Virus Vundo - HELP !
Résolu
gregrock
Messages postés
60
Statut
Membre
-
gregrock Messages postés 60 Statut Membre -
gregrock Messages postés 60 Statut Membre -
Bonjour,
Avant de commencer, je tiens à dire a "Marie" et à "le sioux" que je ne posterais plus d'autre post sur ce forum, j'ai bien compris les règles et compte les respecter ! Vous me laisserez bien, j'imagine cette dernière chance de sauvé mon pc d'un vol plané du 5ème étage, non ? Si vous le faite pas pour moi, faite le pour lui.... merci
Je suis infesté comme beaucoup de monde par Vundo et viens de lire la marche a suivre de "green day" que l'on trouve ici : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde pour s'en débarassée.
Malheureusement même après avoir renomé mon Hijack.exe en CCM.exe je n'ai toujours pas de ligne 020 et mes lignes 02 m'ont l'air normal.
Quelqu'un est-il capable de lire mon rapport et de me dire ce que je peux faire pour eradiquer ce virus ? je remercie cette personne d'avance.
voila mon dernier rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:49, on 26.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\greg\Desktop\CCM.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2flenovo.live.com%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2flenovo.live.com%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\greg\AppData\Local\Temp\ssqRLfEV.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Incrustation (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Avant de commencer, je tiens à dire a "Marie" et à "le sioux" que je ne posterais plus d'autre post sur ce forum, j'ai bien compris les règles et compte les respecter ! Vous me laisserez bien, j'imagine cette dernière chance de sauvé mon pc d'un vol plané du 5ème étage, non ? Si vous le faite pas pour moi, faite le pour lui.... merci
Je suis infesté comme beaucoup de monde par Vundo et viens de lire la marche a suivre de "green day" que l'on trouve ici : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde pour s'en débarassée.
Malheureusement même après avoir renomé mon Hijack.exe en CCM.exe je n'ai toujours pas de ligne 020 et mes lignes 02 m'ont l'air normal.
Quelqu'un est-il capable de lire mon rapport et de me dire ce que je peux faire pour eradiquer ce virus ? je remercie cette personne d'avance.
voila mon dernier rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:49, on 26.05.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\greg\Desktop\CCM.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2flenovo.live.com%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2flenovo.live.com%2f%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\greg\AppData\Local\Temp\ssqRLfEV.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: Incrustation (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Virus Vundo - HELP !
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
27 réponses
bin ca fait déja un moment que Avast ne m'embête plus...
Voilà le rapport combo:
ComboFix 08-05-25.5 - greg 2008-06-01 23:51:56.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1622 [GMT 2:00]
Endroit: C:\Users\greg\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 21:47 --------- d-----w C:\Users\greg\AppData\Roaming\Skype
2008-06-01 20:24 --------- d-----w C:\Users\greg\AppData\Roaming\skypePM
2008-05-30 06:57 --------- d-----w C:\Users\greg\AppData\Roaming\Desktopicon
2008-05-30 06:28 --------- d-----w C:\ProgramData\FLEXnet
2008-05-30 06:20 --------- d-----w C:\Users\greg\AppData\Roaming\Malwarebytes
2008-05-30 06:20 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-30 06:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 23:06 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-28 20:39 --------- d-----w C:\Users\greg\AppData\Roaming\Grisoft
2008-05-28 20:39 --------- d-----w C:\ProgramData\Grisoft
2008-05-28 20:33 --------- d-----w C:\Program Files\CCleaner
2008-05-26 21:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-26 21:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-26 18:59 --------- d-----w C:\Program Files\Unlocker
2008-05-26 14:54 27,240 ----a-w C:\Users\greg\AppData\Roaming\nvModes.dat
2008-05-26 12:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-26 07:11 --------- d-----w C:\ProgramData\Macrovision
2008-05-26 07:11 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-26 06:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-26 06:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 22:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-25 22:00 --------- d-----w C:\Program Files\Rhinoceros 4.0
2008-05-25 22:00 --------- d-----w C:\Program Files\Common Files\McNeel Shared
2008-05-25 21:59 --------- d-----w C:\ProgramData\McNeel
2008-05-25 21:21 --------- d-----w C:\Program Files\Microsoft Works
2008-05-25 21:20 --------- d-----w C:\Program Files\MSBuild
2008-05-25 21:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-25 21:15 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-25 14:12 --------- d-----w C:\Users\greg\AppData\Roaming\Lenovo
2008-05-25 14:12 --------- d-----w C:\Users\greg\AppData\Roaming\InstallShield
2008-05-25 14:12 --------- d-----w C:\Users\greg\AppData\Roaming\acccore
2008-05-25 14:08 --------- d-----w C:\ProgramData\Viewpoint
2008-05-25 14:08 --------- d-----w C:\ProgramData\UIB
2008-05-25 14:08 --------- d-----w C:\ProgramData\Skype
2008-05-25 14:08 --------- d-----w C:\ProgramData\PC-Doctor
2008-05-25 14:08 --------- d-----w C:\ProgramData\Lenovo
2008-05-25 14:08 --------- d-----w C:\ProgramData\Intel
2008-05-25 14:08 --------- d-----w C:\ProgramData\AOL OCP
2008-05-25 14:08 --------- d-----w C:\ProgramData\AOL Downloads
2008-05-25 14:08 --------- d-----w C:\ProgramData\AOL
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Mail
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Journal
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-25 14:07 --------- d-----w C:\Program Files\Viewpoint
2008-05-25 14:07 --------- d-----w C:\Program Files\ThinkVantage
2008-05-25 14:06 --------- d-----w C:\Program Files\Synaptics
2008-05-25 14:06 --------- d-----w C:\Program Files\Skype
2008-05-25 14:06 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-25 14:06 --------- d-----w C:\Program Files\PCDR5
2008-05-25 14:05 --------- d-----w C:\Program Files\NetWaiting
2008-05-25 14:05 --------- d-----w C:\Program Files\Microsoft Games
2008-05-25 14:03 --------- d-----w C:\Program Files\InterVideo
2008-05-25 14:03 --------- d-----w C:\Program Files\DivX
2008-05-25 14:03 --------- d-----w C:\Program Files\DIFX
2008-05-25 14:03 --------- d-----w C:\Program Files\CONEXANT
2008-05-25 14:03 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-25 14:02 --------- d-----w C:\Program Files\Cisco
2008-05-25 14:02 --------- d-----w C:\Program Files\Analog Devices
2008-05-25 14:02 --------- d-----w C:\Program Files\Alwil Software
2008-05-25 14:02 --------- d-----w C:\Program Files\AIM6
2008-05-17 15:11 56 ---h--w C:\Users\All Users\ezsidmv.dat
2008-05-17 15:11 56 ---h--w C:\ProgramData\ezsidmv.dat
2008-05-17 08:43 47 ------w C:\Windows\system32\drivers\IBM_6460_6XG.MRK
2008-05-17 08:43 --------- d-----w C:\Program Files\Lenovo
2008-05-17 07:55 1,585,664 ------w C:\Windows\System32\setupapi.dll
2008-05-17 07:33 174 --sh--w C:\Program Files\desktop.ini
2008-05-17 07:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-17 07:24 704,000 ------w C:\Windows\System32\PhotoScreensaver.scr
2008-05-17 07:22 1,060,920 ------w C:\Windows\system32\drivers\ntfs.sys
2008-05-17 07:21 8,147,968 ------w C:\Windows\System32\wmploc.DLL
2008-05-17 07:21 7,680 ------w C:\Windows\System32\spwmp.dll
2008-05-17 07:21 4,096 ------w C:\Windows\System32\dxmasf.dll
2008-05-17 07:21 356,864 ------w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-17 07:19 803,328 ------w C:\Windows\system32\drivers\tcpip.sys
2008-05-17 07:19 24,064 ------w C:\Windows\System32\netcfg.exe
2008-05-17 07:19 22,016 ------w C:\Windows\System32\netiougc.exe
2008-05-17 07:19 216,632 ------w C:\Windows\system32\drivers\netio.sys
2008-05-17 07:19 167,424 ------w C:\Windows\System32\tcpipcfg.dll
2008-05-17 07:18 1,327,104 ------w C:\Windows\System32\quartz.dll
2008-05-17 07:17 9,728 ------w C:\Windows\System32\LAPRXY.DLL
2008-05-17 07:17 296,448 ------w C:\Windows\System32\gdi32.dll
2008-05-17 07:17 223,232 ------w C:\Windows\System32\WMASF.DLL
2008-05-17 07:17 2,048 ------w C:\Windows\System32\asferror.dll
2008-05-17 07:17 2,027,008 ------w C:\Windows\System32\win32k.sys
2008-05-17 07:16 2,048 ------w C:\Windows\System32\msxml6r.dll
2008-05-17 07:16 1,335,296 ------w C:\Windows\System32\msxml6.dll
2008-05-17 07:14 84,480 ------w C:\Windows\System32\INETRES.dll
2008-05-17 07:14 737,792 ------w C:\Windows\System32\inetcomm.dll
2008-05-17 07:14 11,776 ------w C:\Windows\System32\sbunattend.exe
2008-05-17 07:13 84,992 ------w C:\Windows\system32\drivers\srvnet.sys
2008-05-17 07:13 83,968 ------w C:\Windows\System32\dnsrslvr.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_17.08.09.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-28 21:37:26 45,056 ----a-w C:\Windows\BDOSCAN8\avxdisk.dll
+ 2008-05-28 21:37:27 10,240 ----a-w C:\Windows\BDOSCAN8\avxs.dll
+ 2008-05-28 21:37:27 27,136 ----a-w C:\Windows\BDOSCAN8\avxt.dll
+ 2008-05-28 21:37:32 181,760 ----a-w C:\Windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
+ 2008-05-28 21:37:34 142,848 ----a-w C:\Windows\BDOSCAN8\libfn.dll
+ 2008-05-28 21:37:28 86,016 ----a-w C:\Windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\Windows\bdoscandel.exe
- 2008-05-26 15:03:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-01 21:50:31 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\Windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\Windows\Downloaded Program Files\ipsupd.dll
+ 2006-10-27 13:16:36 133,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 18:55:32 87,344 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 13:07:36 17,891,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 18:55:48 340,248 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 13:04:08 497,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 13:16:46 2,939,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 18:34:12 660,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 18:34:10 192,848 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-09-15 14:25:18 3,611,416 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 13:16:44 594,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 13:16:48 12,813,096 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 13:16:40 176,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-26 18:09:36 136,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 18:55:54 413,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 13:04:06 624,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:09:44 590,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 18:55:44 263,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 18:55:44 272,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-05-25 21:23:05 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-26 21:24:43 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-25 21:23:05 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-26 21:24:43 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-25 21:23:05 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-26 21:24:43 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-25 21:23:05 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-26 21:24:43 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-25 21:23:05 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-26 21:24:43 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-25 21:23:05 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-26 21:24:43 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-25 21:23:05 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-26 21:24:43 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-25 21:23:05 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-26 21:24:43 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-25 21:23:05 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-26 21:24:43 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-25 21:23:05 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-26 21:24:43 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-25 21:23:05 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-26 21:24:43 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-25 21:23:05 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-26 21:24:43 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-11-02 09:46:13 41,472 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- 2008-05-26 15:03:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-26 15:03:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-26 14:54:28 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-01 18:27:48 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-26 14:54:28 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-01 18:27:48 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-26 14:54:28 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-01 18:27:48 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\Windows\System32\drivers\AvgAsCln.sys
+ 2006-11-02 09:46:14 664,576 ----a-w C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
+ 2006-11-02 09:04:23 39,936 ----a-w C:\Windows\System32\drivers\WpdUsb.sys
- 2008-05-26 06:31:39 373,512 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-05-30 06:59:07 511,304 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-05-26 14:56:15 4,676 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2696429381-2222186485-2678389321-1000_UserData.bin
+ 2008-06-01 09:30:01 5,648 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2696429381-2222186485-2678389321-1000_UserData.bin
- 2008-05-26 14:56:15 69,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-01 09:30:00 71,138 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-26 14:56:08 36,988 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-01 09:29:58 39,924 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 09:46:14 33,280 ----a-w C:\Windows\System32\WpdConns.dll
+ 2006-11-02 09:46:14 151,552 ----a-w C:\Windows\System32\WpdMtp.dll
+ 2006-11-02 09:46:14 60,416 ----a-w C:\Windows\System32\WpdMtpUS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
2008-02-19 13:05 784960 --------- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-17 09:14 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 10:21 66928]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-21 18:08 820520]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 02:20 558368]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-01-11 02:20 214576]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\Windows\System32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-27 09:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-27 09:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-27 09:57 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 01:21 217176]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 12:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 02:21 144728]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-17 13:37 431392]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-17 13:37 128288]
"LenovoOobeOffers"="c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 19:01 28672]
"LPMailChecker"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 02:21 124248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 10:13 1282048]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 03:06 59680]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []
"GrpConv"="grpconv -o" []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-26 08:50:43 110592]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 22:11:50 719664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-17 01:10:11 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-03-15 07:17 89600 C:\Windows\System32\psqlpwd.dll
[HKLM\~\startupfolder\C:^Users^greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]
path=C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
backup=C:\Windows\pss\LenovoWelcome.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
--------- 2007-02-01 20:00 419376 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2007-11-29 18:36 2872632 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--------- 2008-03-26 03:06 59680 C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{31656E5A-22D0-436A-857A-7CD86485D68D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{89326607-E7DD-45E0-8A0C-B3D3DBC892D2}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EE2BBB68-C915-4B68-8659-EE17F6510740}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9F4841D1-16AB-408B-BE30-7FBBA704AD0E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CF993300-D66D-43AD-961B-196489870950}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E1FB2FC0-695F-4B9D-9C3D-C01A56FB8E67}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A561987B-FE9E-474B-A7B6-9F01D53A77EC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ECD8F275-1B6A-4CAD-8C14-689E7D728650}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
S1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 12:04]
S1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2008-01-11 02:20]
S1 tvtumon;tvtumon;C:\Windows\system32\DRIVERS\tvtumon.sys [2008-02-03 09:20]
S2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 23:44]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
S2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 07:10]
S2 TPHKSVC;Incrustation;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-12-14 16:37]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-12-05 17:32]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-02-03 09:20]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 14:36]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 20:46]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 07:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 07:20]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-03-15 06:50]
S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 21:59]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-01 21:11:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 23:57:08
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 23:58:04
ComboFix-quarantined-files.txt 2008-06-01 21:58:00
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
317 --- E O F --- 2008-05-30 12:42:24
Voilà le rapport combo:
ComboFix 08-05-25.5 - greg 2008-06-01 23:51:56.3 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Intégrale 6.0.6000.0.1252.1.1036.18.1622 [GMT 2:00]
Endroit: C:\Users\greg\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 21:47 --------- d-----w C:\Users\greg\AppData\Roaming\Skype
2008-06-01 20:24 --------- d-----w C:\Users\greg\AppData\Roaming\skypePM
2008-05-30 06:57 --------- d-----w C:\Users\greg\AppData\Roaming\Desktopicon
2008-05-30 06:28 --------- d-----w C:\ProgramData\FLEXnet
2008-05-30 06:20 --------- d-----w C:\Users\greg\AppData\Roaming\Malwarebytes
2008-05-30 06:20 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-30 06:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-29 23:06 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-28 20:39 --------- d-----w C:\Users\greg\AppData\Roaming\Grisoft
2008-05-28 20:39 --------- d-----w C:\ProgramData\Grisoft
2008-05-28 20:33 --------- d-----w C:\Program Files\CCleaner
2008-05-26 21:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-26 21:22 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-26 18:59 --------- d-----w C:\Program Files\Unlocker
2008-05-26 14:54 27,240 ----a-w C:\Users\greg\AppData\Roaming\nvModes.dat
2008-05-26 12:02 --------- d-----w C:\Program Files\Hewlett-Packard
2008-05-26 07:11 --------- d-----w C:\ProgramData\Macrovision
2008-05-26 07:11 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-26 06:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-26 06:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 22:25 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-25 22:00 --------- d-----w C:\Program Files\Rhinoceros 4.0
2008-05-25 22:00 --------- d-----w C:\Program Files\Common Files\McNeel Shared
2008-05-25 21:59 --------- d-----w C:\ProgramData\McNeel
2008-05-25 21:21 --------- d-----w C:\Program Files\Microsoft Works
2008-05-25 21:20 --------- d-----w C:\Program Files\MSBuild
2008-05-25 21:18 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-25 21:15 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-05-25 14:12 --------- d-----w C:\Users\greg\AppData\Roaming\Lenovo
2008-05-25 14:12 --------- d-----w C:\Users\greg\AppData\Roaming\InstallShield
2008-05-25 14:12 --------- d-----w C:\Users\greg\AppData\Roaming\acccore
2008-05-25 14:08 --------- d-----w C:\ProgramData\Viewpoint
2008-05-25 14:08 --------- d-----w C:\ProgramData\UIB
2008-05-25 14:08 --------- d-----w C:\ProgramData\Skype
2008-05-25 14:08 --------- d-----w C:\ProgramData\PC-Doctor
2008-05-25 14:08 --------- d-----w C:\ProgramData\Lenovo
2008-05-25 14:08 --------- d-----w C:\ProgramData\Intel
2008-05-25 14:08 --------- d-----w C:\ProgramData\AOL OCP
2008-05-25 14:08 --------- d-----w C:\ProgramData\AOL Downloads
2008-05-25 14:08 --------- d-----w C:\ProgramData\AOL
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Mail
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Journal
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-25 14:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-25 14:07 --------- d-----w C:\Program Files\Viewpoint
2008-05-25 14:07 --------- d-----w C:\Program Files\ThinkVantage
2008-05-25 14:06 --------- d-----w C:\Program Files\Synaptics
2008-05-25 14:06 --------- d-----w C:\Program Files\Skype
2008-05-25 14:06 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-25 14:06 --------- d-----w C:\Program Files\PCDR5
2008-05-25 14:05 --------- d-----w C:\Program Files\NetWaiting
2008-05-25 14:05 --------- d-----w C:\Program Files\Microsoft Games
2008-05-25 14:03 --------- d-----w C:\Program Files\InterVideo
2008-05-25 14:03 --------- d-----w C:\Program Files\DivX
2008-05-25 14:03 --------- d-----w C:\Program Files\DIFX
2008-05-25 14:03 --------- d-----w C:\Program Files\CONEXANT
2008-05-25 14:03 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\Skype
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-25 14:02 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-25 14:02 --------- d-----w C:\Program Files\Cisco
2008-05-25 14:02 --------- d-----w C:\Program Files\Analog Devices
2008-05-25 14:02 --------- d-----w C:\Program Files\Alwil Software
2008-05-25 14:02 --------- d-----w C:\Program Files\AIM6
2008-05-17 15:11 56 ---h--w C:\Users\All Users\ezsidmv.dat
2008-05-17 15:11 56 ---h--w C:\ProgramData\ezsidmv.dat
2008-05-17 08:43 47 ------w C:\Windows\system32\drivers\IBM_6460_6XG.MRK
2008-05-17 08:43 --------- d-----w C:\Program Files\Lenovo
2008-05-17 07:55 1,585,664 ------w C:\Windows\System32\setupapi.dll
2008-05-17 07:33 174 --sh--w C:\Program Files\desktop.ini
2008-05-17 07:27 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-17 07:24 704,000 ------w C:\Windows\System32\PhotoScreensaver.scr
2008-05-17 07:22 1,060,920 ------w C:\Windows\system32\drivers\ntfs.sys
2008-05-17 07:21 8,147,968 ------w C:\Windows\System32\wmploc.DLL
2008-05-17 07:21 7,680 ------w C:\Windows\System32\spwmp.dll
2008-05-17 07:21 4,096 ------w C:\Windows\System32\dxmasf.dll
2008-05-17 07:21 356,864 ------w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-17 07:19 803,328 ------w C:\Windows\system32\drivers\tcpip.sys
2008-05-17 07:19 24,064 ------w C:\Windows\System32\netcfg.exe
2008-05-17 07:19 22,016 ------w C:\Windows\System32\netiougc.exe
2008-05-17 07:19 216,632 ------w C:\Windows\system32\drivers\netio.sys
2008-05-17 07:19 167,424 ------w C:\Windows\System32\tcpipcfg.dll
2008-05-17 07:18 1,327,104 ------w C:\Windows\System32\quartz.dll
2008-05-17 07:17 9,728 ------w C:\Windows\System32\LAPRXY.DLL
2008-05-17 07:17 296,448 ------w C:\Windows\System32\gdi32.dll
2008-05-17 07:17 223,232 ------w C:\Windows\System32\WMASF.DLL
2008-05-17 07:17 2,048 ------w C:\Windows\System32\asferror.dll
2008-05-17 07:17 2,027,008 ------w C:\Windows\System32\win32k.sys
2008-05-17 07:16 2,048 ------w C:\Windows\System32\msxml6r.dll
2008-05-17 07:16 1,335,296 ------w C:\Windows\System32\msxml6.dll
2008-05-17 07:14 84,480 ------w C:\Windows\System32\INETRES.dll
2008-05-17 07:14 737,792 ------w C:\Windows\System32\inetcomm.dll
2008-05-17 07:14 11,776 ------w C:\Windows\System32\sbunattend.exe
2008-05-17 07:13 84,992 ------w C:\Windows\system32\drivers\srvnet.sys
2008-05-17 07:13 83,968 ------w C:\Windows\System32\dnsrslvr.dll
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-26_17.08.09.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-28 21:37:26 45,056 ----a-w C:\Windows\BDOSCAN8\avxdisk.dll
+ 2008-05-28 21:37:27 10,240 ----a-w C:\Windows\BDOSCAN8\avxs.dll
+ 2008-05-28 21:37:27 27,136 ----a-w C:\Windows\BDOSCAN8\avxt.dll
+ 2008-05-28 21:37:32 181,760 ----a-w C:\Windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 13:01:48 118,784 ----a-w C:\Windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\Windows\BDOSCAN8\ipsupd.dll
+ 2008-05-28 21:37:34 142,848 ----a-w C:\Windows\BDOSCAN8\libfn.dll
+ 2008-05-28 21:37:28 86,016 ----a-w C:\Windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\Windows\bdoscandel.exe
- 2008-05-26 15:03:39 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-01 21:50:31 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-01-09 13:01:48 118,784 ----a-w C:\Windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 13:01:48 53,248 ----a-w C:\Windows\Downloaded Program Files\ipsupd.dll
+ 2006-10-27 13:16:36 133,936 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\CONTAB32.DLL
+ 2006-10-26 18:55:32 87,344 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\DLGSETP.DLL
+ 2006-10-27 13:07:36 17,891,112 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\EXCEL.EXE
+ 2006-10-26 18:55:48 340,248 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\MIMEDIR.DLL
+ 2006-10-27 13:04:08 497,504 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\MORPH9.DLL
+ 2006-10-27 13:04:10 9,581,360 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\MSPUB.EXE
+ 2006-10-27 13:16:46 2,939,704 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OLMAPI32.DLL
+ 2006-10-26 18:34:12 660,792 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OMSMAIN.DLL
+ 2006-10-26 18:34:10 192,848 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OMSXP32.DLL
+ 2006-09-15 14:25:18 3,611,416 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2006-10-27 13:16:44 594,256 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLMIME.DLL
+ 2006-10-27 13:16:48 12,813,096 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLOOK.EXE
+ 2006-10-27 13:16:40 176,976 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\OUTLPH.DLL
+ 2006-10-26 18:09:36 136,008 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PRTF9.DLL
+ 2006-10-26 18:55:54 413,472 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PSTPRX32.DLL
+ 2006-10-27 13:04:06 624,456 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PTXT9.DLL
+ 2006-10-26 18:09:44 590,144 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\PUBCONV.DLL
+ 2006-10-26 18:55:44 263,520 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\SCNPST32.DLL
+ 2006-10-26 18:55:44 272,744 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\SCNPST64.DLL
+ 2006-10-27 13:23:04 347,432 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WINWORD.EXE
+ 2006-10-27 13:11:38 4,235,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WRD12CNV.DLL
+ 2006-10-27 13:11:36 21,264 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WRD12EXE.EXE
+ 2006-10-27 13:23:08 17,483,560 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\WWLIB.DLL
+ 2006-10-26 19:13:08 14,674,216 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\XL12CNV.EXE
+ 2006-10-26 19:17:08 11,072 ----a-r C:\Windows\Installer\$PatchCache$\Managed\[u]0/u0002109030000000000000000F01FEC\12.0.4518\XLCALL32.DLL
- 2008-05-25 21:23:05 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-26 21:24:43 1,165,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-25 21:23:05 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-26 21:24:43 20,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-25 21:23:05 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-26 21:24:43 159,504 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-25 21:23:05 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-26 21:24:43 184,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-25 21:23:05 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-26 21:24:43 217,864 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-25 21:23:05 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-26 21:24:43 18,704 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-25 21:23:05 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-26 21:24:43 35,088 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-25 21:23:05 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-26 21:24:43 845,584 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-25 21:23:05 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-26 21:24:43 922,384 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-25 21:23:05 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-26 21:24:43 272,648 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-25 21:23:05 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-26 21:24:43 888,080 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-25 21:23:05 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-26 21:24:43 1,172,240 ----a-r C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2006-11-02 09:46:13 41,472 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
- 2008-05-26 15:03:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-26 15:03:55 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-01 21:49:19 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-26 14:54:28 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-01 18:27:48 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-26 14:54:28 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-01 18:27:48 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-26 14:54:28 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-01 18:27:48 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\Windows\System32\drivers\AvgAsCln.sys
+ 2006-11-02 09:46:14 664,576 ----a-w C:\Windows\System32\drivers\UMDF\WpdMtpDr.dll
+ 2006-11-02 09:04:23 39,936 ----a-w C:\Windows\System32\drivers\WpdUsb.sys
- 2008-05-26 06:31:39 373,512 ----a-w C:\Windows\System32\FNTCACHE.DAT
+ 2008-05-30 06:59:07 511,304 ----a-w C:\Windows\System32\FNTCACHE.DAT
- 2008-05-26 14:56:15 4,676 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2696429381-2222186485-2678389321-1000_UserData.bin
+ 2008-06-01 09:30:01 5,648 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2696429381-2222186485-2678389321-1000_UserData.bin
- 2008-05-26 14:56:15 69,280 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-01 09:30:00 71,138 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-26 14:56:08 36,988 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-01 09:29:58 39,924 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 09:46:14 33,280 ----a-w C:\Windows\System32\WpdConns.dll
+ 2006-11-02 09:46:14 151,552 ----a-w C:\Windows\System32\WpdMtp.dll
+ 2006-11-02 09:46:14 60,416 ----a-w C:\Windows\System32\WpdMtpUS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]
2008-02-19 13:05 784960 --------- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-17 09:14 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 10:21 66928]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-21 18:08 820520]
"PWMTRV"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-01-11 02:20 558368]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL" [2008-01-11 02:20 214576]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\Windows\System32\TpShocks.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-27 09:57 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-27 09:57 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-27 09:57 81920]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 01:21 217176]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 12:51 91688]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 02:21 144728]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-03-17 13:37 431392]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-03-17 13:37 128288]
"LenovoOobeOffers"="c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe" [2006-12-29 19:01 28672]
"LPMailChecker"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 02:21 124248]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-12-07 10:13 1282048]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 03:06 59680]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []
"GrpConv"="grpconv -o" []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-26 08:50:43 110592]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-03-29 22:11:50 719664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-17 01:10:11 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-03-15 07:17 89600 C:\Windows\System32\psqlpwd.dll
[HKLM\~\startupfolder\C:^Users^greg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LenovoWelcome.lnk]
path=C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LenovoWelcome.lnk
backup=C:\Windows\pss\LenovoWelcome.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
--------- 2007-02-01 20:00 419376 C:\Program Files\ThinkVantage\AMSG\Amsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
--------- 2007-11-29 18:36 2872632 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--------- 2008-03-26 03:06 59680 C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{31656E5A-22D0-436A-857A-7CD86485D68D}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{89326607-E7DD-45E0-8A0C-B3D3DBC892D2}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EE2BBB68-C915-4B68-8659-EE17F6510740}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9F4841D1-16AB-408B-BE30-7FBBA704AD0E}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CF993300-D66D-43AD-961B-196489870950}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E1FB2FC0-695F-4B9D-9C3D-C01A56FB8E67}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A561987B-FE9E-474B-A7B6-9F01D53A77EC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ECD8F275-1B6A-4CAD-8C14-689E7D728650}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 Shockprf;Shockprf;C:\Windows\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
S1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 12:04]
S1 TPPWRIF;TPPWRIF;C:\Windows\system32\drivers\Tppwr32v.sys [2008-01-11 02:20]
S1 tvtumon;tvtumon;C:\Windows\system32\DRIVERS\tvtumon.sys [2008-02-03 09:20]
S2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 23:44]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
S2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-15 07:10]
S2 TPHKSVC;Incrustation;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-12-14 16:37]
S2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [2007-12-05 17:32]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-02-03 09:20]
S2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 14:36]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 09:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 20:46]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 07:20]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 07:20]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-03-15 06:50]
S3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 21:59]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-06-01 21:11:00 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 23:57:08
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-06-01 23:58:04
ComboFix-quarantined-files.txt 2008-06-01 21:58:00
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
317 --- E O F --- 2008-05-30 12:42:24
Bin ça m'en a tout l'aire aussi... La seule chose que je puisse dire c'est que Avast ne se manifeste plus ! Mais comme la dernière fois que je t'ai dis ça tu as très justement su me dire qu'il y avait encore des bébêtes... Je n'ose qu'espérer que cette fois c'est tout bon.
En tout cas je te remercie énormément pour le temps et la patience que tu as su me vouer ces derniers jours. Sans toi mon ordi aurait sans nul doute fusionné avec le mur à l’heure qu’il est !
J’ai malheureusement encore une ou deux petites questions :
1- Que dois-je faire avec mes disques durs externes. Dois-je les scanner avec avast (ou autre) avant de les utiliser?
2-Es-ce que je peux supprimer les logiciels que j’ai du installer lors de la procédure ? (AVG – Hijack – Ccleaner – Vundo fix – Combofix - MalwareByte's Anti-Malware)
Si oui - Es-ce qu’il y a qqch à savoir de particulier pour les supprimer ou puis-je le faire de façon « classique » ?
Et dernière question :
3-Es-ce que tu me conseille de changer Avast contre Antivir ? As-tu peut-être encore autre chose à me conseiller ?
Merci encore pour tout !
En tout cas je te remercie énormément pour le temps et la patience que tu as su me vouer ces derniers jours. Sans toi mon ordi aurait sans nul doute fusionné avec le mur à l’heure qu’il est !
J’ai malheureusement encore une ou deux petites questions :
1- Que dois-je faire avec mes disques durs externes. Dois-je les scanner avec avast (ou autre) avant de les utiliser?
2-Es-ce que je peux supprimer les logiciels que j’ai du installer lors de la procédure ? (AVG – Hijack – Ccleaner – Vundo fix – Combofix - MalwareByte's Anti-Malware)
Si oui - Es-ce qu’il y a qqch à savoir de particulier pour les supprimer ou puis-je le faire de façon « classique » ?
Et dernière question :
3-Es-ce que tu me conseille de changer Avast contre Antivir ? As-tu peut-être encore autre chose à me conseiller ?
Merci encore pour tout !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re salut green day,
Qu'es que tu me conseilles pour les programmes installés ? les supprimer ? en garder ?
++
Qu'es que tu me conseilles pour les programmes installés ? les supprimer ? en garder ?
++
Salut
fusionner le pc avec le mur ! :D
joliment imagé ! :)
1- Que dois-je faire avec mes disques durs externes. Dois-je les scanner avec avast (ou autre) avant de les utiliser?
ça dépend de la nature des documents qui y sont stockés ! si ce sont des documents téléchargés, il vaut mieux les scanner oui !
2-Es-ce que je peux supprimer les logiciels que j’ai du installer lors de la procédure ? (AVG – Hijack – Ccleaner – Vundo fix – Combofix - MalwareByte's Anti-Malware)
tu peux tout supprimer ( de manière classique ! )sauf avg, ccleaner et MalwareByte's Anti-Malware, très très bien, gratuits et à utiliser régulièrement en les mettant à jour régulièrement aussi !
3-Es-ce que tu me conseille de changer Avast contre Antivir ?
oui, mais antivir est en anglais pour vista, sinon c'est vrai qu'il semble ces temps si être un peu plus performant qu'avast !
As-tu peut-être encore autre chose à me conseiller ?
installe un parefeu si tu n'en as pas !
tout ce qu'il y a à faire est résumé ici :
http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet
pas d'quoi ! ;-))
@+
fusionner le pc avec le mur ! :D
joliment imagé ! :)
1- Que dois-je faire avec mes disques durs externes. Dois-je les scanner avec avast (ou autre) avant de les utiliser?
ça dépend de la nature des documents qui y sont stockés ! si ce sont des documents téléchargés, il vaut mieux les scanner oui !
2-Es-ce que je peux supprimer les logiciels que j’ai du installer lors de la procédure ? (AVG – Hijack – Ccleaner – Vundo fix – Combofix - MalwareByte's Anti-Malware)
tu peux tout supprimer ( de manière classique ! )sauf avg, ccleaner et MalwareByte's Anti-Malware, très très bien, gratuits et à utiliser régulièrement en les mettant à jour régulièrement aussi !
3-Es-ce que tu me conseille de changer Avast contre Antivir ?
oui, mais antivir est en anglais pour vista, sinon c'est vrai qu'il semble ces temps si être un peu plus performant qu'avast !
As-tu peut-être encore autre chose à me conseiller ?
installe un parefeu si tu n'en as pas !
tout ce qu'il y a à faire est résumé ici :
http://www.commentcamarche.net/faq/sujet 2432 securite proteger un ordinateur contre les malwares d internet
pas d'quoi ! ;-))
@+
