Trojan Win32 générique
Solved
yelena94
Posted messages
29
Status
Member
-
yelena94 Posted messages 29 Status Member -
yelena94 Posted messages 29 Status Member -
Hello,
Today, while doing a full scan of my computer with the Firewall antivirus, the analysis assistant told me that I have 3 viruses, all 3 are trojanWin32 generic.
The Orange antivirus apparently cannot remove them, unless it's a mistake on my part.
How can I remove them all?
Thank youuu :)
Today, while doing a full scan of my computer with the Firewall antivirus, the analysis assistant told me that I have 3 viruses, all 3 are trojanWin32 generic.
The Orange antivirus apparently cannot remove them, unless it's a mistake on my part.
How can I remove them all?
Thank youuu :)
Configuration: Windows Vista Safari 532.0
25 answers
- 1
- 2
Next
Change your antivirus as quickly as possible. But first, go take a look here http://www.bitdefender.com/scan_fr/scan8/ie.html
yelena94
Posted messages
29
Status
Member
this antivirus is useless? (firewall)
Good evening,
To see this:
Download RSIT (from random/random) to the desktop:
- Double click on RSIT.exe that is on the desktop
- Click on "Continue" in the window
- RSIT will download HijackThis if it is not present or detected, then you will need to accept the license
- Post the content of log.txt plus info.txt (minimized in the taskbar) at the end of the analysis.
The reports are in the folder here C:\rsit
a+
--
If that's your only problem ..°!°... be happy °!².....
To see this:
Download RSIT (from random/random) to the desktop:
- Double click on RSIT.exe that is on the desktop
- Click on "Continue" in the window
- RSIT will download HijackThis if it is not present or detected, then you will need to accept the license
- Post the content of log.txt plus info.txt (minimized in the taskbar) at the end of the analysis.
The reports are in the folder here C:\rsit
a+
--
If that's your only problem ..°!°... be happy °!².....
https://forums.commentcamarche.net/forum/affich-15327222-pc-tres-lent-urgent#12
Enjoy yourself archet9
Enjoy yourself archet9
Good evening,
@ papis6, let achet9 handle it.
@ yelena94, do what artchet9 tells you, you'll see it will be fine :-)
Uh ...
firewall ---> https://en.wikipedia.org/wiki/Firewall_(computing)
++
--
¿« H€Ļρέя мĄ$к »? ™
@ papis6, let achet9 handle it.
@ yelena94, do what artchet9 tells you, you'll see it will be fine :-)
Uh ...
firewall ---> https://en.wikipedia.org/wiki/Firewall_(computing)
++
--
¿« H€Ļρέя мĄ$к »? ™
https://forums.commentcamarche.net/forum/affich-15327515-trojan-win32-generic#1
--
If that's your only problem..°!°... be happy °!².....
--
If that's your only problem..°!°... be happy °!².....
I think I need to send you the report ^^
The first one:
info.txt logfile of random's system information tool 1.06 2009-11-23 21:49:20
======Uninstall list======
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer OrbiCam -->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x040c -removeonly
Acer OrbiCam-->Rundll32.exe BisonR07.dll,WinMainRmv
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AdVantage (Powering Lphant)-->"C:\Program Files\AdVantage\AdVUninst.exe" /r LPNT /d "AdVantage (Powering Lphant)" /m "AdVantage is safe advertising software that supports Lphant.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for Lphant?"
AntiVirus Firewall-->"C:\Program Files\Orange\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Windows Live Connection Assistant-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon PhotoRecord-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
HP Memories Disk-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Favorite-->c:\users\martins\appdata\local\deedaja.bat
Gimp Pack Mode 2.6.2-->"C:\Program Files\Gimp Pack Mode\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.33\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrSUN32z.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photo and Imaging 2.1 - Scanjet 36X0 Series-->MsiExec.exe /I{49CE65E4-9EE2-4F29-8768-58DD1E45D09C}
HP Scanjet 2400 and 3600 series 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}\setup\hpzscr01.exe -datfile hpgscr24.dat
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Windows Live Installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Installation-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LaCie Backup Software v1.7.2893-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Make a Movie-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{70C002F0-5308-42D8-A65A-91436B90255C}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
Microsoft .NET Framework 3.5 SP1 Language Pack - fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.0-->"C:\Program Files\Navilog1\unins000.exe"
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OOBOX SynchroBox data 2.0-->C:\Program Files\OOBOX\Music\iTuner\uninst.exe
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Orange Voice Mail Plugin 888-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
Google Updater Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Windows Live Download Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Presto! VideoWorks 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{594CC15E-B32D-11D5-9293-0050BA073EEC}\setup.exe" -l0x40c
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recherche_France Toolbar-->C:\PROGRA~1\RECHER~1\UNWISE.EXE /U C:\PROGRA~1\RECHER~1\INSTALL.LOG
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shareware.Pro-FR Toolbar-->C:\PROGRA~1\SHAREW~1.PRO\UNWISE.EXE /U C:\PROGRA~1\SHAREW~1.PRO\INSTALL.LOG
Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Synthesia (remove only)-->"C:\Program Files\Synthesia\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Yahoo! Toolbar with popup blocker-->C:\PROGRA~1\Yahoo!\common\unyt.exe
======Security center information======
FW: AntiVirus Firewall 7.00
AS: Windows Defender
======System event log======
Computer Name: PC-de-MARTINS
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{038C9ADD-C9F6-4851-98D5-A10AD874D366} because another computer on the network has the same name. The server could not start.
Record Number: 206498
Source Name: Server
Time Written: 20091123165806.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 1003
Message:
Record Number: 206507
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091123170137.000000-000
Event Type: Warning
User:
Computer Name: PC-de-MARTINS
Event Code: 1002
Message: The lease for IP address 78.251.145.103 for the network card with network address 00197DCB2E0D has been denied by DHCP server 192.168.1.1 (it sent a DHCPNACK message).
Record Number: 206508
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091123170137.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 3004
Message: The Windows Defender real-time protection agent detected changes. Microsoft recommends you scan the software responsible for these changes for potential risks. You can use information related to the operation of these programs to allow or disallow their execution, or to remove them from the computer. Only allow changes if you trust the program or the software publisher. Windows Defender cannot undo changes you allow.
For more information, see the following data:
Not applicable
Scan ID: {4F8627AD-C14F-44CB-AD52-5B89795F86BB}
User: PC-de-MARTINS\MARTINS
Name: Unknown
ID:
Severity ID:
Category ID:
Path found: process:pid:4256;service:F-Secure BlackLight Sensor;file:C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe
Alert type: Unclassified software
Detection type:
Record Number: 206513
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20091123172215.000000-000
Event Type: Warning
User:
Computer Name: PC-de-MARTINS
Event Code: 4228
Message: TCP/IP has chosen to restrict the scaling factor due to a network condition. This may be related to a network device problem and will cause a degradation in throughput.
Record Number: 206523
Source Name: Tcpip
Time Written: 20091123200717.276145-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 2 2009-11-23 19:52:57+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\ORANGE\ANTIVIRUSFIREWALL\FSAUA\SUBSCRIPTIONS\AVH_SCDB31 was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41457
Source Name: F-Secure Anti-Virus
Time Written: 20091123185257.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 3 2009-11-23 20:25:52+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7BFDN8V2\MSGRCONFIG[4].ASMX was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41460
Source Name: F-Secure Anti-Virus
Time Written: 20091123192554.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 4 2009-11-23 20:32:48+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\LOCAL\APPLE COMPUTER\SAFARI\HISTORY\SEGMENTS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41461
Source Name: F-Secure Anti-Virus
Time Written: 20091123193249.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 5 2009-11-23 21:20:41+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000157 was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41462
Source Name: F-Secure Anti-Virus
Time Written: 20091123202044.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 6 2009-11-23 21:20:42+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\DESKTOP.INI was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41463
Source Name: F-Secure Anti-Virus
Time Written: 20091123202050.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: PC-de-MARTINS
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 33297
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090213201343.251754-000
Event Type: Audit Success
User:
Computer Name: PC-de-MARTINS
Event Code: 5033
Message: The Windows Firewall driver has started successfully.
Record Number: 33298
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090213201343.416782-000
Event Type: Audit Success
User:
Computer Name: PC-de-MARTINS
Event Code: 5024
Message: The Windows Firewall service started successfully.
Record Number: 33299
Source Name: Microsoft-Windows-Security-Auditing
The first one:
info.txt logfile of random's system information tool 1.06 2009-11-23 21:49:20
======Uninstall list======
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Orange\AntivirusFirewall\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.exe" -uninstall
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Acer Arcade-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x40c -removeonly
Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x40c -removeonly
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x40c -removeonly
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x40c -removeonly
Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x40c -removeonly
Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x40c -removeonly
Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x40c -removeonly
Acer OrbiCam -->C:\Program Files\InstallShield Installation Information\{DD1DED37-2486-4F56-8F89-56AA814003F5}\setup.exe -runfromtemp -l0x040c -removeonly
Acer OrbiCam-->Rundll32.exe BisonR07.dll,WinMainRmv
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x40c -removeonly
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
AdVantage (Powering Lphant)-->"C:\Program Files\AdVantage\AdVUninst.exe" /r LPNT /d "AdVantage (Powering Lphant)" /m "AdVantage is safe advertising software that supports Lphant.\nAdVantage is certified by TRUSTe as a Trusted Download.\n\nAre you sure you want to uninstall AdVantage support for Lphant?"
AntiVirus Firewall-->"C:\Program Files\Orange\AntivirusFirewall\FSGUI\PostInstall.exe" /tUnInstall
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Windows Live Connection Assistant-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI Uninstaller-->C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon PhotoRecord-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities PhotoStitch 3.1-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
HP Memories Disk-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
Favorite-->c:\users\martins\appdata\local\deedaja.bat
Gimp Pack Mode 2.6.2-->"C:\Program Files\Gimp Pack Mode\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.33\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\HXFSETUP.EXE -U -IAcrSUN32z.inf
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photo and Imaging 2.1 - Scanjet 36X0 Series-->MsiExec.exe /I{49CE65E4-9EE2-4F29-8768-58DD1E45D09C}
HP Scanjet 2400 and 3600 series 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\{8F8FA09F-3F77-4640-8C7D-45FA1D817DE7}\setup\hpzscr01.exe -datfile hpgscr24.dat
HP Solution Center 9.0-->C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Windows Live Installation-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Installation-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
LaCie Backup Software v1.7.2893-->MsiExec.exe /I{5967A03E-3B74-4DF1-B591-2D89CA26BDC9}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Make a Movie-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{70C002F0-5308-42D8-A65A-91436B90255C}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MobileMe Control Panel-->MsiExec.exe /I{C7EEC93A-2A61-4B1E-B696-A264680A889D}
Microsoft .NET Framework 3.5 SP1 Language Pack - fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.0-->"C:\Program Files\Navilog1\unins000.exe"
Norton Security Scan-->C:\Program Files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{67ADE9AF-5CD9-4089-8825-55DE4B366799}\setup.exe" -removeonly
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
OOBOX SynchroBox data 2.0-->C:\Program Files\OOBOX\Music\iTuner\uninst.exe
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Orange Voice Mail Plugin 888-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16E79B1D-D1C2-4CA6-8B23-F4D890E0DCB9}\Setup.exe" -l0x40c --AddRemove
Google Updater Tool-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Windows Live Download Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Presto! VideoWorks 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{594CC15E-B32D-11D5-9293-0050BA073EEC}\setup.exe" -l0x40c
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recherche_France Toolbar-->C:\PROGRA~1\RECHER~1\UNWISE.EXE /U C:\PROGRA~1\RECHER~1\INSTALL.LOG
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shareware.Pro-FR Toolbar-->C:\PROGRA~1\SHAREW~1.PRO\UNWISE.EXE /U C:\PROGRA~1\SHAREW~1.PRO\INSTALL.LOG
Shockwave-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\INSTALL.LOG
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Synthesia (remove only)-->"C:\Program Files\Synthesia\uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
Yahoo! Toolbar with popup blocker-->C:\PROGRA~1\Yahoo!\common\unyt.exe
======Security center information======
FW: AntiVirus Firewall 7.00
AS: Windows Defender
======System event log======
Computer Name: PC-de-MARTINS
Event Code: 2505
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{038C9ADD-C9F6-4851-98D5-A10AD874D366} because another computer on the network has the same name. The server could not start.
Record Number: 206498
Source Name: Server
Time Written: 20091123165806.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 1003
Message:
Record Number: 206507
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091123170137.000000-000
Event Type: Warning
User:
Computer Name: PC-de-MARTINS
Event Code: 1002
Message: The lease for IP address 78.251.145.103 for the network card with network address 00197DCB2E0D has been denied by DHCP server 192.168.1.1 (it sent a DHCPNACK message).
Record Number: 206508
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091123170137.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 3004
Message: The Windows Defender real-time protection agent detected changes. Microsoft recommends you scan the software responsible for these changes for potential risks. You can use information related to the operation of these programs to allow or disallow their execution, or to remove them from the computer. Only allow changes if you trust the program or the software publisher. Windows Defender cannot undo changes you allow.
For more information, see the following data:
Not applicable
Scan ID: {4F8627AD-C14F-44CB-AD52-5B89795F86BB}
User: PC-de-MARTINS\MARTINS
Name: Unknown
ID:
Severity ID:
Category ID:
Path found: process:pid:4256;service:F-Secure BlackLight Sensor;file:C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe
Alert type: Unclassified software
Detection type:
Record Number: 206513
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20091123172215.000000-000
Event Type: Warning
User:
Computer Name: PC-de-MARTINS
Event Code: 4228
Message: TCP/IP has chosen to restrict the scaling factor due to a network condition. This may be related to a network device problem and will cause a degradation in throughput.
Record Number: 206523
Source Name: Tcpip
Time Written: 20091123200717.276145-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 2 2009-11-23 19:52:57+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\ORANGE\ANTIVIRUSFIREWALL\FSAUA\SUBSCRIPTIONS\AVH_SCDB31 was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41457
Source Name: F-Secure Anti-Virus
Time Written: 20091123185257.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 3 2009-11-23 20:25:52+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\7BFDN8V2\MSGRCONFIG[4].ASMX was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41460
Source Name: F-Secure Anti-Virus
Time Written: 20091123192554.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 4 2009-11-23 20:32:48+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\LOCAL\APPLE COMPUTER\SAFARI\HISTORY\SEGMENTS was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41461
Source Name: F-Secure Anti-Virus
Time Written: 20091123193249.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 5 2009-11-23 21:20:41+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000157 was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41462
Source Name: F-Secure Anti-Virus
Time Written: 20091123202044.000000-000
Event Type: Error
User:
Computer Name: PC-de-MARTINS
Event Code: 103
Message: 6 2009-11-23 21:20:42+02:00 pc-de-martins PC-de-MARTINS\MARTINS F-Secure Anti-Virus
Scanning of \DEVICE\HARDDISKVOLUME2\USERS\MARTINS\APPDATA\ROAMING\MICROSOFT\WINDOWS\RECENT\DESKTOP.INI was aborted due to exceeded scanning time limit. The file may be in use or reading it was too slow (e.g. network connection was under stress).
Record Number: 41463
Source Name: F-Secure Anti-Virus
Time Written: 20091123202050.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: PC-de-MARTINS
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 33297
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090213201343.251754-000
Event Type: Audit Success
User:
Computer Name: PC-de-MARTINS
Event Code: 5033
Message: The Windows Firewall driver has started successfully.
Record Number: 33298
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090213201343.416782-000
Event Type: Audit Success
User:
Computer Name: PC-de-MARTINS
Event Code: 5024
Message: The Windows Firewall service started successfully.
Record Number: 33299
Source Name: Microsoft-Windows-Security-Auditing
Et le 2nd :
Logfile of random's system information tool 1.06 (written by random/random)
Run by MARTINS at 2009-11-23 21:45:02
Microsoft® Windows Vista™ Home Basic Edition Service Pack 1
System drive C: has 18 GB (34%) free of 53 GB
Total RAM: 1469 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:51, on 23/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\conime.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsavgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\MARTINS\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\MARTINS.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
R3 - URLSearchHook: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRech.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRech.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRech.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Update Service (gupdate1c9eac6a3be21d2) (gupdate1c9eac6a3be21d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12410 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for MARTINS.job
C:\Windows\tasks\Scheduled scanning task.job
C:\Windows\tasks\User_Feed_Synchronization-{D437F895-2AD3-4935-8286-4EF85423D5D2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
Shareware.Pro-FR Toolbar - C:\Program Files\Shareware.Pro-FR\tbShar.dll [2009-02-16 1882136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-16 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-16 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}]
Recherche France Toolbar - C:\Program Files\Recherche_France\tbRech.dll [2009-05-20 2085400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-19 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-01-02 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar with pop-up blocker - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{280b5d37-4a76-467a-b3d6-942fca90acde} - Shareware.Pro-FR Toolbar - C:\Program Files\Shareware.Pro-FR\tbShar.dll [2009-02-16 1882136]
{d5b75883-e809-4120-bfeb-8d707d5dfbe3} - Recherche France Toolbar - C:\Program Files\Recherche_France\tbRech.dll [2009-05-20 2085400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-01-02 464168]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-01-09 151552]
"Acer Tour"= []
"SetPanel"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-14 151552]
"F-Secure Manager"=C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE [2007-06-13 176177]
"F-Secure TNB"=C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe [2007-06-13 733184]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-19 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Acer Tour Reminder"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-17 39408]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\MARTINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-11-23 21:45:02 ----D---- C:\rsit
2009-11-22 19:38:12 ----D---- C:\Program Files\Guitar Pro 5
2009-11-22 19:32:20 ----D---- C:\ProgramData\WinZip
2009-11-22 19:31:38 ----D---- C:\Program Files\WinZip
2009-11-20 21:43:09 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-06 21:39:28 ----A---- C:\Windows\system32\mshtml.dll
2009-10-29 21:21:32 ----A---- C:\Windows\system32\wmp.dll
2009-10-29 21:21:17 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-29 21:20:45 ----A---- C:\Windows\system32\wmploc.DLL
======List of files/folders modified in the last 1 months======
2009-11-23 21:48:47 ----D---- C:\Program Files\Trend Micro
2009-11-23 21:47:58 ----D---- C:\Windows\Prefetch
2009-11-23 21:46:25 ----D---- C:\Windows\Temp
Logfile of random's system information tool 1.06 (written by random/random)
Run by MARTINS at 2009-11-23 21:45:02
Microsoft® Windows Vista™ Home Basic Edition Service Pack 1
System drive C: has 18 GB (34%) free of 53 GB
Total RAM: 1469 MB (30% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:51, on 23/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\conime.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsavgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Guitar Pro 5\GP5.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\MARTINS\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\MARTINS.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2297721
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
R3 - URLSearchHook: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRech.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Assistant Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRech.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar with pop-up blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {280b5d37-4a76-467a-b3d6-942fca90acde} - C:\Program Files\Shareware.Pro-FR\tbShar.dll
O3 - Toolbar: Recherche France Toolbar - {d5b75883-e809-4120-bfeb-8d707d5dfbe3} - C:\Program Files\Recherche_France\tbRech.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Update Service (gupdate1c9eac6a3be21d2) (gupdate1c9eac6a3be21d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12410 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for MARTINS.job
C:\Windows\tasks\Scheduled scanning task.job
C:\Windows\tasks\User_Feed_Synchronization-{D437F895-2AD3-4935-8286-4EF85423D5D2}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{280b5d37-4a76-467a-b3d6-942fca90acde}]
Shareware.Pro-FR Toolbar - C:\Program Files\Shareware.Pro-FR\tbShar.dll [2009-02-16 1882136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Assistant Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-16 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-16 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5b75883-e809-4120-bfeb-8d707d5dfbe3}]
Recherche France Toolbar - C:\Program Files\Recherche_France\tbRech.dll [2009-05-20 2085400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-19 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-01-02 151552]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar with pop-up blocker - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{280b5d37-4a76-467a-b3d6-942fca90acde} - Shareware.Pro-FR Toolbar - C:\Program Files\Shareware.Pro-FR\tbShar.dll [2009-02-16 1882136]
{d5b75883-e809-4120-bfeb-8d707d5dfbe3} - Recherche France Toolbar - C:\Program Files\Recherche_France\tbRech.dll [2009-05-20 2085400]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-16 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-01-02 464168]
"PCMService"=C:\Program Files\Acer\Acer Arcade\PCMService.exe [2007-01-09 151552]
"Acer Tour"= []
"SetPanel"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-12-08 614400]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"eRecoveryService"= []
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-01-14 151552]
"F-Secure Manager"=C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE [2007-06-13 176177]
"F-Secure TNB"=C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe [2007-06-13 733184]
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-06 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-19 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Acer Tour Reminder"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-17 39408]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"LaCie Backup"=C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\MARTINS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="eNetHook.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-11-23 21:45:02 ----D---- C:\rsit
2009-11-22 19:38:12 ----D---- C:\Program Files\Guitar Pro 5
2009-11-22 19:32:20 ----D---- C:\ProgramData\WinZip
2009-11-22 19:31:38 ----D---- C:\Program Files\WinZip
2009-11-20 21:43:09 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-06 21:39:28 ----A---- C:\Windows\system32\mshtml.dll
2009-10-29 21:21:32 ----A---- C:\Windows\system32\wmp.dll
2009-10-29 21:21:17 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-29 21:20:45 ----A---- C:\Windows\system32\wmploc.DLL
======List of files/folders modified in the last 1 months======
2009-11-23 21:48:47 ----D---- C:\Program Files\Trend Micro
2009-11-23 21:47:58 ----D---- C:\Windows\Prefetch
2009-11-23 21:46:25 ----D---- C:\Windows\Temp
Re..
I guess you are using F-Secure, Orange's antivirus...
==> First of all:
Let's remove the traces of Symantec (Norton) that remain and slow down your PC with this utility:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
THEN:
Download Toolbar-S&D (Team IDN) to your Desktop.
TOOLbar-s&d
* Run the installation of the program by executing the downloaded file.
* Double-click now on the Toolbar-S&D shortcut.
* Select the desired language by typing the letter of your choice and confirming with the Enter key.
* Now choose option 2 (removal). Wait until the search is complete.
* Post the generated report. (C:\TB.txt)
Then:
Scan with this antispyware:
Malwarebytes + tutorial
Install it; update it...(update tab)
Click now on the search tab and check the box:
"Perform a quick scan".
Then click on "search".
Let it scan the PC...
If elements are found:
> click on remove selected.
If it asks you to restart > click on "yes".
At the end, a report will open; save it in a way that you can find it to post on the forum.
Copy and paste the report please.
See you later
--
If this is your only problem..°!°... be happy °!².....
I guess you are using F-Secure, Orange's antivirus...
==> First of all:
Let's remove the traces of Symantec (Norton) that remain and slow down your PC with this utility:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
THEN:
Download Toolbar-S&D (Team IDN) to your Desktop.
TOOLbar-s&d
* Run the installation of the program by executing the downloaded file.
* Double-click now on the Toolbar-S&D shortcut.
* Select the desired language by typing the letter of your choice and confirming with the Enter key.
* Now choose option 2 (removal). Wait until the search is complete.
* Post the generated report. (C:\TB.txt)
Then:
Scan with this antispyware:
Malwarebytes + tutorial
Install it; update it...(update tab)
Click now on the search tab and check the box:
"Perform a quick scan".
Then click on "search".
Let it scan the PC...
If elements are found:
> click on remove selected.
If it asks you to restart > click on "yes".
At the end, a report will open; save it in a way that you can find it to post on the forum.
Copy and paste the report please.
See you later
--
If this is your only problem..°!°... be happy °!².....
Report from tooblar :
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft® Windows Vista™ Home Basic Edition ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Mobile AMD Sempron(tm) Processor 3500+ )
BIOS : Ver 1.00PARTTBL
USER : MARTINS ( Administrator )
BOOT : Normal boot
Firewall : AntiVirus Firewall 7.00 7.00 (Activated)
C:\ (Local Disk) - NTFS - Total:51 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:51 Go (Free:34 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( LAST UPDATED : 22-08-2009|18:42 )
Option : [2] ( 24/11/2009| 9:41 )
[ UAC => 1 ]
-----------\\ File / Folder Search ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2297721"
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Search for other infections
No other infection found!
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 24/11/2009| 9:45 - Option : [2]
-----------\\ End of report at 9:45:03,13
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft® Windows Vista™ Home Basic Edition ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Mobile AMD Sempron(tm) Processor 3500+ )
BIOS : Ver 1.00PARTTBL
USER : MARTINS ( Administrator )
BOOT : Normal boot
Firewall : AntiVirus Firewall 7.00 7.00 (Activated)
C:\ (Local Disk) - NTFS - Total:51 Go (Free:17 Go)
D:\ (Local Disk) - NTFS - Total:51 Go (Free:34 Go)
E:\ (CD or DVD)
"C:\ToolBar SD" ( LAST UPDATED : 22-08-2009|18:42 )
Option : [2] ( 24/11/2009| 9:41 )
[ UAC => 1 ]
-----------\\ File / Folder Search ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com?SearchSource=10&ctid=CT2297721"
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://fr.yahoo.com/"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Search for other infections
No other infection found!
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 24/11/2009| 9:45 - Option : [2]
-----------\\ End of report at 9:45:03,13
Mam's report:
Malwarebytes' Anti-Malware 1.41
Database version: 3222
Windows 6.0.6001 Service Pack 1
11/24/2009 10:10:03
mbam-log-2009-11-24 (10-10-03).txt
Scan type: Quick scan
Items examined: 92957
Time elapsed: 15 minute(s), 57 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 2
Infected registry value(s): 0
Infected registry data item(s): 0
Infected folder(s): 1
Infected file(s): 1
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected registry key(s):
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Infected registry value(s):
(No harmful items detected)
Infected registry data item(s):
(No harmful items detected)
Infected folder(s):
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
Infected file(s):
C:\Windows\System32\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Database version: 3222
Windows 6.0.6001 Service Pack 1
11/24/2009 10:10:03
mbam-log-2009-11-24 (10-10-03).txt
Scan type: Quick scan
Items examined: 92957
Time elapsed: 15 minute(s), 57 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected registry key(s): 2
Infected registry value(s): 0
Infected registry data item(s): 0
Infected folder(s): 1
Infected file(s): 1
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected registry key(s):
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Infected registry value(s):
(No harmful items detected)
Infected registry data item(s):
(No harmful items detected)
Infected folder(s):
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
Infected file(s):
C:\Windows\System32\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Download GENPROC
http://www.genproc.com/GenProc.exe
Copy and paste the report please...
See you later
--
If this is your only problem..°!°... be happy °!².....
http://www.genproc.com/GenProc.exe
Copy and paste the report please...
See you later
--
If this is your only problem..°!°... be happy °!².....
GenProc Report 2.650 [3] - 11/25/2009 at 4:52:33 PM
@ Windows VISTA Service Pack 1 - Acer - Normal mode
@ Internet Explorer 8.0.6001.18828 [Default browser]
~~ DOWNLOAD FAILURE OF CM ~~
~~ DOWNLOAD FAILURE OF MBR.EXE ~~
~~ DOWNLOAD FAILURE OF HIJACKTHIS ~~
GenProc has detected no characteristic infection and suggests following the procedure below:
Post a NanoScan report https://www.micro-astuce.com/securite/NanoScan-Panda.php
----------------------------------------------------------------------
Official GenProc sites: www.alt-shift-return.org and www.genproc.com
----------------------------------------------------------------------
~~ End at 4:53:58 PM ~~
@ Windows VISTA Service Pack 1 - Acer - Normal mode
@ Internet Explorer 8.0.6001.18828 [Default browser]
~~ DOWNLOAD FAILURE OF CM ~~
~~ DOWNLOAD FAILURE OF MBR.EXE ~~
~~ DOWNLOAD FAILURE OF HIJACKTHIS ~~
GenProc has detected no characteristic infection and suggests following the procedure below:
Post a NanoScan report https://www.micro-astuce.com/securite/NanoScan-Panda.php
----------------------------------------------------------------------
Official GenProc sites: www.alt-shift-return.org and www.genproc.com
----------------------------------------------------------------------
~~ End at 4:53:58 PM ~~
- 1
- 2
Next