Trojan JS:ScriptPE-inf [Trj] on site Solved

Question

Hello,

Since yesterday, when I try to access my website, Avast blocks a Trojan at startup!

It is therefore JS:ScriptPE-inf [Trj]. I attempted a virus scan and it found it in my temporary files, I removed it but I don't understand how to get rid of this Trojan on my website? I tried a Google search and nothing came up about this kind of problem...

A friend told me it was a JavaScript issue, that it wasn't a Trojan, since only Avast is blocking access. In fact, several people with Avast are blocked, but those with other antivirus programs can access my site without problems...

I would appreciate a little help if someone can assist me :)

Thanks in advance

Sev

Configuration: Windows XP Firefox 3.0.7

gen-hackman · Accepted Answer

hello :

Avast is a sieve and says anything:

Switching from Avast to AntiVir:

Uninstall via Add/Remove Programs (if present):

* Avast!

Download and run the Avast Uninstaller.:

This will remove most traces of the Avast! product from Alwil Software.

Download Ccleaner to your desktop.:

* Click on "download the latest version"
* Install it by only checking the following options:

- Add a shortcut on the Desktop
- Automatically check for CCleaner updates

* Run the Cleaning
* Click on Search for issues and back up if you wish.

more details on the configuration of ccleaner will be given later

tutorial: How to use CCleaner.
***************

Download Antivir in French or: Antivir in French to your desktop.:

* Double-click on the downloaded executable to start the installation.
* At the end of the installation, click on Finish.
* Open Antivir, make sure it is up to date!
* In the Local Protection tab, choose Control.
* Enable rootkit detection via the + of Rootkit Search, then in Manual Selection, check everything (your hard drive partitions).
* Click on the middle magnifying glass to start the scan as Administrator.
* Post the generated report to me: To do this, click on the Overview tab, then choose Reports, you will find its report..
* Select the report and click on the icon "View the report file of the selected report."

Note: For more effective threat eradication, run the scan in safe mode.

Why change?: Avast Vs Antivir

Antivir Tutorial: How to install and use AntiVir.

Antivir Configuration (Thanks Nico) :

right-click on its icon in the taskbar and select Configure Antivir.

check the box: Expert Mode.

=> Click on Scanner in the left panel:

> In "Files" select All files.

> In search procedure, check Allow stopping, and in "scanner priority" select High.

> In "Other settings" check all the boxes.

DO NOT FORGET THE ROOTKIT SEARCH WHICH IS VERY IMPORTANT!

=> Click on "Search" in the left panel and apply the same settings as before.

=> Expand "Search" by clicking on the +. Click on "Heuristic":

> Check "MacroVirus Heuristic" and "Win32 file heuristic" with a detection level of HIGH!

=> In the left panel, expand "Guard" then expand "Search":

> Check "MacroVirus Heuristic" and "Win32 file heuristic" with a detection level of HIGH!

--
®© ----™g3и-н@¢км@и™---- ©®

gen-hackman · Answer

an analysis with what Avast?

you'll see that with antivirus you'll find things in my opinion (at least one lol)
--
®© ----™g3и-н@¢км@и™---- ©®

sev1711 · Answer

Yes, yes, with Avast, it found the same trj file in my temporary files, I even did a thorough one, it took me the whole day for that lol

And I also tried a cleanup with Ccleaner

By the way, is it useful to have software like Spybot?

Thank you again

gen-hackman · Answer

Yes, absolutely, although it's quite heavy for the system, it's very useful to have antispyware.

That said, I would recommend Superantispyware Pro version (paid), but for free, nothing beats Spybot or Spyware Terminator (do not install the Crawler Toolbar or ClamAV as they are unnecessary).
--
®© ----™g3и-н@¢км@и™---- ©®

sev1711 · Answer

Here's the report, apparently it found nothing, it's really strange, but since I removed Avast, I can access my site without any issue, Antivirus doesn't report any Trojan?

Avira AntiVir Personal
Report file creation date: Friday, March 27, 2009 11:36

The search concerns 1,327,755 virus strains.

License holder: Avira AntiVir Personal Edition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Started normally
Identifier: Severine
Computer name: 3070E45E2DF3478

Version information:
BUILD.DAT: 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE: 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL: 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL: 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL: 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF: 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF: 7.1.2.12 3336192 Bytes 11/02/2009 10:23:53
ANTIVIR2.VDF: 7.1.2.199 1008640 Bytes 22/03/2009 10:23:57
ANTIVIR3.VDF: 7.1.2.225 239104 Bytes 27/03/2009 10:23:58
Engine version: 8.2.0.129
AEVDF.DLL: 8.1.1.0 106868 Bytes 27/03/2009 10:24:07
AESCRIPT.DLL: 8.1.1.70 369019 Bytes 27/03/2009 10:24:06
AESCN.DLL: 8.1.1.8 127346 Bytes 27/03/2009 10:24:05
AERDL.DLL: 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL: 8.1.3.11 397687 Bytes 27/03/2009 10:24:04
AEOFFICE.DLL: 8.1.0.36 196987 Bytes 27/03/2009 10:24:03
AEHEUR.DLL: 8.1.0.111 1679736 Bytes 27/03/2009 10:24:02
AEHELP.DLL: 8.1.2.2 119158 Bytes 27/03/2009 10:24:00
AEGEN.DLL: 8.1.1.31 340341 Bytes 27/03/2009 10:23:59
AEEMU.DLL: 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL: 8.1.6.6 176501 Bytes 27/03/2009 10:23:58
AEBB.DLL: 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL: 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL: 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL: 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL: 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL: 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL: 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL: 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL: 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL: 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL: 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL: 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration for the current search:
Task name..................: Rootkit Search
Configuration file.........: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Documentation....................: high
Main action................: interactive
Secondary action................: ignore
Search on master boot sectors: on
Search on boot sectors: on
Search in active programs: off
Registry search in progress: off
Rootkit search............: on
Search mode file........: All files
Search in archives.......: on
Limit recursion depth: 20
Archive Smart Extensions.........: on
Macrovirus heuristic........: on
File heuristic..............: high
Extended search parameters..: 0x00300922

Search start: Friday, March 27, 2009 11:36

The search for hidden objects begins.
'456379' objects have been checked, '0' hidden objects have been found.

Search end: Friday, March 27, 2009 12:00
Time taken: 24:32 Minute(s)

The search has been completed in full

0 Directories have been checked
0 Files have been checked
0 Viruses or unwanted programs found
0 Files have been classified as suspicious
0 Files have been deleted
0 Viruses or unwanted programs have been repaired
0 Files have been moved to quarantine
0 Files have been renamed
0 Unable to check files
0 Uninfected files
0 Archives have been checked
0 Warnings
0 Instructions
456379 Objects have been checked during the Rootkit scan
0 Hidden objects have been found

gen-hackman · Answer

redo the Antivir scan in safe mode without network support please --      &#174;&#169; ----&#8482g3&#1080;-&#1085;@¢&#1082;&#1084;@&#1080;&#8482---- &#169;&#174;

sev1711 · Answer

I just restarted in safe mode without network support and the scan lasts 3 seconds and stops:

Avira AntiVir Personal
Report file creation date: Friday, March 27, 2009 12:42

The scan covers 1,327,755 virus strains.

License holder: Avira AntiVir Personal Edition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Safe mode
Identifier: Severine
Computer name: 3070E45E2DF3478

Version information:
BUILD.DAT: 8.2.0.52 16931 Bytes 02/12/2008 14:55:00
AVSCAN.EXE: 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL: 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL: 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL: 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF: 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF: 7.1.2.12 3336192 Bytes 11/02/2009 10:23:53
ANTIVIR2.VDF: 7.1.2.199 1008640 Bytes 22/03/2009 10:23:57
ANTIVIR3.VDF: 7.1.2.225 239104 Bytes 27/03/2009 10:23:58
Engine version: 8.2.0.129
AEVDF.DLL: 8.1.1.0 106868 Bytes 27/03/2009 10:24:07
AESCRIPT.DLL: 8.1.1.70 369019 Bytes 27/03/2009 10:24:06
AESCN.DLL: 8.1.1.8 127346 Bytes 27/03/2009 10:24:05
AERDL.DLL: 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL: 8.1.3.11 397687 Bytes 27/03/2009 10:24:04
AEOFFICE.DLL: 8.1.0.36 196987 Bytes 27/03/2009 10:24:03
AEHEUR.DLL: 8.1.0.111 1679736 Bytes 27/03/2009 10:24:02
AEHELP.DLL: 8.1.2.2 119158 Bytes 27/03/2009 10:24:00
AEGEN.DLL: 8.1.1.31 340341 Bytes 27/03/2009 10:23:59
AEEMU.DLL: 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL: 8.1.6.6 176501 Bytes 27/03/2009 10:23:58
AEBB.DLL: 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL: 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL: 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL: 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL: 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL: 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL: 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL: 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL: 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL: 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL: 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL: 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration for the current scan:
Task name..................: Rootkit Scan
Configuration file.........: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Documentation....................: high
Main action................: interactive
Secondary action................: ignore
Scan on master boot sectors: on
Scan on boot sectors: on
Scan for running programs: off
Scan on registry: off
Rootkit scan............: on
Search mode file........: All files
Scan archives.......: on
Limit recursion depth: 20
Smart Extensions Archive.........: on
Macro virus heuristic........: on
File heuristic..............: high
Extended search parameters..: 0x00300922

Scan start: Friday, March 27, 2009 12:42

The scan for hidden objects starts.
Unable to initialize driver.

Scan end: Friday, March 27, 2009 12:42
Time required: 00:03 Minute(s)

The scan was completed in full

0 Directories were checked
0 Files were checked
0 Viruses or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses or unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Unable to check files
0 Non-infected files
0 Archives were checked
0 Warnings
0 Instructions

gen-hackman · Answer

ok :

Download RemoveIT Pro

Run a scan and post the full log report.

At the end of the 1st scan, if it asks to perform a full scan, say yes

At the end of the 2nd scan, if a virus is found click on "fix" to clean the detected viruses.
--
®© ----™g3и-н@¢ко@и™---- ©®

sev1711 · Answer

Sorry, I can’t assist with that.

gen-hackman · Answer

Download Superantispyware (SAS)

Choose "Save" and save it to your desktop.

Double-click on the installation icon that has just been created and follow the instructions.

Create an icon on the desktop.

Double-click on the SAS icon (a head in a red circle with a line through it) to launch it.

- If the tool asks you to update the program ("update the program definitions"), click on yes.
- Under Configuration and Preferences, click on the "Preferences" button
- Click on the "Scanning Control" tab
- In "Scanner Options", make sure the checkbox next to the following lines is checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Leave the other lines unchecked.

- Click on the "Close" button to exit the control center screen.

- In the main window, click on "Scan for Harmful Software", then "Scan your computer".

In the left column, check C:\Fixed Drive.

In the right column, under "Complete scan", click on "Perform Complete Scan"

Click on "Next" to start the scan. Wait during the scan duration.

At the end of the scan, a results window will open. Click on OK.

Make sure all lines in the white window are checked and click on "Next".

Everything that was found will be put in quarantine. If asked to restart the computer ("reboot"), click on Yes.

To copy the information to the forum, do this:

- After restarting the computer, double-click on the icon to launch SAS.
- Click on "Preferences" then on the "Statistics/Logs" tab.
- In "scanners logs", double-click on SUPERAntiSpyware Scan Log.

- The report will open in your default text editor.

- Copy its content into your reply.

Take a good look at the SUPERAntiSpyware tutorial, it is very well explained.
--
®© ----™g3и-н@¢ки™---- ©®

sev1711 · Answer

Thank you again for your help!

Here is the log now:

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 03/27/2009 at 06:31 PM

Application Version: 4.26.1000

Core Rules Database Version: 3817
Trace Rules Database Version: 1771

Scan type: Complete Scan
Total Scan Time: 02:07:21

Memory items scanned: 470
Memory threats detected: 0
Registry items scanned: 5249
Registry threats detected: 0
File items scanned: 109807
File threats detected: 33

Adware.Tracking Cookie
C:\Documents and Settings\Severine\Cookies\severine@serving-sys[2].txt
C:\Documents and Settings\Severine\Cookies\severine@bs.serving-sys[1].txt
C:\Documents and Settings\Severine\Cookies\severine@msnportal.112.2o7[1].txt
C:\Documents and Settings\Severine\Cookies\severine@247realmedia[2].txt
C:\Documents and Settings\Severine\Cookies\severine@xiti[1].txt
C:\Documents and Settings\Papa\Cookies\papa@ads.gamesbannernet[1].txt
C:\Documents and Settings\Papa\Cookies\papa@tribalfusion[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@247realmedia[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@2o7[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@ad.ifrance[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@ad.wedoo[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@ad.yieldmanager[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@adbrite[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@ads.multimania.lycos[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@ads.uploadtemple[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@adultfriendfinder[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@adv.surinter[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@apmebf[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@cdiscount[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@dictionnaire.mediadico[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@frenchwarez.keo[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@fuck-warez[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@kanoodle[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@kmpads[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@kontera[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@overture[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@srv.warez[2].txt
D:\Documents and Settings\torreip\Cookies\torreip@warez[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@weborama[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@www.clickintext[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@www.directdl[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@www.smartadserver[1].txt
D:\Documents and Settings\torreip\Cookies\torreip@xiti[1].txt

gen-hackman · Answer

ok see now if you still have the issues you had at the beginning :) --      &#174;&#169; ----&#8482g3&#1080;-&#1085;@¢&#1082;&#1080;&#8482---- &#169;&#174;

sev1711 · Answer

Thank you for everything, but yes, my site is still inaccessible for those who have Avast as it detects a trojan, now with Antivir, I can access it! But how can I tell if it's an Avast error or really a problem?

gen-hackman · Answer

ok hello well the best thing to do is to have the site tested "on different antivirus programs".

otherwise convince people who have Avast to switch to Antivir :)

they will be better off!! lol

they will have access to your site and they will be MUCH BETTER protected here is a link to convince them:

http://www.commentcamarche.net/forum/affich 11720978 trojan js scriptpe inf trj dans site?#1

they will land on the first post of our conversation (enough to convince even more :) )

which will allow them to see it live ;)

keep me posted :)

Can I have this report too?
--
®© ----™g3и-н@¢км@и™---- ©®

sev1711 · Answer

I've already started telling several people ;)  Here’s the log, I completely forgot to post it:  !Infected uninst~1.exe=;c:\;sys32.uninst~1;8c2214d1ba1a939a967477f6e22f1a80;455281;Ok; !Infected uninstall.exe=;c:\;sys32.uninstall;8c2214d1ba1a939a967477f6e22f1a80;455281;Ok; Clsid C:\WINDOWS\system32\crypt32.dll[62e4fb08c41982aca211b595b5ef4897][604672] Clsid C:\WINDOWS\system32\cryptnet.dll[025f99400e4b13912f6a952a3dc3a05c][63488] Clsid C:\WINDOWS\system32\cscdll.dll[c9e9472024ab0a5d3380753cd523b4c8][102912] Clsid C:\WINDOWS\system32\sclgntfy.dll[c4d404a4e5c0792fd1986beb212180c3][22016] Clsid c:\windows\system32\stobject.dll[5b8837602f19ca97e9f6c003ace7f43d][122368] Clsid c:\windows\system32\webcheck.dll[a163a85a0834b85faf918caadec55687][233472] Clsid C:\WINDOWS\system32\wgalogon.dll[dd8b6382e30fbb58d69610abceebd3eb][267304] Clsid C:\WINDOWS\system32\wlnotify.dll[63e971b0f93fa3f9b80ecb917f756188][94208] Proc C:\Documents and Settings\Severine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[626a24ed1228580b9518c01930936df9][133104] Proc C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe[e0fc25157263dd6177af313ae35dbfe8][61440] Proc C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[6e812818306d460d62b4abea9fdc6679][266497] Proc C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[335a142923fe7f97e8c8388acd067568][151297] Proc C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[d6c8942bea3698a2e7559bd423bfa5d7][68865] Proc C:\Program Files\Bonjour\mDNSResponder.exe[73686fe0b2e0469f89fd2075be724704][229376] Proc C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe[cd4a2a655e4dc0018e71640f210c9f1c][94208] Proc C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe[2bad84b393af47006d80ba2f03b18029][213936] Proc C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[e616a6a6e91b0a86f2f6217cde835ffe][68856] Proc C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SEemoveit.exe[4c3ee0571f3a509f74abaff607491c81][551424] Proc C:\Program Files\Java\jre6\bin\jqs.exe[890369aed0dde1a98f09f7dc239ca2bd][152984] Proc C:\Program Files\Java\jre6\bin\jusched.exe[a2d390f1f2408b94ef34bfe3a00c29d3][148888] Proc C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[390679f7a217a5e73d756276c40ae887][2260480] Proc C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[7768ce75c5cbf0d8f441ce2bbd806b7f][100032] Proc C:\Program Files\TomTom HOME 2\HOMERunner.exe[846f07a90c8769f154f5a92c788ac1fa][234856] Proc C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[97384875b6d03831b2d1820ab8952f67][5724184] Proc C:\Program Files\Windows Live\Messenger\usnsvc.exe[9d19b042a4fd5c02195071ea2fe0c821][98328] Proc C:\WINDOWS\Explorer.EXE[d0288319660edcfed07c7e74c4ea38a5][1037312] Proc C:\WINDOWS\system32\brss01a.exe[9e646cd378d4d0c996baf9bcb18237c7][45056] Proc C:\WINDOWS\system32\brsvc01a.exe[d3facb34fff5db91adb70987838f8ba7][57344] Proc C:\WINDOWS\system32\ctfmon.exe[64e41e8fee655b03e3f19ded21ba5118][15360] Proc C:\WINDOWS\system32\lsass.exe[259af82a0932eea4f316f92db94707b6][13312] Proc C:\WINDOWS\system32\services.exe[63dcde1a0d86eeb8924d6738ff616ead][108544] Proc C:\WINDOWS\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856] Proc C:\WINDOWS\system32\svchost.exe[2979b03d5382a602623c0535b16ab9c0][14336] Proc C:\WINDOWS\system32\wuauclt.exe[e654b78d2f1d791b30d0ed9a8195ec22][51224] RegRun c:\documents and settings\severine\local settings\application data\google\update\googleupdate.exe [626a24ed1228580b9518c01930936df9][133104] RegRun c:\program files\adobe\adobe photoshop lightroom 1.2\apdproxy.exe[e0fc25157263dd6177af313ae35dbfe8][61440] RegRun c:\program files\adobeeader 8.0eadereader_sl.exe[392845e8d49b5f0e81aac4d795000a8c][39792] RegRun c:\program files\avira\antivir personaledition classic\avgnt.exe [6e812818306d460d62b4abea9fdc6679][266497] RegRun c:\program files\fichiers communs\ahead\lib
erocheck.exe[c93ab037a8c792d5f8a1a9fc88a7c7c5][155648] RegRun c:\program files\fichiers communs\ahead\lib
mbgmonitor.exe[cd4a2a655e4dc0018e71640f210c9f1c][94208] RegRun c:\program files\fichiers communs\installshield\updateservice\isuspm.exe [2bad84b393af47006d80ba2f03b18029][213936] RegRun c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe[e616a6a6e91b0a86f2f6217cde835ffe][68856] RegRun c:\program files\java\jre6\bin\jusched.exe[a2d390f1f2408b94ef34bfe3a00c29d3][148888] RegRun c:\program files\spybot - search & destroy	eatimer.exe[390679f7a217a5e73d756276c40ae887][2260480] RegRun c:\program files	omtom home 2\homerunner.exe[846f07a90c8769f154f5a92c788ac1fa][234856] RegRun c:\program files\windows live\messenger\msnmsgr.exe [97384875b6d03831b2d1820ab8952f67][5724184] RegRun c:\program files\yahoo!\messenger\yahoomessenger.exe [bf7f70a930ceff0124cb70bfb0055e8f][4347120] RegRun c:\windows\system32\ctfmon.exe[64e41e8fee655b03e3f19ded21ba5118][15360] Service c:\progra~1\symantec\liveup~1\lucoms~1.exe[fb466faa799eace5075fc1de269f0066][2119360] Service c:\program files\avira\antivir personaledition classic\avguard.exe[335a142923fe7f97e8c8388acd067568][151297] Service c:\program files\avira\antivir personaledition classic\sched.exe[d6c8942bea3698a2e7559bd423bfa5d7][68865] Service c:\program files\bonjour\mdnsresponder.exe[73686fe0b2e0469f89fd2075be724704][229376] Service c:\program files\fichiers communs\macrovision shared\flexnet publisher\fnplicensingservice.exe[227846995afeefa70d328bf5334a86a5][654848] Service c:\program files\fichiers communs\microsoft shared\source engine\ose.exe[7a56cf3e3f12e8af599963b16f50fb6a][89136] Service c:\program files\google\common\google updater\googleupdaterservice.exe[1bf044e23206fddc16891a32922d571b][137200] Service c:\program files\java\jre6\bin\jqs.exe [890369aed0dde1a98f09f7dc239ca2bd][152984] Service c:\program files
ero
ero 7
ero backitup
bservice.exe[7db7924793b9bd0ec991ad321664c486][208896] Service c:\program files\symantec\liveupdate\aluschedulersvc.exe[7768ce75c5cbf0d8f441ce2bbd806b7f][100032] Service c:\program files\windows live\installer\wlsetupsvc.exe[94a85e956a065e23e0010a6a7826243b][266240] Service c:\program files\windows live\messenger\usnsvc.exe[9d19b042a4fd5c02195071ea2fe0c821][98328] Service c:\windows\system32\alg.exe[b43cc0f07752d456038cd0268e4d84e9][44544] Service c:\windows\system32\brsvc01a.exe[d3facb34fff5db91adb70987838f8ba7][57344] Service c:\windows\system32\cisvc.exe[abfac5d58218c0a655dfcae2d8a535f3][5632] Service c:\windows\system32\clipsrv.exe[e42101918c50f754fc15367814fec11c][33280] Service c:\windows\system32\dllhost.exe [9b2ce161927038d4cabe0482a14fd052][5120] Service c:\windows\system32\dmadmin.exe [647d03a59615fee96d647d4426f1537e][225280] Service c:\windows\system32\imapi.exe[17b7a4375868b8c38f2dfc98b3b420c6][150016] Service c:\windows\system32\locator.exe[dab8e0b2f07dc4d44f8f72bf3994630b][75264] Service c:\windows\system32\lsass.exe[259af82a0932eea4f316f92db94707b6][13312] Service c:\windows\system32\mnmsrvc.exe[5b219f99cf6d5be05a6c6e86c38cb7ce][32768] Service c:\windows\system32\msdtc.exe[11ca338b8765db8e2d1b459f2cfad147][6144] Service c:\windows\system32\msiexec.exe [f5f0146580e7023adb963879840777f8][78848] Service c:\windows\system32
etdde.exe[d40598fd7b7dccbfb22d777e0dfb1cf0][114176] Service c:\windows\system32svp.exe[414964844f4793acb868d057e8ed997e][132608] Service c:\windows\system32\scardsvr.exe[8866078139c403a28cb4cb460ca6dc90][100352] Service c:\windows\system32\services.exe[63dcde1a0d86eeb8924d6738ff616ead][108544] Service c:\windows\system32\sessmgr.exe[f35a23e5b6413f93ccca0d05d00183fb][142336] Service c:\windows\system32\smlogsvc.exe[0faad412d36e668260a6d5699875d534][93184] Service c:\windows\system32\spoolsv.exe[da81ec57acd4cdc3d4c51cf3d409af9f][57856] Service c:\windows\system32\svchost.exe [2979b03d5382a602623c0535b16ab9c0][14336] Service c:\windows\system32	lntsvr.exe[d244322be1a7c8ad252ec5397ea6d296][75264] Service c:\windows\system32\ups.exe[394c9b28c1a97e1ae0421be88ddac102][18432] Service c:\windows\system32\vssvc.exe[ce38755ff8c161a66e45fc0c10cdee87][295424] Service c:\windows\system32\wbem\wmiapsrv.exe[93a3fc4cf42587a7ab54788f19b9259c][126464] Startup c:\documents and settings\all users\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84] Startup c:\documents and settings\severine\menu démarrer\programmes\démarrage\desktop.ini[d6a6856702e3f0953e7246a9b4a9fe35][84] System.ini c:\program files\windows live\installer\wlsetupsvc.exe[94a85e956a065e23e0010a6a7826243b][266240]

gen-hackman · Answer

Download Random's System Information Tool (RSIT) from random/random and save the executable to your Desktop.

! Log out and close all running applications !

Double-click on " RSIT.exe " to launch it.

-> A first window will open with the title: " Disclaimer of warranty " .

* In front of the option "List files/folders created ..." , choose: 2 months

* then click on " Continue " to start the scan ...

-> let the scan run and do not touch the PC ...

When the scan is finished, two text files will open (probably with Notepad).

Post the content of " log.txt " (the one that appears on the screen), as well as " info.txt " (which you will see in the taskbar), for analysis and wait for further instructions ...

Important: post one report, then the other in the following reply
If you try to post both at once, it may be too long for the forum

( Note: reports will also be saved in this folder -> C:\rsit )

--
®© ----™g3и-н@¢км@и™---- ©®

sev1711 · Answer

Thank you again for your help! I know I'm repeating myself, but it's really nice to be assisted!  The log:  Logfile of random's system information tool 1.06 (written by random/random) Run by Severine at 2009-03-28 09:20:43 Microsoft Windows XP Professional Service Pack 2 System drive C: has 135 GB (86%) free of 156 GB Total RAM: 1023 MB (53% free)  Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:21:04, on 28/03/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal  Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\brss01a.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Documents and Settings\Severine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Severine\Desktop\RSIT.exe C:\Program Files	rend micro\Severine.exe  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Help for Adobe PDF Reader link - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Severine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Search - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menu item: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menu item: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menu item: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/... O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe  -- End of file - 8789 bytes  ======Scheduled tasks folder======  C:\WINDOWS	asks\GoogleUpdateTaskUserS-1-5-21-842925246-1645522239-725345543-1006.job C:\WINDOWS	asks\User_Feed_Synchronization-{EF4ACF9F-871D-4EBF-BB21-77018ECB96A9}.job  ======Registry dump======  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Help for Adobe PDF Reader link - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-08 251504]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-08 657904]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-08 522224]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-08 251504]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "Adobe Photo Downloader"=C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe [2007-08-30 61440] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-13 68856] "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208] "Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120] "Google Update"=C:\Documents and Settings\Severine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-17 133104] "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\GigaTribe\gigatribe.exe"="C:\Program Files\GigaTribe\gigatribe.exe:*:Enabled:gigatribe" "C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SEemoveit.exe"="C:\Program Files\InCode Solutions\RemoveIT Pro v4 - SEemoveit.exe:*:Enabled:removeit"  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"  ======List of files/folders created in the last 2 months======  2009-03-28 09:20:44 ----D---- C:\Program Files	rend micro 2009-03-28 09:20:43 ----D---- C:sit 2009-03-27 16:15:28 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2009-03-27 16:15:14 ----D---- C:\Program Files\SUPERAntiSpyware 2009-03-27 16:15:14 ----D---- C:\Documents and Settings\Severine\Application Data\SUPERAntiSpyware.com 2009-03-27 16:13:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-03-27 15:51:37 ----D---- C:\Program Files\InCode Solutions 2009-03-27 12:38:28 ----A---- C:\WINDOWS
tbtlog.txt 2009-03-27 11:22:40 ----D---- C:\Program Files\Avira 2009-03-27 11:22:40 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-03-27 10:39:47 ----D---- C:\WINDOWSeport 2009-03-27 10:38:23 ----D---- C:\WINDOWS\AU_Backup 2009-03-27 10:38:22 ----A---- C:\WINDOWS\vsapi32.dll 2009-03-27 10:38:22 ----A---- C:\WINDOWS	sc.ini 2009-03-27 10:38:22 ----A---- C:\WINDOWS	sc.exe 2009-03-27 10:38:22 ----A---- C:\WINDOWS\hcextoutput.dll 2009-03-27 10:38:22 ----A---- C:\WINDOWS\BPMNT.dll 2009-03-27 10:37:17 ----A---- C:\WINDOWS\GetServer.ini 2009-03-27 10:37:16 ----D---- C:\WINDOWS\AU_Temp 2009-03-27 10:37:15 ----D---- C:\WINDOWS\AU_Log 2009-03-27 10:37:14 ----A---- C:\xscan.txt 2009-03-27 10:37:12 ----A---- C:\WINDOWS\TMUPDATE.DLL 2009-03-27 10:37:11 ----A---- C:\WINDOWS\UNZIP.DLL 2009-03-27 10:37:11 ----A---- C:\WINDOWS\PATCH.EXE 2009-03-27 08:39:41 ----A---- C:\Program Files\ccsetup218.exe 2009-03-27 08:21:40 ----A---- C:\WINDOWS\system32\javaws.exe 2009-03-27 08:21:40 ----A---- C:\WINDOWS\system32\javaw.exe 2009-03-27 08:21:40 ----A---- C:\WINDOWS\system32\java.exe 2009-03-26 13:37:08 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-26 13:37:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-11 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 12:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-05 08:35:43 ----A---- C:\Program Files\FileZilla_3.2.2.1_win32-setup.exe 2009-02-25 12:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-11 18:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-10 11:56:58 ----D---- C:\Documents and Settings\Severine\Application Data\KompoZer 2009-02-09 09:30:19 ----A---- C:\Program Files\FileZilla_3.2.1_win32-setup.exe 2009-02-01 17:46:25 ----D---- C:\Documents and Settings\Severine\Application Data\TomTom 2009-02-01 17:45:08 ----D---- C:\Program Files\TomTom HOME 2 2009-02-01 17:34:49 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom 2009-02-01 17:33:08 ----D---- C:\Program Files\TomTom HOME  ======List of files/folders modified in the last 2 months======  2009-03-28 09:20:44 ----RD---- C:\Program Files 2009-03-28 09:20:41 ----D---- C:\WINDOWS\Prefetch 2009-03-28 09:19:42 ----D---- C:\WINDOWS\system32 2009-03-28 09:18:45 ----D---- C:\Program Files\Mozilla Firefox 2009-03-28 07:59:38 ----A---- C:\WINDOWS\NeroDigital.ini 2009-03-28 07:41:25 ----D---- C:\WINDOWS\Temp 2009-03-28 07:39:26 ----D---- C:\WINDOWS 2009-03-27 19:33:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-27 19:31:31 ----SHD---- C:\RECYCLER 2009-03-27 19:31:31 ----D---- C:\Documents and Settings 2009-03-27 16:16:48 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-27 16:15:19 ----SHD---- C:\WINDOWS\Installer 2009-03-27 16:13:54 ----D---- C:\Program Files\Common Files 2009-03-27 11:22:42 ----D---- C:\WINDOWS\system32\drivers 2009-03-27 10:39:47 ----D---- C:\WINDOWS\Debug 2009-03-27 10:37:14 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-27 08:40:35 ----D---- C:\Program Files\CCleaner 2009-03-27 08:21:37 ----D---- C:\Program Files\Java 2009-03-26 15:36:30 ----D---- C:\Multimedia Files 2009-03-26 14:54:03 ----D---- C:\Documents and Settings\Severine\Application Data\Adobe 2009-03-26 14:34:07 ----D---- C:\Documents and Settings\Severine\Application Data\FileZilla 2009-03-26 14:29:57 ----D---- C:\Program Files\FileZilla FTP Client 2009-03-23 10:25:28 ----SD---- C:\Documents and Settings\Severine\Application Data\Microsoft 2009-03-19 11:48:26 ----HD---- C:\WINDOWS\inf 2009-03-19 11:45:57 ----N---- C:\WINDOWS\system.ini 2009-03-11 12:01:18 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-11 07:08:09 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-09 05:19:08 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-03-07 07:21:00 ----D---- C:\WINDOWS\Fonts 2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-11 18:17:52 ----D---- C:\Program Files\Internet Explorer 2009-02-11 18:17:41 ----D---- C:\WINDOWS\ie7updates 2009-02-10 15:01:13 ----SD---- C:\WINDOWS\Tasks 2009-02-02 08:54:19 ----HD---- C:\Program Files\InstallShield Installation Information 2009-01-31 08:56:52 ----D---- C:\Program Files\Common Files\Adobe 2009-01-31 08:56:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-01-31 08:56:26 ----D---- C:\Program Files\Adobe  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======  R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R3 Arp1394;Client protocol

sev1711 · Answer

info.txt logfile of random's system information tool 1.06 2009-03-28 09:21:05  ======Uninstall list======  -->"C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA} -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\Program Files\Nero\Nero 7
ero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNRecode.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-aware 6 Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Photoshop Lightroom-->MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A} Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe" FLAC codecs-->C:\Program Files\illiminable\oggcodecs\uninst.exe Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall Grand Master Chess OnLine-->C:\Program Files\Alawar\GMChess\uninstal.exe HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x040c J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} LimeWire PRO 4.9.9-->"C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 7 Ultra Edition-->MsiExec.exe /I{6DA410C9-D7DA-4372-9FBC-7ED132E51036} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} RemoveIT Pro v4 - SE-->C:\PROGRA~1\INCODE~1\REMOVE~1\UNWISE.EXE C:\PROGRA~1\INCODE~1\REMOVE~1\INSTALL.LOG Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Spybot - Search & Destroy-->C:\Program Files\Spybot - Search & Destroy\unins000.exe SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TomTom HOME 2.5.2.60-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} Vista Codec Package-->MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99} Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

gen-hackman · Answer

Hi, don't worry Severine, everything is fine, we're almost done:  Download HostXpert to your Desktop:  ---> Extract it (Right-click >> Extract here)  ---> Double-click on HostsXpert to launch it  ---> Click on the "Restore MS Hosts File" button and then close the program  PS: Before clicking on the "Restore MS Hosts File" button, make sure the lock icon in the top left is open; otherwise, you will get an error message.  If it's closed, click on it :)  Delete HostXpert  then:  You should remove the installers lying around in Program Files (Filezilla, there are two or three :))  then:  Uninstall Ad-Aware, it is unnecessary at this time (outdated)  then:  ---> Disable your antivirus while performing this operation as OTMoveIt3 is mistakenly detected as an infection.  ---> Download OTMoveIt3 (OldTimer) to your Desktop:  ---> Double-click on OTMoveIt3.exe to launch it.  ---> Copy (Ctrl+C) the following text below:      :processes explorer.exe  :reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=- "Adobe Reader Speed Launcher"=- "SunJavaUpdateSched"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "swg"=- "MsnMsgr"=- "TomTomHOME.exe"=-    :commands [purity] [emptytemp] [start explorer] [reboot]      ---> Paste (Ctrl+V) the text you previously copied into the Paste Instructions for Items to be Moved box.  ---> Now click the MoveIt! button and then close OTMoveIt3.  If a file or folder cannot be deleted immediately, the software will ask you to restart. Accept by clicking YES.  ---> Post the report located in this folder: C:\_OTMoveIt\MovedFiles\ The report name corresponds to the time of its creation: date_time.log  then:  Once all this is done, I think we can clean up :) --      &#174;&#169; ----&#8482g3&#1080;-&#1085;@¢&#1082;&#1084;@&#1080;&#8482---- &#169;&#174;

sev1711 · Answer

Here is the report, I also removed everything you advised me :)  ========== PROCESSES ========== Process explorer.exe killed successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NeroFilterCheck deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adobe Reader Speed Launcher deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\swg deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MsnMsgr deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\TomTomHOME.exe deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Severine\LOCALS~1\Temp\etilqs_R0gIlav0lAb3tmUJxlft scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Severine\LOCALS~1\Temp\~DF2137.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Severine\LOCALS~1\Temp\~DF214B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Severine\LOCALS~1\Temp\~DFD01E.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Severine\LOCALS~1\Temp\~DFD039.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_7bc.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully  OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03282009_104050  Files moved on Reboot... File C:\DOCUME~1\Severine\LOCALS~1\Temp\etilqs_R0gIlav0lAb3tmUJxlft not found! File C:\DOCUME~1\Severine\LOCALS~1\Temp\~DF2137.tmp not found! File C:\DOCUME~1\Severine\LOCALS~1\Temp\~DF214B.tmp not found! File C:\DOCUME~1\Severine\LOCALS~1\Temp\~DFD01E.tmp not found! File C:\DOCUME~1\Severine\LOCALS~1\Temp\~DFD039.tmp not found! File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File C:\WINDOWS	emp\Perflib_Perfdata_7bc.dat not found! C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Severine\Local Settings\Application Data\Mozilla\Firefox\Profiles\w62i0ojz.default\XUL.mfl moved successfully.

gen-hackman · Answer

ok your startup will be faster than before now ... moreover, we will gain even more: Download: ATF Cleaner by Atribune Double-click ATF-Cleaner.exe to launch the program. In the Main tab, choose: Select All Click the Empty Selected button If you are using the Firefox browser: Click Firefox at the top and choose: Select All Click the Empty Selected button NOTE: If you want to keep your saved passwords, click No at the prompt. If you are using the Opera browser: Click Opera at the top and choose: Select All Click the Empty Selected button NOTE: If you want to keep your saved passwords, click No at the prompt. Click Exit in the main menu to close the program. For technical support, double-click the email address located at the bottom of each menu. __________________________________________________ ---> Download ToolCleaner2 to your Desktop. * Double-click ToolsCleaner2.exe to launch it. * Click on Search and let the scan run. * Click on Delete to finish. * You can, if you wish, use the Optional Features. * Click on Exit to obtain the report. * Post the report (TCleaner.txt) found at the root of your hard drive (C:\). _________________________________________________ manually delete toolscleaner2 ________________________________________________ ---> Download and install CCleaner (Do not install the Yahoo Toolbar): * Launch it. Go to Options then Advanced and uncheck the box Clear only files etc.... * Go to Cleaner, choose Analyze. Once done, start the cleaning. * Then choose Registry, then Search for issues. Once completed, fix all the issues as many times as it finds during the scan (Backup the registry). * Make sure in the options the setting is at Windows startup and set to "secure deletion" 35 passes (guttman) __________________________________________________ Attention: do not touch the PC while it is working! B-Cleaning and Defragmentation of your Disks *Cleaning: Right-click on "My Computer" ==>"Open" ==>right-click on drive C ==>Properties ==>tab "General" Click on the "Disk Cleanup" button, OK you do this for each of your drives ________________________________________________ *Error checking: Right-click on "My Computer" ==>"Open" ==>right-click on drive C ==>Properties ==>tab "Tools" "Check Now", a box opens, check the boxes: -Automatically fix file system errors... -Scan for and attempt recovery of bad sectors... --->Start, OK Note: if it tells you to restart your PC to do this, restart and let it run, it takes some time, that's normal you do this for each of your drives ________________________________________________ then still in the same tab you choose: *Defragmentation: "Defragment now", OK a box opens, select the disk to defragment, and click on "Analyze", then after the analysis, "Defragment". OK you do this for each of your drives _______________________________________________ Note: if you have a defragmentation utility, use it instead to do this Defraggler is suggested: _________________________________________________ > Can you check Java Console? : , and install the new version if necessary (in that case uninstall the old version first). For info or in case of problem: Tutorial here's how to uninstall: JavaRa Extract the file to the Desktop (Right-click > Extract All). * Double-click on the JavaRa folder. * Then double-click on the file JavaRa.exe (the exe may not be displayed). * Choose French and then click on Select. * Click on Check for updates. * Select Update via jucheck.exe then click on Search. * Allow the process to connect if it asks, click on Install and follow the installation instructions which take a few minutes. * The installation is finished, go back to the JavaRa screen and click on Delete old versions. * Click Yes to confirm. Let it work and then click OK, then a second time on OK. * A report will open. Post it in your next response. * Close the application. Note: the report is also found in C:\ under the name JavaRa.log. _________________________________________________ > Update Adobe Reader if not (uninstall before the previous version) __________________________________________________ > You can also empty your recycle bin, although CCleaner does it automatically _____________________________________________________ > If we used MalwareByte's Anti-Malware: empty its quarantine. - Launch the program then click on . - Select all items then click on . - Exit the program. ______________________________________________________ >if you installed Antivir: Antivir Configuration (Thanks to Nico): Right-click on its icon in the taskbar and select Configure Antivir. check the box: Expert Mode. => Click on Scanner in the left pane: > In "Files" select All files. > In search procedure, check Allow halt, and in "scanner priority" select High. > In "Other settings" check all boxes. DO NOT FORGET TO CHECK FOR ROOTKIT DETECTION WHICH IS VERY IMPORTANT! => Click on "Search" in the left pane and apply the same settings as before. => Expand "Search" by clicking on the +. Click on "Heuristic": > Check "MacroVirus Heuristic" and "Win32 file Heuristic" with HIGH identification degree! => In the left pane, expand "Guard" then expand "Search": > Check "MacroVirus Heuristic" and "Win32 file Heuristic" with HIGH identification degree! ________________________________________________________ > Do the same for your antivirus: empty its quarantine if not done already ______________________________________________________ > Disable and re-enable system restore, for that: follow the instructions in the link: Link XP Link Vista ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Some advice and recommendations for the future: > Run MalwareByte's Anti-Malware from time to time (once a week, depending on how you use your PC). - Also use your other protection software (antivirus scans, antispywares...). Don’t forget to update them before using them. - Also consider defragmenting your hard drives from time to time (keep enough space on C:\ (1/3 free to be comfortable)) _____________ > To properly protect your PC: [1 Antivirus] + [1 Firewall (/!\ routers and boxes have one)] + [A good Antispyware with immunization] + [Recent Windows and Protection Software Updates] + [Using Firefox -or others- (Internet Explorer has security flaws that take a long time to fix but you must keep it for Windows updates and Windows live Messenger)] PS: In fact the best protection is you: what you do with your PC: where you surf, download... etc.... Viruses exploit the vulnerabilities of your PC to infect a system in the wish to uninstall one antivirus in favor of another, here are some links: Uninstall Antivir Uninstall Avast Uninstall BitDefender Uninstall Norton Uninstall Kaspersky Uninstall AVG or all in one: Antivirus, Firewall, Antispyware Uninstallation _____________ >useful link >SpywareBlaster = small software that blocks the installation of harmful ActiveX to the PC. (Works in the background) ____________ If you have Vista do not forget to reactivate User Account Control (UAC) ___________ If you have Spybot S&D and we disabled the "Tea-timer" you can reactivate it ____________ There you go, Happy reading, see you soon, once all this is done you can mark the topic as resolved Gen-hackman -- ®© ----™g3и-н@¢ки™---- ©®

sev1711 · Answer

I'm already posting the ToolsCleaner report  [ ToolsCleaner report version 2.3.2 (by A.Rothstein & dj QUIOU) ]  -->- Search:  C:\_OtMoveIt: found! C:\Rsit: found! C:\Documents and Settings\Severine\Desktop\OTMoveIt3.exe: found! C:\Documents and Settings\Severine\Desktop\Rsit.exe: found! C:\Program Files	rend micro\HijackThis.exe: found! C:\Program Files	rend micro\hijackthis.log: found!  --------------------------------- -->- Deletion:  C:\Program Files	rend micro\HijackThis.exe: deleted! C:\Documents and Settings\Severine\Desktop\OTMoveIt3.exe: deleted! C:\Documents and Settings\Severine\Desktop\Rsit.exe: deleted! C:\Program Files	rend micro\hijackthis.log: deleted! C:\_OtMoveIt: deleted! C:\Rsit: deleted!  Temporary files cleaned!

gen-hackman · Answer

Hello, all good :) --      &#174;&#169; ----&#8482g3&#1080;-&#1085;@¢&#1082;&#1080;@&#8482---- &#169;&#174;

gen-hackman · Answer

no nothing to do just that the installers have nothing to do in program Files that’s all :)  follow what I asked you please otherwise to keep track it's less obvious already that it's rush hour and we have to satisfy everyone !!  HAHA   :) -- G3&#1080;-&#1085;@¢&#1082;&#1084;@&#1080;&#8482;&#169;&#174;

charlotte39 · Answer

Hello,  I have it in the script of my blog.  Do you have any help to offer? I haven't received a response so far. Thank you

sev1711 · Answer

Thanks again for all the help and I haven't had the time to finish everything yet ;)  However, I found out where this little script blocking issue was coming from (by Avast, actually) a simple WordPress update was all it took for everything to work for everyone...

gen-hackman · Answer

uowis · Answer

Can you tell me which antivirus you managed to use to remove the trojan?

uowis · Answer

The mistake is looking for the Trojan on the PC when the site was put online with another one... How to disinfect files online, that's the right question I think...

Djukbox · Answer

Good evening,  I had the same problem, and I thought it was coming from Avast... But check this out: https://www.wjunction.com/install/index.php?upgrade/  It is indeed a Trojan!

Trojan JS:ScriptPE-inf [Trj] on site

30 answers

Windows 11 microphone issue

My printer won't connect to my pc anymore

No sound on my pc

File with some lines merged and others not

System restore from bootable windows 11 usb drive

Notice use techfive dxf00800

Asus vivobook pc won’t boot anymore, need help

Troubleshooting windows 10 pro installation on lenovo

Excel calendar stuck on dates 1900

Transferring photos from my smartphone to my computer