Virus et explorer qui plante

Search Navipromo version 3.7.0 commencé le 11/12/2008 à 14:12:05,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2410  @ 2.00GHz )
BIOS : Ver 1.00PARTTBLH
USER : CCPV ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 081210-0] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:142 Go (Free:102 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:1924 Mo (Free:1 Go)


Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\CCPV\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\CCPV\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\CCPV\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\CCPV\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rvzvzmi"="\"c:\\documents and settings\\ccpv\\local settings\\application data\\rvzvzmi.exe\" rvzvzmi"


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\CCPV\locals~1\applic~1" : 

rvzvzmi.exe trouvé !
rvzvzmi.dat trouvé !
rvzvzmi_nav.dat trouvé !
rvzvzmi_navps.dat trouvé !

* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :

C:\WINDOWS\system32\aHRqWvut.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 11/12/2008 à 14:18:18,46 ***

Clean Navipromo version 3.7.0 commencé le 11/12/2008 à 14:41:22,50

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual  CPU  T2410  @ 2.00GHz )
BIOS : Ver 1.00PARTTBLH
USER : CCPV ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1296 [VPS 081210-0] 4.8.1296 (Activated)


C:\ (Local Disk) - NTFS - Total:142 Go (Free:102 Go)
D:\ (CD or DVD)
E:\ (USB) - FAT32 - Total:1924 Mo (Free:1 Go)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\CCPV\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\CCPV\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\CCPV\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\CCPV\menudm~1\progra~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\CCPV\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *



* Dans "C:\Documents and Settings\CCPV\locals~1\applic~1" * 


rvzvzmi.exe trouvé ! 
Copie rvzvzmi.exe réalisée avec succès !
rvzvzmi.exe supprimé !

rvzvzmi.dat trouvé ! 
Copie rvzvzmi.dat réalisée avec succès !
rvzvzmi.dat supprimé !

rvzvzmi_nav.dat trouvé ! 
Copie rvzvzmi_nav.dat réalisée avec succès !
rvzvzmi_nav.dat supprimé !

rvzvzmi_navps.dat trouvé ! 
Copie rvzvzmi_navps.dat réalisée avec succès !
rvzvzmi_navps.dat supprimé !


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***

C:\WINDOWS\system32\aHRqWvut.ini2 trouvé ! Infection Vundo possible non traitée par cet outil !


*** Nettoyage terminé le 11/12/2008 à 14:47:17,82 ***

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1488
Windows 5.1.2600 Service Pack 3

11/12/2008 15:39:14
mbam-log-2008-12-11 (15-39-14).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 186255
Temps écoulé: 40 minute(s), 34 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 21

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\tuvWqRHa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\uulioj.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{068a296d-bd41-4fe0-92b4-907c3bf083ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{068a296d-bd41-4fe0-92b4-907c3bf083ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8be52fa-90db-4341-bda3-963db85257f2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{d8be52fa-90db-4341-bda3-963db85257f2} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{068a296d-bd41-4fe0-92b4-907c3bf083ff} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d8be52fa-90db-4341-bda3-963db85257f2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqrha -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvwqrha  -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\uulioj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvWqRHa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aHRqWvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aHRqWvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\CCPV\Local Settings\Temporary Internet Files\Content.IE5\CMQFTTDO\index[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtuvWon.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bikevh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGYrSMd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilvvjknm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inykmjjr.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iuvmptrm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kfkvjxkd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lgbfbird.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\olqhud.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeFVnm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rtzxmz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\txwful.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vqvrqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wiroqejd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xswnia.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ymktmisr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:22, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl114w.blu114.mail.live.com/mail/InboxLight.aspx?n=1432949602
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {372E9310-43E8-47A7-8B4A-BD799F7DDFED} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: uulioj.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) -   - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11569 bytes

ComboFix 08-12-09.03 - CCPV 2008-12-11 16:46:26.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.1.1036.18.1490 [GMT 1:00]
Lancé depuis: c:\documents and settings\CCPV\Bureau\ComboFix.exe
 * Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((   Fichiers créés du 2008-11-11 au 2008-12-11  ))))))))))))))))))))))))))))))))))))
.

2008-12-11 16:03 . 2008-12-11 16:07	<REP>	d--h-----	c:\windows\$hf_mig$
2008-12-11 14:57 . 2008-12-11 14:57	<REP>	d--------	c:\documents and settings\CCPV\Application Data\Malwarebytes
2008-12-11 14:56 . 2008-12-11 14:57	<REP>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-11 14:56 . 2008-12-11 14:56	<REP>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 14:56 . 2008-12-03 19:52	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 14:56 . 2008-12-03 19:52	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-11 14:10 . 2008-12-11 14:47	<REP>	d--------	c:\program files\Navilog1
2008-12-11 13:44 . 2008-12-11 13:44	<REP>	dr-hs----	C:\RRbackups
2008-12-11 12:28 . 2008-12-11 12:28	<REP>	d--------	C:\VundoFix Backups
2008-12-11 10:59 . 2008-12-11 12:11	<REP>	d--------	c:\program files\a-squared Free
2008-12-09 18:56 . 2008-12-09 18:56	230	--a------	c:\windows\system32\spupdsvc.inf
2008-12-09 14:23 . 2008-12-11 16:49	<REP>	d--------	c:\windows\system32\NtmsData
2008-12-08 15:41 . 2008-04-14 03:33	116,736	--a------	c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-08 15:41 . 2001-08-23 17:47	23,040	--a------	c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-08 15:41 . 2008-04-14 03:33	18,944	--a------	c:\windows\system32\dllcache\xrxscnui.dll
2008-12-08 15:39 . 2001-08-17 21:28	765,884	--a------	c:\windows\system32\dllcache\usrti.sys
2008-12-08 15:38 . 2001-08-17 21:28	794,654	--a------	c:\windows\system32\dllcache\usr1801.sys
2008-12-08 15:37 . 2001-08-23 17:47	525,568	--a------	c:\windows\system32\dllcache\tridxp.dll
2008-12-08 15:36 . 2001-08-23 16:57	286,848	--a------	c:\windows\system32\dllcache\stlnata.sys
2008-12-08 15:35 . 2001-08-23 17:46	147,200	--a------	c:\windows\system32\dllcache\smidispb.dll
2008-12-08 15:34 . 2001-08-23 17:46	386,560	--a------	c:\windows\system32\dllcache\sgiul50.dll
2008-12-08 15:33 . 2001-08-23 17:47	495,616	--a------	c:\windows\system32\dllcache\sblfx.dll
2008-12-08 15:32 . 2001-08-23 17:18	899,914	--a------	c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-08 15:31 . 2008-04-14 03:32	259,328	--a------	c:\windows\system32\dllcache\perm3dd.dll
2008-12-08 15:30 . 2001-08-17 22:05	351,616	--a------	c:\windows\system32\dllcache\ovcodek2.sys
2008-12-08 15:29 . 2004-08-05 13:00	229,439	--a------	c:\windows\system32\dllcache\multibox.dll
2008-12-08 15:28 . 2004-08-05 13:00	1,875,968	--a------	c:\windows\system32\dllcache\msir3jp.lex
2008-12-08 15:27 . 2004-08-05 13:00	1,158,818	--a------	c:\windows\system32\dllcache\korwbrkr.lex
2008-12-08 15:26 . 2004-08-05 13:00	471,102	--a------	c:\windows\system32\dllcache\imskdic.dll
2008-12-08 15:25 . 2004-08-05 13:00	10,129,408	--a------	c:\windows\system32\dllcache\hwxkor.dll
2008-12-08 15:24 . 2001-08-23 17:19	908,000	--a------	c:\windows\system32\dllcache\hcf_msft.sys
2008-12-08 15:23 . 2001-08-23 17:16	630,016	--a------	c:\windows\system32\dllcache\eqn.sys
2008-12-08 15:22 . 2001-08-17 20:14	952,007	--a------	c:\windows\system32\dllcache\diwan.sys
2008-12-08 15:21 . 2001-08-23 17:47	422,429	--a------	c:\windows\system32\dllcache\dgconfig.dll
2008-12-08 15:20 . 2004-08-05 13:00	1,677,824	--a------	c:\windows\system32\dllcache\chsbrkr.dll
2008-12-08 15:19 . 2001-08-17 21:28	762,780	--a------	c:\windows\system32\dllcache\3cwmcru.sys
2008-12-08 15:18 . 2004-08-05 13:00	173,056	--a------	c:\windows\system32\dllcache\iisui.dll
2008-12-08 15:18 . 2004-08-05 13:00	96,768	--a------	c:\windows\system32\dllcache\certmap.ocx
2008-12-08 15:18 . 2004-08-05 13:00	14,848	--a------	c:\windows\system32\dllcache\iisreset.exe
2008-12-08 15:18 . 2004-08-05 13:00	6,144	--a------	c:\windows\system32\dllcache\ftpsapi2.dll
2008-12-08 15:18 . 2004-08-05 13:00	5,632	--a------	c:\windows\system32\dllcache\iisrstap.dll
2008-12-03 01:37 . 2008-12-03 01:37	244	---h-----	C:\sqmnoopt01.sqm
2008-12-03 01:37 . 2008-12-03 01:37	232	---h-----	C:\sqmdata01.sqm
2008-11-29 22:32 . 2008-11-29 22:32	<REP>	d--------	C:\d15f544a4118ee6039de
2008-11-29 22:32 . 2008-11-29 22:33	<REP>	d--------	C:\9bccd3f32c294e2ba1f2236f
2008-11-22 17:46 . 2008-11-22 17:46	<REP>	d--------	c:\program files\MahJong Suite
2008-11-22 17:46 . 2008-12-01 14:13	<REP>	d--------	c:\documents and settings\CCPV\Application Data\MahJong Suite
2008-11-22 17:46 . 2008-11-22 17:46	<REP>	d--------	c:\documents and settings\All Users\Application Data\TreeCardGames
2008-11-22 17:41 . 2008-11-22 17:41	<REP>	d--------	c:\program files\CDDC-MahJongg
2008-11-22 17:13 . 2008-11-22 17:13	2,966,226	---------	c:\program files\Bo-Jong.zip
2008-11-18 21:41 . 2008-11-29 22:33	<REP>	d--------	c:\windows\system32\drivers\umdf
2008-11-18 21:40 . 2006-09-28 16:05	2,414,360	---------	c:\windows\system32\d3dx9_31.dll
2008-11-18 21:40 . 2006-09-28 16:05	237,848	---------	c:\windows\system32\xactengine2_4.dll
2008-11-18 21:40 . 2006-07-28 09:30	236,824	---------	c:\windows\system32\xactengine2_3.dll
2008-11-18 21:40 . 2006-09-28 16:04	68,888	---------	c:\windows\system32\xinput1_3.dll
2008-11-18 21:40 . 2006-07-28 09:30	62,744	---------	c:\windows\system32\xinput1_2.dll
2008-11-18 21:40 . 2006-09-28 16:03	15,128	---------	c:\windows\system32\x3daudio1_1.dll
2008-11-18 21:39 . 2005-05-26 15:34	2,297,552	---------	c:\windows\system32\d3dx9_26.dll
2008-11-18 21:37 . 2008-04-14 03:34	16,384	---------	c:\windows\system32\ipsink.ax
2008-11-18 21:37 . 2008-04-14 03:34	16,384	--a------	c:\windows\system32\dllcache\ipsink.ax
2008-11-18 21:37 . 2008-04-13 19:46	15,232	---------	c:\windows\system32\drivers\StreamIP.sys
2008-11-18 21:37 . 2008-04-13 19:46	15,232	--a------	c:\windows\system32\dllcache\streamip.sys
2008-11-18 21:37 . 2008-04-13 19:46	11,136	---------	c:\windows\system32\drivers\SLIP.sys
2008-11-18 21:37 . 2008-04-13 19:46	11,136	--a------	c:\windows\system32\dllcache\slip.sys
2008-11-18 21:37 . 2008-04-13 19:46	10,880	---------	c:\windows\system32\drivers\NdisIP.sys
2008-11-18 21:37 . 2008-04-13 19:46	10,880	--a------	c:\windows\system32\dllcache\ndisip.sys
2008-11-18 21:37 . 2008-04-13 19:39	5,504	---------	c:\windows\system32\drivers\MSTEE.sys
2008-11-18 21:37 . 2008-04-13 19:39	5,504	--a------	c:\windows\system32\dllcache\mstee.sys
2008-11-18 11:59 . 2008-11-18 11:59	268	---h-----	C:\sqmdata00.sqm
2008-11-18 11:59 . 2008-11-18 11:59	244	---h-----	C:\sqmnoopt00.sqm
2008-11-17 15:02 . 2008-11-17 15:02	<REP>	d--------	c:\program files\GameHouse
2008-11-17 11:56 . 2008-11-17 11:56	<REP>	d--------	C:\wniscore
2008-11-17 11:32 . 1998-06-18 00:00	89,360	---------	c:\windows\system32\VB5DB.DLL
2008-11-17 10:14 . 2008-12-02 14:18	<REP>	d--------	c:\program files\SDLL
2008-11-17 10:14 . 2008-11-17 10:43	40	---------	c:\windows\sudoku.ini

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:16	---------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 09:40	---------	d-----w	c:\program files\Spybot - Search & Destroy
2008-12-10 17:25	---------	d-----w	c:\program files\PCDR5
2008-12-02 13:19	---------	d-----w	c:\program files\Fichiers communs\Installshield
2008-12-02 13:18	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-29 21:34	---------	d-----w	c:\program files\Windows Media Connect 2
2008-11-27 10:15	---------	d-----w	c:\program files\Google
2008-11-24 11:49	223,232	------w	c:\program files\Filet_de_peche.pps
2008-11-24 11:48	252,928	------w	c:\program files\Probleme_de_nonne_GRT.pps
2008-11-24 11:47	90,112	------w	c:\program files\vachefolle.pps
2008-11-07 17:19	---------	d-----w	c:\program files\Microsoft Publisher
2008-11-07 16:33	---------	d-----w	c:\documents and settings\CCPV\Application Data\Lenovo
2008-11-07 16:33	---------	d-----w	c:\documents and settings\All Users\Application Data\Lenovo
2008-11-07 16:33	---------	d-----w	c:\documents and settings\Administrateur\Application Data\Lenovo
2008-11-07 08:19	---------	d--h--w	c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-07 08:10	---------	d-----w	c:\program files\Tropico2
2008-11-06 20:40	---------	d-----w	c:\program files\Picasa2
2008-11-05 07:59	---------	d-----w	c:\documents and settings\CCPV\Application Data\Microsoft Web Folders
2008-11-05 07:58	---------	d-----w	c:\program files\microsoft frontpage
2008-11-04 19:38	---------	d-----w	c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-04 17:48	---------	d-----w	c:\program files\Jardinains!
2008-11-03 19:33	---------	d-----w	c:\program files\Windows Live
2008-11-03 19:31	---------	dcsh--w	c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-03 19:27	---------	d-----w	c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-03 19:01	---------	d-----w	c:\program files\Orange
2008-11-03 18:57	---------	d-----w	c:\program files\Fichiers communs\France Telecom
2008-11-03 18:48	---------	d-----w	c:\program files\SAGEM
2008-11-03 18:47	---------	d-----w	c:\program files\Securitoo
2008-11-03 18:07	---------	d-----w	c:\documents and settings\CCPV\Application Data\Sonic
2008-11-03 18:06	---------	d-----w	c:\documents and settings\CCPV\Application Data\Leadertech
2008-11-03 17:33	---------	d-----w	c:\documents and settings\CCPV\Application Data\Intel
2008-10-31 18:11	---------	d-----w	c:\program files\MSXML 6.0
2008-10-30 20:04	---------	d-----w	c:\program files\Alwil Software
2008-10-30 20:03	---------	d-----w	c:\program files\CCleaner
2008-10-29 19:48	---------	d-----w	c:\program files\Fichiers communs\Symantec Shared
2008-10-29 19:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Symantec
2008-10-29 17:31	50	------w	c:\windows\system32\drivers\LENOVO_7650_F7G.MRK
2008-10-29 17:31	---------	d-----w	c:\program files\Windows Live Toolbar
2008-10-29 17:10	---------	d-----w	c:\program files\Lenovo
2008-10-29 16:41	36,624	------w	c:\windows\system32\drivers\pxhelp20.sys
2008-10-29 16:41	33,536	------w	c:\windows\system32\drivers\tvtfilter.sys
2008-10-29 16:41	---------	d-----w	c:\program files\Fichiers communs\Lenovo
2008-10-29 16:40	7,012	------w	c:\windows\system32\drivers\pmemnt.sys
2008-10-29 16:40	---------	d-----w	c:\program files\ThinkPad
2008-10-29 16:36	---------	d-----w	c:\documents and settings\All Users\Application Data\PC-Doctor
2008-10-29 16:35	---------	d-----w	c:\program files\ThinkVantage
2008-10-29 16:35	---------	d-----w	c:\program files\Lenovo Registration
2008-10-29 16:34	---------	d-----w	c:\program files\Fichiers communs\Adobe
2008-10-29 16:33	---------	d-----w	c:\program files\Sonic Icons for Lenovo
2008-10-29 16:33	---------	d-----w	c:\program files\Sonic
2008-10-29 16:33	---------	d-----w	c:\program files\Multimedia Center for Think Offerings
2008-10-29 16:33	---------	d-----w	c:\program files\Fichiers communs\SureThing Shared
2008-10-29 16:33	---------	d-----w	c:\program files\Fichiers communs\Sonic Shared
2008-10-29 16:33	---------	d-----w	c:\documents and settings\All Users\Application Data\InstallShield
2008-10-29 16:32	---------	d-----w	c:\program files\InterVideo
2008-10-29 16:32	---------	d-----w	c:\program files\Fichiers communs\InterVideo
2008-10-29 16:30	---------	d-----w	c:\program files\Java
2008-10-29 16:30	---------	d-----w	c:\program files\Fichiers communs\Java
2008-10-29 16:25	---------	d-----w	c:\documents and settings\LocalService\Application Data\Intel
2008-10-29 16:22	---------	d-----w	c:\program files\NetWaiting
2008-10-29 16:22	---------	d-----w	c:\program files\Digital Line Detect
2008-10-29 16:22	---------	d-----w	c:\program files\DIFX
2008-10-29 16:21	---------	d-----w	c:\program files\CONEXANT
2008-10-29 16:19	21,425	------w	c:\windows\system32\drivers\AegisP.sys
2008-10-29 16:19	---------	d-----w	c:\program files\Fichiers communs\snp2uvc
2008-10-29 16:19	---------	d-----w	c:\documents and settings\CCPV\Application Data\InstallShield
2008-10-29 16:19	---------	d-----w	c:\documents and settings\Administrateur\Application Data\InstallShield
2008-10-29 16:18	---------	d-----w	c:\program files\MSXML 4.0
2008-10-29 16:18	---------	d-----w	c:\program files\Intel
2008-10-29 16:18	---------	d-----w	c:\documents and settings\All Users\Application Data\Intel
2008-10-24 11:21	455,296	------w	c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

2008-04-14 03:33  670208  4a6e04ea20f48d750d9bfed8600d516b	c:\windows\ServicePackFiles\i386\wininet.dll
2008-10-16 11:38  663552  4bad064ed3fb5008af94d427dd77fddd	c:\windows\SoftwareDistribution\Download\[u]0/ub3ac415e34ab665ed966c5d247670be\SP2GDR\wininet.dll
2008-10-16 11:23  671744  f9ae6dbb4ec5b4d1a82bf2f0cb7ee200	c:\windows\SoftwareDistribution\Download\[u]0/ub3ac415e34ab665ed966c5d247670be\SP2QFE\wininet.dll
2008-10-16 02:01  670208  05033943ff61abd13b93c00337d04e92	c:\windows\SoftwareDistribution\Download\[u]0/ub3ac415e34ab665ed966c5d247670be\SP3GDR\wininet.dll
2008-10-16 02:04  671232  1c6e9fdab1f4cb983a39efba6f131acc	c:\windows\SoftwareDistribution\Download\[u]0/ub3ac415e34ab665ed966c5d247670be\SP3QFE\wininet.dll
2006-01-09 19:02  666112  5404e2ead19d7e2a5c4086015062343c	c:\windows\system32\wininet.dll
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-27 126976]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-27 413696]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172544]
"TrackPointSrv"="tp4serv.exe" [2005-07-12 c:\windows\system32\tp4serv.exe]
"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 08:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 03:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-03-27 19:51 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=uulioj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Diskeeper"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-10-29 11520]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 111184]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2008-10-29 6016]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-10-29 4442]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2008-10-30 13840]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
.
Contenu du dossier 'Tâches planifiées'

2008-11-18 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- D:\setup.exe []

2008-12-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-19 17:14]

2008-12-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{372E9310-43E8-47A7-8B4A-BD799F7DDFED} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-11 16:50:08
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1332)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1388)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\netdde.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\msdtc.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\clipsrv.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Fichiers communs\Installshield\Driver\1150\Intel 32\IDriverT.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sessmgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\locator.exe
c:\windows\system32\rsvp.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\dllhost.exe
c:\program files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Orange\Launcher\Launcher.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
.
**************************************************************************
.
Heure de fin: 2008-12-11 16:52:23 - La machine a redémarré
ComboFix-quarantined-files.txt  2008-12-11 15:52:20

Avant-CF: 110 146 248 704 octets libres
Après-CF: 110,064,967,680 octets libres

324	--- E O F ---	2008-12-11 15:04:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:57, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\sessmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\internet explorer\iexplore.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl114w.blu114.mail.live.com/mail/InboxLight.aspx?n=1432949602
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - AppInit_DLLs: uulioj.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) -   - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11345 bytes

ComboFix 08-12-09.03 - CCPV 2008-12-12  9:34:21.2 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.1.1036.18.1541 [GMT 1:00]
Lancé depuis: c:\documents and settings\CCPV\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\CCPV\Bureau\CFScript.txt
 * Un nouveau point de restauration a été créé

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\9bccd3f32c294e2ba1f2236f
c:\9bccd3f32c294e2ba1f2236f\update\update.exe
C:\d15f544a4118ee6039de
c:\d15f544a4118ee6039de\update\update.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\VundoFix Backups
C:\wniscore
c:\wniscore\wnjg32b\wjbestTimeD.dat

.
(((((((((((((((((((((((((((((   Fichiers créés du 2008-11-12 au 2008-12-12  ))))))))))))))))))))))))))))))))))))
.

2008-12-11 17:01 . 2008-12-11 17:03	1,393	--a------	c:\windows\imsins.BAK
2008-12-11 16:07 . 2008-10-16 02:01	3,088,896	---------	c:\windows\system32\dllcache\mshtml.dll
2008-12-11 16:07 . 2008-10-16 02:01	1,499,648	---------	c:\windows\system32\dllcache\shdocvw.dll
2008-12-11 16:07 . 2008-10-16 02:01	670,208	---------	c:\windows\system32\dllcache\wininet.dll
2008-12-11 16:07 . 2008-10-16 02:01	620,544	---------	c:\windows\system32\dllcache\urlmon.dll
2008-12-11 16:03 . 2008-12-11 17:03	<REP>	d--h-----	c:\windows\$hf_mig$
2008-12-11 14:57 . 2008-12-11 14:57	<REP>	d--------	c:\documents and settings\CCPV\Application Data\Malwarebytes
2008-12-11 14:56 . 2008-12-11 14:57	<REP>	d--------	c:\program files\Malwarebytes' Anti-Malware
2008-12-11 14:56 . 2008-12-11 14:56	<REP>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-11 14:56 . 2008-12-03 19:52	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-11 14:56 . 2008-12-03 19:52	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2008-12-11 14:10 . 2008-12-11 14:47	<REP>	d--------	c:\program files\Navilog1
2008-12-11 13:44 . 2008-12-11 13:44	<REP>	dr-hs----	C:\RRbackups
2008-12-11 10:59 . 2008-12-11 12:11	<REP>	d--------	c:\program files\a-squared Free
2008-12-09 18:56 . 2008-12-09 18:56	230	--a------	c:\windows\system32\spupdsvc.inf
2008-12-09 14:23 . 2008-12-12 09:39	<REP>	d--------	c:\windows\system32\NtmsData
2008-12-08 15:41 . 2008-04-14 03:33	116,736	--a------	c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-08 15:41 . 2001-08-23 17:47	23,040	--a------	c:\windows\system32\dllcache\xrxwbtmp.dll
2008-12-08 15:41 . 2008-04-14 03:33	18,944	--a------	c:\windows\system32\dllcache\xrxscnui.dll
2008-12-08 15:39 . 2001-08-17 21:28	765,884	--a------	c:\windows\system32\dllcache\usrti.sys
2008-12-08 15:38 . 2001-08-17 21:28	794,654	--a------	c:\windows\system32\dllcache\usr1801.sys
2008-12-08 15:37 . 2001-08-23 17:47	525,568	--a------	c:\windows\system32\dllcache\tridxp.dll
2008-12-08 15:36 . 2001-08-23 16:57	286,848	--a------	c:\windows\system32\dllcache\stlnata.sys
2008-12-08 15:35 . 2001-08-23 17:46	147,200	--a------	c:\windows\system32\dllcache\smidispb.dll
2008-12-08 15:34 . 2001-08-23 17:46	386,560	--a------	c:\windows\system32\dllcache\sgiul50.dll
2008-12-08 15:33 . 2001-08-23 17:47	495,616	--a------	c:\windows\system32\dllcache\sblfx.dll
2008-12-08 15:32 . 2001-08-23 17:18	899,914	--a------	c:\windows\system32\dllcache\r2mdkxga.sys
2008-12-08 15:31 . 2008-04-14 03:32	259,328	--a------	c:\windows\system32\dllcache\perm3dd.dll
2008-12-08 15:30 . 2001-08-17 22:05	351,616	--a------	c:\windows\system32\dllcache\ovcodek2.sys
2008-12-08 15:29 . 2004-08-05 13:00	229,439	--a------	c:\windows\system32\dllcache\multibox.dll
2008-12-08 15:28 . 2004-08-05 13:00	1,875,968	--a------	c:\windows\system32\dllcache\msir3jp.lex
2008-12-08 15:27 . 2004-08-05 13:00	1,158,818	--a------	c:\windows\system32\dllcache\korwbrkr.lex
2008-12-08 15:26 . 2004-08-05 13:00	471,102	--a------	c:\windows\system32\dllcache\imskdic.dll
2008-12-08 15:25 . 2004-08-05 13:00	10,129,408	--a------	c:\windows\system32\dllcache\hwxkor.dll
2008-12-08 15:24 . 2001-08-23 17:19	908,000	--a------	c:\windows\system32\dllcache\hcf_msft.sys
2008-12-08 15:23 . 2001-08-23 17:16	630,016	--a------	c:\windows\system32\dllcache\eqn.sys
2008-12-08 15:22 . 2001-08-17 20:14	952,007	--a------	c:\windows\system32\dllcache\diwan.sys
2008-12-08 15:21 . 2001-08-23 17:47	422,429	--a------	c:\windows\system32\dllcache\dgconfig.dll
2008-12-08 15:20 . 2004-08-05 13:00	1,677,824	--a------	c:\windows\system32\dllcache\chsbrkr.dll
2008-12-08 15:19 . 2001-08-17 21:28	762,780	--a------	c:\windows\system32\dllcache\3cwmcru.sys
2008-12-08 15:18 . 2004-08-05 13:00	173,056	--a------	c:\windows\system32\dllcache\iisui.dll
2008-12-08 15:18 . 2004-08-05 13:00	96,768	--a------	c:\windows\system32\dllcache\certmap.ocx
2008-12-08 15:18 . 2004-08-05 13:00	14,848	--a------	c:\windows\system32\dllcache\iisreset.exe
2008-12-08 15:18 . 2004-08-05 13:00	6,144	--a------	c:\windows\system32\dllcache\ftpsapi2.dll
2008-12-08 15:18 . 2004-08-05 13:00	5,632	--a------	c:\windows\system32\dllcache\iisrstap.dll
2008-11-22 17:46 . 2008-11-22 17:46	<REP>	d--------	c:\program files\MahJong Suite
2008-11-22 17:46 . 2008-12-01 14:13	<REP>	d--------	c:\documents and settings\CCPV\Application Data\MahJong Suite
2008-11-22 17:46 . 2008-11-22 17:46	<REP>	d--------	c:\documents and settings\All Users\Application Data\TreeCardGames
2008-11-22 17:41 . 2008-11-22 17:41	<REP>	d--------	c:\program files\CDDC-MahJongg
2008-11-22 17:13 . 2008-11-22 17:13	2,966,226	---------	c:\program files\Bo-Jong.zip
2008-11-18 21:41 . 2008-11-29 22:33	<REP>	d--------	c:\windows\system32\drivers\umdf
2008-11-18 21:40 . 2006-09-28 16:05	2,414,360	---------	c:\windows\system32\d3dx9_31.dll
2008-11-18 21:40 . 2006-09-28 16:05	237,848	---------	c:\windows\system32\xactengine2_4.dll
2008-11-18 21:40 . 2006-07-28 09:30	236,824	---------	c:\windows\system32\xactengine2_3.dll
2008-11-18 21:40 . 2006-09-28 16:04	68,888	---------	c:\windows\system32\xinput1_3.dll
2008-11-18 21:40 . 2006-07-28 09:30	62,744	---------	c:\windows\system32\xinput1_2.dll
2008-11-18 21:40 . 2006-09-28 16:03	15,128	---------	c:\windows\system32\x3daudio1_1.dll
2008-11-18 21:39 . 2005-05-26 15:34	2,297,552	---------	c:\windows\system32\d3dx9_26.dll
2008-11-18 21:37 . 2008-04-14 03:34	16,384	---------	c:\windows\system32\ipsink.ax
2008-11-18 21:37 . 2008-04-14 03:34	16,384	--a------	c:\windows\system32\dllcache\ipsink.ax
2008-11-18 21:37 . 2008-04-13 19:46	15,232	---------	c:\windows\system32\drivers\StreamIP.sys
2008-11-18 21:37 . 2008-04-13 19:46	15,232	--a------	c:\windows\system32\dllcache\streamip.sys
2008-11-18 21:37 . 2008-04-13 19:46	11,136	---------	c:\windows\system32\drivers\SLIP.sys
2008-11-18 21:37 . 2008-04-13 19:46	11,136	--a------	c:\windows\system32\dllcache\slip.sys
2008-11-18 21:37 . 2008-04-13 19:46	10,880	---------	c:\windows\system32\drivers\NdisIP.sys
2008-11-18 21:37 . 2008-04-13 19:46	10,880	--a------	c:\windows\system32\dllcache\ndisip.sys
2008-11-18 21:37 . 2008-04-13 19:39	5,504	---------	c:\windows\system32\drivers\MSTEE.sys
2008-11-18 21:37 . 2008-04-13 19:39	5,504	--a------	c:\windows\system32\dllcache\mstee.sys
2008-11-17 15:02 . 2008-11-17 15:02	<REP>	d--------	c:\program files\GameHouse
2008-11-17 11:32 . 1998-06-18 00:00	89,360	---------	c:\windows\system32\VB5DB.DLL
2008-11-17 10:14 . 2008-12-02 14:18	<REP>	d--------	c:\program files\SDLL
2008-11-17 10:14 . 2008-11-17 10:43	40	---------	c:\windows\sudoku.ini

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-11 15:16	---------	d-----w	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 09:40	---------	d-----w	c:\program files\Spybot - Search & Destroy
2008-12-10 17:25	---------	d-----w	c:\program files\PCDR5
2008-12-02 13:19	---------	d-----w	c:\program files\Fichiers communs\Installshield
2008-12-02 13:18	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-29 21:34	---------	d-----w	c:\program files\Windows Media Connect 2
2008-11-27 10:15	---------	d-----w	c:\program files\Google
2008-11-24 11:49	223,232	------w	c:\program files\Filet_de_peche.pps
2008-11-24 11:48	252,928	------w	c:\program files\Probleme_de_nonne_GRT.pps
2008-11-24 11:47	90,112	------w	c:\program files\vachefolle.pps
2008-11-07 17:19	---------	d-----w	c:\program files\Microsoft Publisher
2008-11-07 16:33	---------	d-----w	c:\documents and settings\CCPV\Application Data\Lenovo
2008-11-07 16:33	---------	d-----w	c:\documents and settings\All Users\Application Data\Lenovo
2008-11-07 16:33	---------	d-----w	c:\documents and settings\Administrateur\Application Data\Lenovo
2008-11-07 08:19	---------	d--h--w	c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-07 08:10	---------	d-----w	c:\program files\Tropico2
2008-11-06 20:40	---------	d-----w	c:\program files\Picasa2
2008-11-05 07:59	---------	d-----w	c:\documents and settings\CCPV\Application Data\Microsoft Web Folders
2008-11-05 07:58	---------	d-----w	c:\program files\microsoft frontpage
2008-11-04 19:38	---------	d-----w	c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-04 18:18	171,520	------w	c:\windows\system32\cncs32.dll
2008-11-04 17:48	164,352	------w	c:\windows\system32\SpoonUninstall.exe
2008-11-04 17:48	---------	d-----w	c:\program files\Jardinains!
2008-11-03 19:33	---------	d-----w	c:\program files\Windows Live
2008-11-03 19:31	---------	dcsh--w	c:\program files\Fichiers communs\WindowsLiveInstaller
2008-11-03 19:27	---------	d-----w	c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-03 19:01	---------	d-----w	c:\program files\Orange
2008-11-03 18:57	---------	d-----w	c:\program files\Fichiers communs\France Telecom
2008-11-03 18:48	---------	d-----w	c:\program files\SAGEM
2008-11-03 18:47	---------	d-----w	c:\program files\Securitoo
2008-11-03 18:07	---------	d-----w	c:\documents and settings\CCPV\Application Data\Sonic
2008-11-03 18:06	---------	d-----w	c:\documents and settings\CCPV\Application Data\Leadertech
2008-11-03 17:33	---------	d-----w	c:\documents and settings\CCPV\Application Data\Intel
2008-10-31 18:11	---------	d-----w	c:\program files\MSXML 6.0
2008-10-30 20:04	---------	d-----w	c:\program files\Alwil Software
2008-10-30 20:03	---------	d-----w	c:\program files\CCleaner
2008-10-29 19:48	---------	d-----w	c:\program files\Fichiers communs\Symantec Shared
2008-10-29 19:48	---------	d-----w	c:\documents and settings\All Users\Application Data\Symantec
2008-10-29 17:31	50	------w	c:\windows\system32\drivers\LENOVO_7650_F7G.MRK
2008-10-29 17:31	---------	d-----w	c:\program files\Windows Live Toolbar
2008-10-29 17:10	---------	d-----w	c:\program files\Lenovo
2008-10-29 16:41	36,624	------w	c:\windows\system32\drivers\pxhelp20.sys
2008-10-29 16:41	33,536	------w	c:\windows\system32\drivers\tvtfilter.sys
2008-10-29 16:41	129,784	------w	c:\windows\system32\pxafs.dll
2008-10-29 16:41	118,520	------w	c:\windows\system32\pxinsi64.exe
2008-10-29 16:41	115,960	------w	c:\windows\system32\pxcpyi64.exe
2008-10-29 16:41	---------	d-----w	c:\program files\Fichiers communs\Lenovo
2008-10-29 16:40	7,012	------w	c:\windows\system32\drivers\pmemnt.sys
2008-10-29 16:40	---------	d-----w	c:\program files\ThinkPad
2008-10-29 16:36	---------	d-----w	c:\documents and settings\All Users\Application Data\PC-Doctor
2008-10-29 16:35	---------	d-----w	c:\program files\ThinkVantage
2008-10-29 16:35	---------	d-----w	c:\program files\Lenovo Registration
2008-10-29 16:34	---------	d-----w	c:\program files\Fichiers communs\Adobe
2008-10-29 16:33	---------	d-----w	c:\program files\Sonic Icons for Lenovo
2008-10-29 16:33	---------	d-----w	c:\program files\Sonic
2008-10-29 16:33	---------	d-----w	c:\program files\Multimedia Center for Think Offerings
2008-10-29 16:33	---------	d-----w	c:\program files\Fichiers communs\SureThing Shared
2008-10-29 16:33	---------	d-----w	c:\program files\Fichiers communs\Sonic Shared
2008-10-29 16:33	---------	d-----w	c:\documents and settings\All Users\Application Data\InstallShield
2008-10-29 16:32	---------	d-----w	c:\program files\InterVideo
2008-10-29 16:32	---------	d-----w	c:\program files\Fichiers communs\InterVideo
2008-10-29 16:30	---------	d-----w	c:\program files\Java
2008-10-29 16:30	---------	d-----w	c:\program files\Fichiers communs\Java
2008-10-29 16:25	---------	d-----w	c:\documents and settings\LocalService\Application Data\Intel
2008-10-29 16:22	---------	d-----w	c:\program files\NetWaiting
2008-10-29 16:22	---------	d-----w	c:\program files\Digital Line Detect
2008-10-29 16:22	---------	d-----w	c:\program files\DIFX
2008-10-29 16:21	---------	d-----w	c:\program files\CONEXANT
2008-10-29 16:19	21,425	------w	c:\windows\system32\drivers\AegisP.sys
2008-10-29 16:19	---------	d-----w	c:\program files\Fichiers communs\snp2uvc
2008-10-29 16:19	---------	d-----w	c:\documents and settings\CCPV\Application Data\InstallShield
2008-10-29 16:19	---------	d-----w	c:\documents and settings\Administrateur\Application Data\InstallShield
2008-10-29 16:18	---------	d-----w	c:\program files\MSXML 4.0
2008-10-29 16:18	---------	d-----w	c:\program files\Intel
2008-10-29 16:18	---------	d-----w	c:\documents and settings\All Users\Application Data\Intel
2008-10-24 11:21	455,296	------w	c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36	286,720	----a-w	c:\windows\system32\gdi32.dll
2008-10-16 13:13	202,776	------w	c:\windows\system32\wuweb.dll
2008-10-16 13:13	1,809,944	------w	c:\windows\system32\wuaueng.dll
2008-10-16 13:12	561,688	------w	c:\windows\system32\wuapi.dll
2008-10-16 13:12	323,608	------w	c:\windows\system32\wucltui.dll
2008-10-16 13:09	92,696	------w	c:\windows\system32\cdm.dll
2008-10-16 13:09	51,224	------w	c:\windows\system32\wuauclt.exe
2008-10-16 13:09	43,544	------w	c:\windows\system32\wups2.dll
2008-10-16 13:08	34,328	------w	c:\windows\system32\wups.dll
2008-10-16 13:06	268,648	------w	c:\windows\system32\mucltui.dll
2008-10-16 13:06	208,744	------w	c:\windows\system32\muweb.dll
2008-10-16 01:01	670,208	----a-w	c:\windows\system32\wininet.dll
2008-10-03 10:03	247,326	------w	c:\windows\system32\strmdll.dll
2008-09-30 15:43	1,286,152	------w	c:\windows\system32\msxml4.dll
2008-09-15 15:26	1,846,528	------w	c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((   snapshot@2008-12-11_16.51.55.46   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-14 02:33:25	285,184	----a-w	c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 12:36:51	286,720	----a-w	c:\windows\system32\dllcache\gdi32.dll
- 2006-10-18 19:03:58	100,864	----a-w	c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 00:09:22	100,864	----a-w	c:\windows\system32\dllcache\logagent.exe
- 2008-04-14 02:33:46	246,814	----a-w	c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:03:53	247,326	----a-w	c:\windows\system32\dllcache\strmdll.dll
- 2006-10-18 20:47:20	937,984	----a-w	c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-18 04:03:08	938,496	----a-w	c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 20:47:22	2,450,944	----a-w	c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 04:03:14	2,458,112	----a-w	c:\windows\system32\dllcache\WMVCore.dll
- 2006-10-18 19:03:58	100,864	------w	c:\windows\system32\logagent.exe
+ 2008-06-18 00:09:22	100,864	------w	c:\windows\system32\logagent.exe
- 2008-11-04 00:10:25	17,318,336	------w	c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37	17,593,280	----a-w	c:\windows\system32\MRT.exe
- 2006-02-01 02:54:51	3,035,648	----a-w	c:\windows\system32\mshtml.dll
+ 2008-10-16 01:01:39	3,088,896	----a-w	c:\windows\system32\mshtml.dll
- 2006-01-09 18:01:58	1,495,040	----a-w	c:\windows\system32\shdocvw.dll
+ 2008-10-16 01:01:37	1,499,648	----a-w	c:\windows\system32\shdocvw.dll
- 2007-11-30 12:39:29	18,296	------w	c:\windows\system32\spmsg.dll
+ 2007-11-30 11:19:06	18,296	------w	c:\windows\system32\spmsg.dll
- 2008-04-14 02:34:25	60,416	------w	c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59	62,976	------w	c:\windows\system32\tzchange.exe
- 2006-01-09 18:02:00	615,424	----a-w	c:\windows\system32\urlmon.dll
+ 2008-10-16 01:01:38	620,544	----a-w	c:\windows\system32\urlmon.dll
- 2006-10-18 20:47:20	937,984	------w	c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 04:03:08	938,496	------w	c:\windows\system32\WMNetmgr.dll
- 2006-10-18 20:47:22	2,450,944	------w	c:\windows\system32\wmvcore.dll
+ 2008-06-18 04:03:14	2,458,112	------w	c:\windows\system32\WMVCore.dll
- 2008-12-11 15:50:08	53,248	----a-w	c:\windows\Temp\catchme.dll
+ 2008-12-12 08:41:06	53,248	----a-w	c:\windows\Temp\catchme.dll
+ 2008-12-12 08:38:45	16,384	----atw	c:\windows\Temp\Perflib_Perfdata_378.dat
.
-- Instantané actualisé --
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-03-28 58416]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-02-26 131072]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 155648]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-07 243248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-01-30 2618944]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-19 208896]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 419376]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-03-27 126976]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-03-27 413696]
"TrackPointSrv"="tp4serv.exe" [2005-07-12 c:\windows\system32\tp4serv.exe]
"TpShocks"="TpShocks.exe" [2007-03-29 c:\windows\system32\TpShocks.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-02-27 561213]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 08:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 03:06 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-03-27 19:51 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli ACGina

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Diskeeper"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2007-03-02 100656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2007-03-02 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-10-29 11520]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-30 111184]
R1 IBMTPCHK;IBMTPCHK;\??\c:\windows\system32\Drivers\IBMBLDID.sys [2008-10-29 6016]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-10-29 4442]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-10-30 20560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2008-10-30 13840]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
.
Contenu du dossier 'Tâches planifiées'

2008-11-18 c:\windows\Tasks\Microsoft_Hardware_Launch_setup_exe.job
- D:\setup.exe []

2008-12-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-19 17:14]

2008-12-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 09:41:06
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'lsass.exe'(1396)
c:\program files\ThinkPad\ConnectUtilities\ACGina.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACON.dll
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll
c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\netdde.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\msdtc.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\clipsrv.exe
c:\windows\system32\dllhost.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Fichiers communs\Installshield\Driver\1150\Intel 32\IDriverT.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sessmgr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\dllhost.exe
c:\program files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\windows\system32\vssvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Orange\Launcher\Launcher.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
.
**************************************************************************
.
Heure de fin: 2008-12-12  9:43:39 - La machine a redémarré
ComboFix-quarantined-files.txt  2008-12-12 08:43:34
ComboFix2.txt  2008-12-11 15:52:25

Avant-CF: 109 679 955 968 octets libres
Après-CF: 109,507,579,904 octets libres

382	--- E O F ---	2008-12-11 16:03:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:50:02, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
E:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bl114w.blu114.mail.live.com/mail/InboxLight.aspx?n=1432949602
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de base IPS (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) -   - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11268 bytes