A voir également:
- Virus mOvnonh
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
2 réponses
Bonjour,
Telecharges RSIT sur ton bureau
http://images.malwareremoval.com/random/RSIT.exe
- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continu " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est présent sur le pc >> Il faudra accepter la license
- Une fois l'analyse terminée, 2 rapports textes s'ouvrent > log.txt à l'ecran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
Telecharges RSIT sur ton bureau
http://images.malwareremoval.com/random/RSIT.exe
- Fermes toutes les applications en cours et double clic sur RSIT.exe
- Selectionnes " Continu " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est présent sur le pc >> Il faudra accepter la license
- Une fois l'analyse terminée, 2 rapports textes s'ouvrent > log.txt à l'ecran et info.txt dans la barre des taches
- Postes le contenu des 2 rapports
voici log
Logfile of random's system information tool 1.05 (written by random/random)
Run by augustin at 2009-03-05 12:40:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 760 MB (8%) free of 9 GB
Total RAM: 192 MB (13% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-26 304736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-26 185872]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2008-11-26 69632]
"PowerS"=C:\WINDOWS\PowerS.exe [2001-08-03 159800]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"aecgw"=c:\documents and settings\augustin\local settings\application data\aecgw.exe [2009-01-11 229376]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2007-04-17 7247408]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2009-02-07 108562]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Remote Control.lnk - C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
Schedule Manager.lnk - C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-10 52224]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=0
"NoSetFolders"=0
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoFolderOptions"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls"
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE"="C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a865a0-f947-11dd-947c-0050bf20f7c0}]
shell\AutoRun\command - J:\m0vnonh.bat
shell\open\command - J:\m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac277d0-db62-11dd-a8c5-0050bf20f7c0}]
shell\AutoRun\command - J:\m0vnonh.bat
shell\open\command - J:\m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88347021-b63f-11dd-abce-0000b4834314}]
shell\AutoRun\command - J:\uxkktr.cmd
shell\explore\command - J:\uxkktr.cmd
shell\open\command - J:\uxkktr.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1356565-e24f-11dd-a8e1-0050bf20f7c0}]
shell\autOpLAy\command - eaup.exe
shell\AutoRun\command - eaup.exe
shell\eXplorE\command - eaup.exe
shell\Open\command - eaup.exe
======List of files/folders created in the last 1 months======
2009-03-05 12:40:48 ----D---- C:\Program Files\trend micro
2009-03-05 12:40:39 ----D---- C:\rsit
2009-03-05 12:33:14 ----A---- C:\WINDOWS\TSCTNDBG.INI
2009-03-05 11:23:43 ----RSH---- C:\m0vnonh.bat
2009-03-04 19:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Network Associates
2009-03-04 19:45:15 ----D---- C:\Program Files\Network Associates
2009-03-04 19:45:15 ----D---- C:\Program Files\Common Files\Network Associates
2009-02-15 18:10:59 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-02-15 18:10:59 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-13 21:44:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-11 19:34:38 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-02-11 19:34:37 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
======List of files/folders modified in the last 1 months======
2009-03-05 12:41:40 ----A---- C:\WINDOWS\TSNV_I2C.INI
2009-03-05 12:40:48 ----RD---- C:\Program Files
2009-03-05 12:40:36 ----D---- C:\WINDOWS\Prefetch
2009-03-05 12:33:14 ----D---- C:\WINDOWS
2009-03-05 12:33:13 ----A---- C:\WINDOWS\Tsctvfm.ini
2009-03-05 12:32:51 ----A---- C:\WINDOWS\TSCTV.INI
2009-03-05 12:32:45 ----D---- C:\WINDOWS\Temp
2009-03-05 12:29:32 ----A---- C:\WINDOWS\IFOLDER.INI
2009-03-05 12:29:31 ----D---- C:\WINDOWS\system32\drivers
2009-03-05 12:29:31 ----D---- C:\WINDOWS\system32
2009-03-05 12:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-05 11:53:33 ----D---- C:\quarantine
2009-03-04 19:47:39 ----SHD---- C:\WINDOWS\Installer
2009-03-04 19:45:15 ----D---- C:\Program Files\Common Files
2009-03-04 19:12:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-04 19:07:06 ----D---- C:\Documents and Settings\augustin\Application Data\.purple
2009-03-04 18:34:47 ----D---- C:\WINDOWS\Minidump
2009-03-04 07:18:19 ----HD---- C:\WINDOWS\inf
2009-03-04 07:17:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-03 19:57:13 ----SD---- C:\Documents and Settings\augustin\Application Data\Microsoft
2009-03-03 19:43:40 ----SHD---- C:\RECYCLER
2009-03-03 17:58:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 17:51:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-02 17:50:53 ----A---- C:\WINDOWS\PIXELTV.INI
2009-02-15 22:02:09 ----D---- C:\WINDOWS\system32\config
2009-02-13 21:45:35 ----D---- C:\Documents and Settings
2009-02-13 09:53:15 ----D---- C:\Documents and Settings\augustin\Application Data\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 BT878;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 100092]
R2 BTTUNER;BtTuner, WDM TV Tuner; C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 28127]
R2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 8301]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\ne2000.sys [2001-08-17 15872]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-10 40704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\augustin\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]
-----------------EOF-----------------
voici info
info.txt logfile of random's system information tool 1.05 2009-03-05 12:41:58
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Bibliothèques GTK+ 2.12.12 rev a (supprimer uniquement)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Édition Entreprise (Français)-->"C:\Program Files\Microsoft Visual Studio\VB98\Setup\1036\Setup.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miranda IM 0.7.14-->C:\Program Files\Miranda IM\Uninstall.exe
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library pour Visual Studio 6.0a (Français)-->"C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1036\Setup\Setup.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801033}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PlayTV Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Prolink\PlayTV Pro\DeIsL1.isu" -c"C:\Program Files\Prolink\PlayTV Pro\_ISREG32.DLL"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081127-0] (outdated)
System event log
Computer Name: AUGUSTIN
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.
Record Number: 9537
Source Name: Service Control Manager
Time Written: 20090202063121.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 9536
Source Name: Service Control Manager
Time Written: 20090202063108.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 7035
Message: The EntDrv51 service was successfully sent a start control.
Record Number: 9535
Source Name: Service Control Manager
Time Written: 20090202063108.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: AUGUSTIN
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.
Record Number: 9534
Source Name: Service Control Manager
Time Written: 20090202063105.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: AUGUSTIN
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.
Record Number: 9533
Source Name: Service Control Manager
Time Written: 20090202063103.000000+060
Event Type: information
User:
Application event log
Computer Name: AUGUSTIN
Event Code: 1002
Message: Hanging application pidgin.exe, version 2.5.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 453
Source Name: Application Hang
Time Written: 20090302174726.000000+060
Event Type: error
User:
Computer Name: AUGUSTIN
Event Code: 1002
Message: Hanging application pidgin.exe, version 2.5.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 452
Source Name: Application Hang
Time Written: 20090302174719.000000+060
Event Type: error
User:
Computer Name: AUGUSTIN
Event Code: 1800
Message: The Windows Security Center Service has started.
Record Number: 451
Source Name: SecurityCenter
Time Written: 20090302173353.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 1001
Message: Checking file system on F:
The type of the file system is NTFS.
Volume label is Nouveau nom.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
19430585 KB total disk space.
14483424 KB in 15370 files.
4816 KB in 1389 indexes.
0 KB in bad sectors.
84265 KB in use by the system.
65536 KB occupied by the log file.
4858080 KB available on disk.
4096 bytes in each allocation unit.
4857646 total allocation units on disk.
1214520 allocation units available on disk.
Internal Info:
10 45 00 00 82 41 00 00 50 56 00 00 00 00 00 00 .E...A..PV......
af 00 00 00 00 00 00 00 41 00 00 00 00 00 00 00 ........A.......
80 83 62 01 00 00 00 00 00 02 45 0b 00 00 00 00 ..b.......E.....
f0 94 14 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 90 35 69 15 00 00 00 00 .........5i.....
99 9e 36 00 00 00 00 00 b0 3b 07 00 0a 3c 00 00 ..6......;...<..
00 00 00 00 00 80 ff 73 03 00 00 00 6d 05 00 00 .......s....m...
Record Number: 450
Source Name: Winlogon
Time Written: 20090302173238.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 1001
Message: Checking file system on D:
The type of the file system is NTFS.
Volume label is Nouveau nom.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
8859815 KB total disk space.
8391804 KB in 16554 files.
4788 KB in 1058 indexes.
0 KB in bad sectors.
64799 KB in use by the system.
46352 KB occupied by the log file.
398424 KB available on disk.
4096 bytes in each allocation unit.
2214953 total allocation units on disk.
99606 allocation units available on disk.
Internal Info:
20 45 00 00 d7 44 00 00 0c 58 00 00 00 00 00 00 E...D...X......
59 00 00 00 00 00 00 00 37 00 00 00 00 00 00 00 Y.......7.......
c0 d9 74 01 00 00 00 00 30 89 46 0b 00 00 00 00 ..t.....0.F.....
70 5b 08 01 00 00 00 00 00 00 00 00 00 00 00 00 p[..............
00 00 00 00 00 00 00 00 d0 d9 e8 14 00 00 00 00 ................
99 9e 36 00 00 00 00 00 b0 3b 07 00 aa 40 00 00 ..6......;...@..
00 00 00 00 00 f0 31 00 02 00 00 00 22 04 00 00 ......1....."...
Record Number: 449
Source Name: Winlogon
Time Written: 20090302173238.000000+060
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0703
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Logfile of random's system information tool 1.05 (written by random/random)
Run by augustin at 2009-03-05 12:40:39
Microsoft Windows XP Professional Service Pack 2
System drive C: has 760 MB (8%) free of 9 GB
Total RAM: 192 MB (13% free)
HijackThis download failed
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-26 304736]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-26 185872]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2008-11-26 69632]
"PowerS"=C:\WINDOWS\PowerS.exe [2001-08-03 159800]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2005-03-14 1057280]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"aecgw"=c:\documents and settings\augustin\local settings\application data\aecgw.exe [2009-01-11 229376]
"FreeCall"=C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe [2007-04-17 7247408]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2009-02-07 108562]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Remote Control.lnk - C:\Program Files\Prolink\PlayTV Pro\TVRMVCR.EXE
Schedule Manager.lnk - C:\Program Files\Prolink\PlayTV Pro\TVSCHL.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-10 52224]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogOff"=0
"NoSetFolders"=0
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoFolderOptions"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe"="C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe:*:Enabled:InternetCalls"
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE"="C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic"
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe"="C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27a865a0-f947-11dd-947c-0050bf20f7c0}]
shell\AutoRun\command - J:\m0vnonh.bat
shell\open\command - J:\m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ac277d0-db62-11dd-a8c5-0050bf20f7c0}]
shell\AutoRun\command - J:\m0vnonh.bat
shell\open\command - J:\m0vnonh.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88347021-b63f-11dd-abce-0000b4834314}]
shell\AutoRun\command - J:\uxkktr.cmd
shell\explore\command - J:\uxkktr.cmd
shell\open\command - J:\uxkktr.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1356565-e24f-11dd-a8e1-0050bf20f7c0}]
shell\autOpLAy\command - eaup.exe
shell\AutoRun\command - eaup.exe
shell\eXplorE\command - eaup.exe
shell\Open\command - eaup.exe
======List of files/folders created in the last 1 months======
2009-03-05 12:40:48 ----D---- C:\Program Files\trend micro
2009-03-05 12:40:39 ----D---- C:\rsit
2009-03-05 12:33:14 ----A---- C:\WINDOWS\TSCTNDBG.INI
2009-03-05 11:23:43 ----RSH---- C:\m0vnonh.bat
2009-03-04 19:45:51 ----D---- C:\Documents and Settings\All Users\Application Data\Network Associates
2009-03-04 19:45:15 ----D---- C:\Program Files\Network Associates
2009-03-04 19:45:15 ----D---- C:\Program Files\Common Files\Network Associates
2009-02-15 18:10:59 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-02-15 18:10:59 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-13 21:44:40 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-11 19:34:38 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-02-11 19:34:37 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
======List of files/folders modified in the last 1 months======
2009-03-05 12:41:40 ----A---- C:\WINDOWS\TSNV_I2C.INI
2009-03-05 12:40:48 ----RD---- C:\Program Files
2009-03-05 12:40:36 ----D---- C:\WINDOWS\Prefetch
2009-03-05 12:33:14 ----D---- C:\WINDOWS
2009-03-05 12:33:13 ----A---- C:\WINDOWS\Tsctvfm.ini
2009-03-05 12:32:51 ----A---- C:\WINDOWS\TSCTV.INI
2009-03-05 12:32:45 ----D---- C:\WINDOWS\Temp
2009-03-05 12:29:32 ----A---- C:\WINDOWS\IFOLDER.INI
2009-03-05 12:29:31 ----D---- C:\WINDOWS\system32\drivers
2009-03-05 12:29:31 ----D---- C:\WINDOWS\system32
2009-03-05 12:26:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-05 11:53:33 ----D---- C:\quarantine
2009-03-04 19:47:39 ----SHD---- C:\WINDOWS\Installer
2009-03-04 19:45:15 ----D---- C:\Program Files\Common Files
2009-03-04 19:12:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-04 19:07:06 ----D---- C:\Documents and Settings\augustin\Application Data\.purple
2009-03-04 18:34:47 ----D---- C:\WINDOWS\Minidump
2009-03-04 07:18:19 ----HD---- C:\WINDOWS\inf
2009-03-04 07:17:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-03 19:57:13 ----SD---- C:\Documents and Settings\augustin\Application Data\Microsoft
2009-03-03 19:43:40 ----SHD---- C:\RECYCLER
2009-03-03 17:58:09 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 17:51:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-02 17:50:53 ----A---- C:\WINDOWS\PIXELTV.INI
2009-02-15 22:02:09 ----D---- C:\WINDOWS\system32\config
2009-02-13 21:45:35 ----D---- C:\Documents and Settings
2009-02-13 09:53:15 ----D---- C:\Documents and Settings\augustin\Application Data\vlc
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 BT878;BtCap, WDM Video Capture; C:\WINDOWS\system32\drivers\BT878.SYS [2004-04-07 100092]
R2 BTTUNER;BtTuner, WDM TV Tuner; C:\WINDOWS\system32\drivers\BTTUNER.SYS [2004-04-07 28127]
R2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.SYS [2004-04-07 8301]
R3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ne2000;Novell/Eagle NE2000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\ne2000.sys [2001-08-17 15872]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-10 40704]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\augustin\LOCALS~1\Temp\mc21.tmp []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-09-22 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]
-----------------EOF-----------------
voici info
info.txt logfile of random's system information tool 1.05 2009-03-05 12:41:58
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Assistant Publication de sites Web Microsoft 1.53-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Bibliothèques GTK+ 2.12.12 rev a (supprimer uniquement)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
FreeCall-->"C:\Program Files\FreeCall.com\FreeCall\unins000.exe"
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Édition Entreprise (Français)-->"C:\Program Files\Microsoft Visual Studio\VB98\Setup\1036\Setup.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Miranda IM 0.7.14-->C:\Program Files\Miranda IM\Uninstall.exe
Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library pour Visual Studio 6.0a (Français)-->"C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1036\Setup\Setup.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{C985153C-3801-EB63-1432-088E71801033}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PlayTV Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Prolink\PlayTV Pro\DeIsL1.isu" -c"C:\Program Files\Prolink\PlayTV Pro\_ISREG32.DLL"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"
Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081127-0] (outdated)
System event log
Computer Name: AUGUSTIN
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.
Record Number: 9537
Source Name: Service Control Manager
Time Written: 20090202063121.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 9536
Source Name: Service Control Manager
Time Written: 20090202063108.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 7035
Message: The EntDrv51 service was successfully sent a start control.
Record Number: 9535
Source Name: Service Control Manager
Time Written: 20090202063108.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: AUGUSTIN
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.
Record Number: 9534
Source Name: Service Control Manager
Time Written: 20090202063105.000000+060
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: AUGUSTIN
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.
Record Number: 9533
Source Name: Service Control Manager
Time Written: 20090202063103.000000+060
Event Type: information
User:
Application event log
Computer Name: AUGUSTIN
Event Code: 1002
Message: Hanging application pidgin.exe, version 2.5.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 453
Source Name: Application Hang
Time Written: 20090302174726.000000+060
Event Type: error
User:
Computer Name: AUGUSTIN
Event Code: 1002
Message: Hanging application pidgin.exe, version 2.5.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 452
Source Name: Application Hang
Time Written: 20090302174719.000000+060
Event Type: error
User:
Computer Name: AUGUSTIN
Event Code: 1800
Message: The Windows Security Center Service has started.
Record Number: 451
Source Name: SecurityCenter
Time Written: 20090302173353.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 1001
Message: Checking file system on F:
The type of the file system is NTFS.
Volume label is Nouveau nom.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
19430585 KB total disk space.
14483424 KB in 15370 files.
4816 KB in 1389 indexes.
0 KB in bad sectors.
84265 KB in use by the system.
65536 KB occupied by the log file.
4858080 KB available on disk.
4096 bytes in each allocation unit.
4857646 total allocation units on disk.
1214520 allocation units available on disk.
Internal Info:
10 45 00 00 82 41 00 00 50 56 00 00 00 00 00 00 .E...A..PV......
af 00 00 00 00 00 00 00 41 00 00 00 00 00 00 00 ........A.......
80 83 62 01 00 00 00 00 00 02 45 0b 00 00 00 00 ..b.......E.....
f0 94 14 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 90 35 69 15 00 00 00 00 .........5i.....
99 9e 36 00 00 00 00 00 b0 3b 07 00 0a 3c 00 00 ..6......;...<..
00 00 00 00 00 80 ff 73 03 00 00 00 6d 05 00 00 .......s....m...
Record Number: 450
Source Name: Winlogon
Time Written: 20090302173238.000000+060
Event Type: information
User:
Computer Name: AUGUSTIN
Event Code: 1001
Message: Checking file system on D:
The type of the file system is NTFS.
Volume label is Nouveau nom.
One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 1 unused index entries from index $SII of file 0x9.
Cleaning up 1 unused index entries from index $SDH of file 0x9.
Cleaning up 1 unused security descriptors.
8859815 KB total disk space.
8391804 KB in 16554 files.
4788 KB in 1058 indexes.
0 KB in bad sectors.
64799 KB in use by the system.
46352 KB occupied by the log file.
398424 KB available on disk.
4096 bytes in each allocation unit.
2214953 total allocation units on disk.
99606 allocation units available on disk.
Internal Info:
20 45 00 00 d7 44 00 00 0c 58 00 00 00 00 00 00 E...D...X......
59 00 00 00 00 00 00 00 37 00 00 00 00 00 00 00 Y.......7.......
c0 d9 74 01 00 00 00 00 30 89 46 0b 00 00 00 00 ..t.....0.F.....
70 5b 08 01 00 00 00 00 00 00 00 00 00 00 00 00 p[..............
00 00 00 00 00 00 00 00 d0 d9 e8 14 00 00 00 00 ................
99 9e 36 00 00 00 00 00 b0 3b 07 00 aa 40 00 00 ..6......;...@..
00 00 00 00 00 f0 31 00 02 00 00 00 22 04 00 00 ......1....."...
Record Number: 449
Source Name: Winlogon
Time Written: 20090302173238.000000+060
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0703
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
