system32\TpKmpSvc.exe
c:\program files\UPHClean\uphclean.exe
c:\winnt\system32\searchindexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\winnt\system32\CCM\CcmExec.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\winnt\system32\msiexec.exe
c:\winnt\system32\igfxsrvc.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\winnt\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\winnt\system32\mmc.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\winnt\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Heure de fin: 2009-02-20 15:50:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-20 14:50:52

Avant-CF: 27 512 938 496 bytes free
Après-CF: 27,561,390,080 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Répondre à sholinam
Destrio5   20-02-2009 à 18:12:19
- 0 +

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

Message cité 1 fois
Répondre à Destrio5
sholinam   21-02-2009 à 08:45:41
- 0 +

Destrio5 a écrit :

  • Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
  • Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
  • Sélectionne Exécuter un examen rapide.
  • Clique sur Rechercher.
  • L'analyse démarre.
  • A la fin de l'analyse, un message s'affiche :
Citation :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.


  • Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
  • Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.



Bonjour,

Voilà ci-dessous:

====================

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1783
Windows 5.1.2600 Service Pack 3

2009-02-21 08:19:17
mbam-log-2009-02-21 (08-19-17).txt

Type de recherche: Examen rapide
Eléments examinés: 76504
Temps écoulé: 4 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfragent (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nfragent (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfragent (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINNT\system32\drivers\nfr.dll (Trojan.Agent) -> Delete on reboot.
C:\WINNT\system32\drivers\nfr.dll.assembly (Trojan.Agent) -> Quarantined and deleted successfully.

====================

-Sho

Répondre à sholinam
Destrio5   21-02-2009 à 08:55:31
- 0 +

  • Refais un examen rapide avec MBAM et poste le rapport.

Message cité 1 fois
Répondre à Destrio5
sholinam   21-02-2009 à 11:08:26
- 0 +

Destrio5 a écrit :

  • Refais un examen rapide avec MBAM et poste le rapport.



Tout à l'air ok now..
Voici:

============

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1783
Windows 5.1.2600 Service Pack 3

2009-02-21 11:06:02
mbam-log-2009-02-21 (11-06-02).txt

Type de recherche: Examen rapide
Eléments examinés: 76462
Temps écoulé: 3 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

==================

Répondre à sholinam
Destrio5   21-02-2009 à 13:12:59
- 0 +

  • Relance MBAM, va dans Quarantaine et supprime tout.





  • Refais un scan RSIT et poste le rapport log.

Message cité 1 fois
Répondre à Destrio5
sholinam   21-02-2009 à 23:32:55
- 0 +

Destrio5 a écrit :

  • Relance MBAM, va dans Quarantaine et supprime tout.





  • Refais un scan RSIT et poste le rapport log.



Voici (je ne mets pas IE à la dernière version pour des raisons de compatibilité avec un autre outil):

===========

Logfile of random's system information tool 1.05 (written by random/random)
Run by ceccald2 at 2009-02-21 23:30:30
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 26 GB (65%) free of 40 GB
Total RAM: 1992 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30, on 2009-02-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IPSec Client\LucentIKESvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\IPSec Client\LucentIKE.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINNT\System32\TPHDEXLG.exe
C:\WINNT\system32\TpKmpSVC.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINNT\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\IPSec Client\trayicon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Setup Programs\RSIT.exe
C:\Program Files\HiJackThis\ceccald2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://all.alcatel-lucent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Outlook2003_conf] C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINNT\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: IPSecClient Icon.lnk = C:\Program Files\IPSec Client\trayicon.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://all.alcatel-lucent.com
O15 - Trusted Zone: http://*.alcatel-lucent.com
O15 - Trusted Zone: http://*.alcatel.com
O15 - Trusted Zone: http://*.lucent.com
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://usdals908.ad3.ad.alcatel.co [...] elhtml.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://usdals908.ad3.ad.alcatel.co [...] onPack.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/down [...] leId=27986
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagam [...] b70018.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramew [...] b56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.ado [...] nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.lucent.com
O17 - HKLM\Software\..\Telephony: DomainName = emea.lucent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.lucent.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ad2.ad.alcatel.com,emea.lucent.com,dc-m.alcatel-lucent.com,fr.alcatel-lucent.com,netfr.alcatel.fr,ad1.ad.alcatel.com,srv.eu.alcatel.com,wins.lucent.com,na02.lucent.com,lucent.com,ap01.lucent.com,cit.alcatel.fr,vz.cit.alcatel.fr,vx.cit.alcatel.fr
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HIPSCore Service (hips) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LucentIKE - Unknown owner - C:\Program Files\IPSec Client\LucentIKESvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.8\op_capture_server.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINNT\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

--
End of file - 13922 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-10 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-10 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-10 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-01-24 111952]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"Outlook2003_conf"=C:\WINNT\Installer\{90E00409-6000-11D3-8CFE-0150048383C9}\cu.exe [2008-09-12 127219]
"Ptipbmf"=C:\WINNT\system32\ptipbmf.dll [2003-06-20 118784]
"IgfxTray"=C:\WINNT\system32\igfxtray.exe [2008-10-13 150040]
"HotKeysCmds"=C:\WINNT\system32\hkcmd.exe [2008-10-13 178712]
"Persistence"=C:\WINNT\system32\igfxpers.exe [2008-10-13 150040]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-08-15 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-15 143360]
"TpShocks"=C:\WINNT\system32\TpShocks.exe [2008-06-06 181536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-07-29 242976]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2008-07-31 60192]
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-09 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-09 124248]
"McAfee Host Intrusion Prevention Tray"=C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2008-07-17 963904]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-21 148888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINNT\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

=============

Répondre à sholinam
sholinam   21-02-2009 à 23:55:32
- 0 +

Destrio5 a écrit :

Le PC va comment ?




Il a l'air de bien aller. Plus d'indirections Google pour l'instant, plus de crash intempestiv de svchost.exe...

Merci beaucoup !

Répondre à sholinam
Destrio5   22-02-2009 à 00:02:15
- 0 +

1/

  • Désinstalle HijackThis.
  • Menu Démarrer > Exécuter > Tape combofix /u et valide.


  • Télécharge ToolsCleaner2 sur ton Bureau.
  • Double-clique sur ToolsCleaner2.exe pour le lancer.
  • Clique sur Recherche et laisse le scan agir.
  • Clique sur Suppression pour finaliser.
  • Tu peux, si tu le souhaites, te servir des Options Facultatives.
  • Clique sur Quitter pour obtenir le rapport.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).



2/

  • Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar).
  • Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
  • Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
  • Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).



3/




==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Comme navigateur, utilise plutôt Mozilla Firefox qu'Internet Explorer. Tu peux utiliser l'extension NoScript pour plus de sécurité.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, onglet Mises à jour automatiques).

Tu peux aussi modifier le fichier Hosts pour améliorer la sécurité de ton PC : Lien

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien


==Problème résolu ?==

Si tu estimes que ton problème est résolu :

---> Ajoute maintenant [Résolu] au titre. Pour cela :

  • Clique, dans ton premier message, sur le bouton Editer http://img.infos-du-net.com/forum/themes_static/images_forum/3/edit.gif.
  • Rajoute la mention [Résolu] devant le titre.
  • Clique ensuite sur Valider votre message.



Sois plus vigilant(e) sur Internet ;)

Répondre à Destrio5
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > Redirection des pages Google...virus ? RESOLU
Aller à :

Il y a 1690 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,687 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens