Log RSIT :
Logfile of random’s system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-04 15:45:52
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 8 GB (21%) free of 38 GB
Total RAM: 446 MB (11% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:24, on 04.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palringo\palringo.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Documents and Settings\Admin\Bureau\CIS_Setup_3.10.102363.531_XP_Vista_x32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Admin\Bureau\RSIT.exe
C:\Documents and Settings\Admin\Bureau\Admin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = global.acer.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM…\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Arcade\PCMService.exe”
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM…\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Palringo] “C:\Program Files\Palringo\palringo.exe” /hidden
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 5873 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 50376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-12 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-12 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2009-08-04 1118400]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“LaunchApp”=Alaunch []
“SynTPLpr”=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-07 98394]
“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-07 688218]
“SoundMan”=C:\WINDOWS\SOUNDMAN.EXE [2005-02-23 77824]
“AGRSMMSG”=C:\WINDOWS\AGRSMMSG.exe [2004-10-07 88363]
“SiSPower”=SiSPower.dll,ModeAgent []
“SiS Windows KeyHook”=C:\WINDOWS\system32\keyhook.exe [2005-03-04 32768]
“PCMService”=C:\Program Files\Arcade\PCMService.exe [2005-03-09 49152]
“IMJPMIG8.1”=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]
“MSPY2002”=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
“PHIME2002ASync”=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
“PHIME2002A”=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
“LManager”=C:\Program Files\Launch Manager\QtZgAcer.EXE [2005-03-28 315392]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-12 148888]
“BrMfcWnd”=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-03-28 622592]
“SetDefPrt”=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe [2005-01-26 49152]
“ControlCenter3”=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-04-10 61440]
“MSConfig”=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2004-08-05 160768]
“avgnt”=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
“Palringo”=C:\Program Files\Palringo\palringo.exe [2009-05-21 884736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Fichiers communs\Nokia\MPlatform\NokiaMServer /watchfiles []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
“CiSvc”=3
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLS”=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-05 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveTypeAutoRun”=255
“NoDriveAutoRun”=FFFFFFFF
“NoDrives”=0
“HonorAutoRunSetting”=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoDriveAutoRun”=
“NoDriveTypeAutoRun”=
“NoDrives”=
“HonorAutoRunSetting”=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\Messenger\msmsgs.exe”="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe”=“C:\Program Files\Fichiers communs\Nokia\Service Layer\A\nsl_host_process.exe::Enabled:Nokia Service Layer Host Process "
“C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe”="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe::Enabled:Nokia Software Updater”
“C:\Program Files\FrostWire\FrostWire.exe”=“C:\Program Files\FrostWire\FrostWire.exe::Enabled:FrostWire"
“C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe”="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe::Enabled:Nokia Ovi Suite 2”
“C:\Program Files\ODEON\JAF\JCOP.EXE”=“C:\Program Files\ODEON\JAF\JCOP.EXE:*:Enabled:JCOP”
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2009-08-04 15:45:52 ----D---- C:\rsit
2009-08-04 15:42:39 ----D---- C:\Documents and Settings\Admin\Application Data\Comodo
2009-08-04 15:41:02 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-08-04 15:40:56 ----A---- C:\WINDOWS\system32\guard32.dll
2009-08-04 15:40:51 ----D---- C:\Program Files\COMODO
2009-08-04 15:20:00 ----D---- C:\WINDOWS\LastGood
2009-08-04 15:19:50 ----D---- C:\Program Files\Avira
2009-08-04 15:19:50 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-04 15:05:49 ----D---- C:\WINDOWS\pss
2009-08-04 15:00:56 ----A---- C:\WINDOWS\resetlog.txt
2009-08-04 01:08:11 ----RASHD---- C:\autorun.inf
2009-08-04 01:02:17 ----D---- C:\UsbFix
2009-08-04 00:58:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-04 00:55:11 ----SHD---- C:\Recycled
2009-08-04 00:20:45 ----D---- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2009-08-04 00:20:39 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2009-08-04 00:20:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-04 00:14:44 ----A---- C:\ComboFix.txt
2009-08-04 00:06:15 ----A---- C:\WINDOWS\zip.exe
2009-08-04 00:06:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-04 00:06:15 ----A---- C:\WINDOWS\SWSC.exe
2009-08-04 00:06:15 ----A---- C:\WINDOWS\SWREG.exe
2009-08-04 00:06:15 ----A---- C:\WINDOWS\sed.exe_RenameGenProc
2009-08-04 00:06:15 ----A---- C:\WINDOWS\PEV.exe
2009-08-04 00:06:15 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-04 00:06:15 ----A---- C:\WINDOWS\grep.exe_RenameGenProc
2009-08-04 00:06:10 ----D---- C:\WINDOWS\ERDNT
2009-08-04 00:06:06 ----D---- C:\Qoobox
2009-08-03 19:03:36 ----SHD---- C:\FOUND.000
2009-07-31 13:50:16 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-07-31 13:50:16 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-07-30 17:47:52 ----D---- C:\Program Files\ODEON
2009-07-20 14:47:47 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-07-20 14:47:00 ----D---- C:\Program Files\FreeTime
2009-07-19 18:49:30 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2009-07-19 18:49:09 ----D---- C:\Program Files\NCH Software
2009-07-19 16:50:16 ----D---- C:\Documents and Settings\Admin\Application Data\Xilisoft Corporation
2009-07-17 14:00:07 ----D---- C:\Program Files\MSBuild
2009-07-17 13:53:29 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-17 13:53:24 ----D---- C:\WINDOWS\system32\en-us
2009-07-17 13:52:43 ----D---- C:\Program Files\Reference Assemblies
2009-07-17 13:52:06 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-07-17 13:49:17 ----RSD---- C:\WINDOWS\assembly
2009-07-17 13:48:33 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-17 13:47:55 ----HD---- C:\WINDOWS$NtUninstallWIC$
2009-07-15 13:51:18 ----D---- C:\Documents and Settings\Admin\Application Data\Nokia Ovi Suite
2009-07-15 13:38:29 ----HD---- C:\WINDOWS$NtUninstallWudf01007$
2009-07-15 13:32:21 ----D---- C:\Documents and Settings\Admin\Application Data\Nokia
2009-07-15 13:23:05 ----D---- C:\Program Files\PC Connectivity Solution
2009-07-15 13:21:49 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-15 13:20:51 ----HD---- C:\WINDOWS$NtUninstallWMFDist11$
2009-07-15 13:19:17 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-15 13:18:51 ----HD---- C:\WINDOWS$NtUninstallWudf01000$
2009-07-15 13:16:38 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
2009-07-15 11:12:56 ----SHD---- C:\Config.Msi
2009-07-13 17:53:07 ----D---- C:\Documents and Settings\Admin\Application Data\FrostWire
2009-07-13 17:52:48 ----D---- C:\Program Files\FrostWire
2009-07-13 16:25:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-07-13 16:25:32 ----D---- C:\Documents and Settings\Admin\Application Data\PC Suite
2009-07-13 16:25:03 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-07-13 16:24:59 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-13 16:24:58 ----HD---- C:\WINDOWS$NtUninstallWdf01007$
2009-07-13 16:22:11 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-07-13 16:21:46 ----D---- C:\Program Files\Fichiers communs\Nokia
2009-07-13 16:21:33 ----D---- C:\Program Files\MSXML 6.0
2009-07-13 16:21:06 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-07-12 15:46:03 ----D---- C:\Program Files\DIFX
2009-07-12 15:43:57 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2009-07-12 15:43:56 ----D---- C:\Program Files\Nokia
2009-07-12 15:35:19 ----SHD---- C:\WINDOWS\ftpcache
2009-07-06 20:25:25 ----D---- C:\Documents and Settings\Admin\Application Data\YoudaGames
2009-07-06 20:23:15 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
======List of files/folders modified in the last 1 months======
2009-08-04 15:09:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 15:07:36 ----RASH---- C:\boot.ini
2009-08-04 15:07:36 ----A---- C:\WINDOWS\win.ini
2009-08-04 15:07:36 ----A---- C:\WINDOWS\system.ini
2009-08-04 00:51:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-30 23:47:04 ----A---- C:\scancode.txt
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520]
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-25 13312]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-05 223616]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-07 1270540]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-02-24 2311680]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-21 369024]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.sys [2004-12-08 16896]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2009-05-05 6144]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-03-02 240640]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-07 185824]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-05 12416]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616]
R3 usbehci;Pilote miniport de contrôleur d’hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-05 17024]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2008-07-24 15264]
S1 avgio;avgio; ??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-08-04 132040]
S1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-08-04 25160]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-08-04 28520]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 catchme;catchme; ??\C:\nik.o—\catchme.sys []
S3 mbr;mbr; ??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 32768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Classe d’imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2008-07-24 47744]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 anbmService;Notebook Manager Service; C:\Acer\eManager\anbmServ.exe [2004-08-16 1287168]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-08-04 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-04 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-12 152984]
R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-05 19456]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S2 6to4;Service d’application d’assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-04 707152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 p2pgasvc;Authentification de groupe réseau homologue; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 p2pimsvc;Gestionnaire d’identité réseau homologue; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 p2psvc;Réseau homologue; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 PNRPSvc;Protocole de résolution de noms d’homologues; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
Info RSIT :
info.txt logfile of random’s system information tool 1.06 2009-08-04 15:46:36
======Uninstall list======
–>C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer French Guide Link\Uninst.isu"
–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe” -l0x40c -uninst
–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook–>C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Adobe Flash Player 10 ActiveX–>C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Shockwave Player 11.5–>“C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe”
Agere Systems AC’97 Modem–>agrsmdel
Arcade 3.0–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe” -uninstall
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Avira AntiVir Personal - Free Antivirus–>C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Brother MFL-Pro Suite–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe” -l0x40c Brunin03.dll -removeonly
CCleaner (remove only)–>“C:\Program Files\CCleaner\uninst.exe”
Comodo HopSurf–>“C:\Program Files\Comodo\HopSurfToolbar\HopSurf.exe”
FormatFactory 2.00–>C:\Program Files\FreeTime\FormatFactory\uninst.exe
FrostWire 4.18.0–>C:\Program Files\FrostWire\Uninstall.exe
HijackThis 2.0.2–>“C:\Documents and Settings\Admin\Bureau\HijackThis.exe” /uninstall
JAF Setup–>“C:\Program Files\ODEON\JAF\uninstall.exe”
Jahshaka–>C:\Program Files\Jahshaka\uninst-jahshaka.exe
Java™ 6 Update 13–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Mega Codec Pack 4.9.5–>“C:\Program Files\K-Lite Codec Pack\unins000.exe”
Launch Manager–>C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Microsoft .NET Framework 2.0–>C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0–>c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0–>MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7–>“C:\WINDOWS$NtUninstallWdf01007$\spuninst\spuninst.exe”
Microsoft User-Mode Driver Framework Feature Pack 1.7–>“C:\WINDOWS$NtUninstallWudf01007$\spuninst\spuninst.exe”
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022–>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.12)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN–>C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVC80_x86–>MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSVC90_x86–>MsiExec.exe /I{218D629E-8D06-4B23-A238-EB869770B6CC}
MSXML 6.0 Parser–>MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
msxml4–>MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
Nokia Connectivity Cable Driver–>MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Map Loader–>MsiExec.exe /I{45D4F727-43B5-49CD-B474-B9866A8F4FB8}
Nokia Maps Updater 1.0.8–>“C:\Program Files\Nokia\Nokia Maps Updater\Uninstall Information\unins000.exe”
Nokia Ovi Suite–>C:\Documents and Settings\All Users\Application Data\OviInstallerCache{0CDE38EE-5DA4-4765-A061-1BC6B7255ECB}\Nokia_Ovi_Suite_0_4_7_0_eng.exe
Nokia Ovi Suite–>MsiExec.exe /X{0CDE38EE-5DA4-4765-A061-1BC6B7255ECB}
Nokia Software Updater–>MsiExec.exe /X{9AB7DB33-190D-402D-9155-BF9BDE8C0AF5}
Nokia Software Updater–>MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
NTI Backup NOW! 4–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1036 BUN4
NTI CD & DVD-Maker Gold–>C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1036 CDM7
OpenLibraries–>C:\Program Files\OpenLibraries\uninst-openlibraries.exe
OpenOffice.org 3.0–>MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Ovi Desktop Sync Engine–>MsiExec.exe /X{D33466A6-2AA3-45F5-A7A4-9810C28349F6}
OviMPlatform–>MsiExec.exe /I{267A919F-477C-4293-807B-C9D89287FEB3}
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)–>C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
PC Connectivity Solution–>MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PowerProducer–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.EXE” -uninstall
Prism Video Converter–>C:\Program Files\NCH Software\Prism\uninst.exe
Realtek AC’97 Audio–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” REMOVE
SiS 900 PCI Fast Ethernet Adapter Driver–>C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities–>Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf
SiSAGP driver–>RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe” -l0x40c
Synaptics Pointing Device Driver–>rundll32.exe “C:\Program Files\Synaptics\SynTP\SynISDLL.dll”,standAloneUninstall
UsbFix–>C:\UsbFix\Uninstal.exe
Windows Communication Foundation–>MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component–>“C:\WINDOWS$NtUninstallWIC$\spuninst\spuninst.exe”
Windows Media Format 11 runtime–>“C:\Program Files\Windows Media Player\wmsetsdk.exe” /UninstallAll
Windows Media Format 11 runtime–>“C:\WINDOWS$NtUninstallWMFDist11$\spuninst\spuninst.exe”
Windows Presentation Foundation–>MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation–>MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: ACER-6281EFDEF1
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l’état : en cours d’exécution.
Record Number: 1701
Source Name: Service Control Manager
Time Written: 20090618105844.000000+120
Event Type: Informations
User:
Computer Name: ACER-6281EFDEF1
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.
Record Number: 1700
Source Name: Service Control Manager
Time Written: 20090618105844.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: ACER-6281EFDEF1
Event Code: 7036
Message: Le service Service de découvertes SSDP est entré dans l’état : en cours d’exécution.
Record Number: 1699
Source Name: Service Control Manager
Time Written: 20090618105841.000000+120
Event Type: Informations
User:
Computer Name: ACER-6281EFDEF1
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de découvertes SSDP.
Record Number: 1698
Source Name: Service Control Manager
Time Written: 20090618105839.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: ACER-6281EFDEF1
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d’utilisateur est entré dans l’état : en cours d’exécution.
Record Number: 1697
Source Name: Service Control Manager
Time Written: 20090618105839.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: ACER-6281EFDEF1
Event Code: 0
Message:
Record Number: 7311
Source Name: OviSuite
Time Written: 20090730165040.000000+120
Event Type: Informations
User:
Computer Name: ACER-6281EFDEF1
Event Code: 0
Message:
Record Number: 7310
Source Name: OviSuite
Time Written: 20090730165039.000000+120
Event Type: Informations
User:
Computer Name: ACER-6281EFDEF1
Event Code: 0
Message:
Record Number: 7309
Source Name: OviSuite
Time Written: 20090730165039.000000+120
Event Type: Informations
User:
Computer Name: ACER-6281EFDEF1
Event Code: 0
Message:
Record Number: 7308
Source Name: OviSuite
Time Written: 20090730165027.000000+120
Event Type: Informations
User:
Computer Name: ACER-6281EFDEF1
Event Code: 0
Message:
Record Number: 7307
Source Name: OviSuite
Time Written: 20090730165027.000000+120
Event Type: Informations
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“Path”=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\OpenLibraries\bin;C:\Program Files\Jahshaka…\gtk2\bin;C:\Program Files\Jahshaka…\mlt\bin
“windir”=%SystemRoot%
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“PROCESSOR_ARCHITECTURE”=x86
“PROCESSOR_LEVEL”=15
“PROCESSOR_IDENTIFIER”=x86 Family 15 Model 28 Stepping 0, AuthenticAMD
“PROCESSOR_REVISION”=1c00
“NUMBER_OF_PROCESSORS”=1
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“PYTHONPATH”=C:\Program Files\OpenLibraries\python
“MLT_REPOSITORY”=C:\Program Files\Jahshaka…\mlt\share\mlt\modules
-----------------EOF-----------------
Log GenProc :
Rapport GenProc 2.611 [2] - 04.08.2009 à 15:49:34
@ Windows XP Service Pack 2 - Mode normal
@ Mozilla Firefox (3.0.12) [Navigateur par défaut]
GenProc n’a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Etape 1/ Télécharge :
ToolsCleaner! pc-system.fr… (A.Rothstein & Dj QUIOU) sur ton Bureau.
Etape 2/
- Double-clique sur ToolsCleaner2.exe pour le lancer.
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options Facultatives.
- Clique sur Quitter pour obtenir le rapport C:\TCleaner.txt
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:).
Etape 3/
Poste un rapport Nod32 www.eset-nod32.fr… (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c’est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:35, on 04.08.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Palringo\palringo.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Documents and Settings\Admin\Bureau\CIS_Setup_3.10.102363.531_XP_Vista_x32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Admin\Bureau\GenProc\outil\Admin_GenProc.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = global.acer.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM…\Run: [LaunchApp] Alaunch
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM…\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM…\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM…\Run: [PCMService] “C:\Program Files\Arcade\PCMService.exe”
O4 - HKLM…\Run: [IMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32
O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM…\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM…\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [Palringo] “C:\Program Files\Palringo\palringo.exe” /hidden
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
–
End of file - 5908 bytes
~~ Fin à 15:51:44 ~~