Software in Use?
Solved
hellsing59
Posted messages
134
Status
Membre
-
hellsing59 Posted messages 134 Status Membre -
hellsing59 Posted messages 134 Status Membre -
Hello,
I have a problem with my computer (Emachines Portable - Windows Seven ...),
I have a software that activates as soon as I start the computer!
But this software is very annoying because because of it I can only stay 2 minutes on a game or a program because this software makes me exit the application, but I don't know which software it is because for me it is a software since only my mouse (the little icon that shows that the computer is "working") is searching.
So I would like to know if there is anything that allows us to see which software is currently in use?
Thank you in advance
Best regards, Hellsing
Configuration: Windows Seven
Viva Portugal
I have a problem with my computer (Emachines Portable - Windows Seven ...),
I have a software that activates as soon as I start the computer!
But this software is very annoying because because of it I can only stay 2 minutes on a game or a program because this software makes me exit the application, but I don't know which software it is because for me it is a software since only my mouse (the little icon that shows that the computer is "working") is searching.
So I would like to know if there is anything that allows us to see which software is currently in use?
Thank you in advance
Best regards, Hellsing
Configuration: Windows Seven
Viva Portugal
8 réponses
At startup, open the task manager
(right-click on the taskbar)
and check in the processes tab the applications that are running
--
Emooc :)
(right-click on the taskbar)
and check in the processes tab the applications that are running
--
Emooc :)
vieu bison boiteu
Posted messages
44334
Registration date
Status
Contributeur
Last intervention
Ambassadeur
3 591
We're going to check if it's a serious infection (if so, move to Virus/Security)
Download ZHPDiag (by Nicolas Coolman) to your desktop:
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
!! Disconnect and close all your running applications !!
* Double-click on "ZHPDiag.exe" (for Vista/Seven right-click / "run as admin...") to start the installation of the tool and follow the instructions. Do not change the installation settings and make sure to check the box "create a desktop icon" (so you have the shortcuts "ZHPDiag" and "ZHPFix").
* At the end of the installation, keep the box "run ZHPDiag" checked and click on "Finish" > the tool will launch automatically.
* Once ZHPDiag is open, click on the "option" button http://img717.imageshack.us/img717/1774/option.jpg at the top right:
A list appears in the main box > check all lines except for 045 and 061 (important!).
* Click on the "calendar" button http://img444.imageshack.us/img444/1549/calendrierp.jpg at the top right: choose 30 days
* Then click on the "magnifying glass" button http://img10.imageshack.us/img10/998/scanko.jpg (at the top left) to start the scan.
> Let the tool run ...
( This may take a few minutes. If your antivirus gives alerts during the scan, ignore them and do not quarantine anything for now!)
* Once complete, the report obtained (ZHPDiag.txt) is saved on your desktop.
Close the program ...
> To send this report, go to this site: http://www.cijoint.fr/
* Click on "browse" and go to the ZHPDiag.txt report saved on the desktop.
* Then click on "click here to upload the file" and wait ...
* Once the upload is finished, a blue link will appear > copy/paste it into your next response please.... no link on the webpage in English, I'm already flying solo enough
Download ZHPDiag (by Nicolas Coolman) to your desktop:
-> https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
!! Disconnect and close all your running applications !!
* Double-click on "ZHPDiag.exe" (for Vista/Seven right-click / "run as admin...") to start the installation of the tool and follow the instructions. Do not change the installation settings and make sure to check the box "create a desktop icon" (so you have the shortcuts "ZHPDiag" and "ZHPFix").
* At the end of the installation, keep the box "run ZHPDiag" checked and click on "Finish" > the tool will launch automatically.
* Once ZHPDiag is open, click on the "option" button http://img717.imageshack.us/img717/1774/option.jpg at the top right:
A list appears in the main box > check all lines except for 045 and 061 (important!).
* Click on the "calendar" button http://img444.imageshack.us/img444/1549/calendrierp.jpg at the top right: choose 30 days
* Then click on the "magnifying glass" button http://img10.imageshack.us/img10/998/scanko.jpg (at the top left) to start the scan.
> Let the tool run ...
( This may take a few minutes. If your antivirus gives alerts during the scan, ignore them and do not quarantine anything for now!)
* Once complete, the report obtained (ZHPDiag.txt) is saved on your desktop.
Close the program ...
> To send this report, go to this site: http://www.cijoint.fr/
* Click on "browse" and go to the ZHPDiag.txt report saved on the desktop.
* Then click on "click here to upload the file" and wait ...
* Once the upload is finished, a blue link will appear > copy/paste it into your next response please.... no link on the webpage in English, I'm already flying solo enough
Help Me Please :D
Because I do video editing and graphic design, this problem is causing me a lot of trouble :s
Because I do video editing and graphic design, this problem is causing me a lot of trouble :s
Hi hellsing59,
to know the processes launched at startup
http://sd-2.archive-host.com/membres/up/135518691112296573/MDG.bat
download it to your "Desktop", close all applications
and run it, either by double-clicking on it or right-clicking and selecting Run
and post the report
see you+
to know the processes launched at startup
http://sd-2.archive-host.com/membres/up/135518691112296573/MDG.bat
download it to your "Desktop", close all applications
and run it, either by double-clicking on it or right-clicking and selecting Run
and post the report
see you+
Hello again,
Thank you émooc I found the software the software is: win.exe
Then I searched the internet for the errors associated with Win.exe and in a forum, they asked the person to do a scan!
Below is the analysis, I would like to know how to fix my problem?
So I did the scan with BitDefender QuickScan, here are the results:
QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Date of the analysis: Tue Sep 28 23:35:27 2010
Machine ID: D236CF5C
C:\Windows\system32\Wat\WatAdminSvc.exe - scan failed
--> HKLM\System\ControlSet002\services\WatAdminSvc\"ImagePath"
Detection of 3 infected files!
---------------------------------
C:\Users\Allan\AppData\Roaming\Microsoft\svchost.exe --> Backdoor.Generic.448552
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"svchost.exe"
--> Process svchost.exe (2476)
C:\Users\Allan\AppData\Roaming\win.exe --> Backdoor.Generic.360461
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"{9B71D88C-C598-4935-C5D1-43AA4DB90836}"
C:\Users\Allan\AppData\Roaming\lsass.exe --> Trojan.Generic.3913902
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"MSWUpdate"
--> Process lsass.exe (3088)
Process
---------
LimeWire 2344 C:\Program Files\LimeWire\LimeWire.exe
DAEMON Tools Lite 2136 C:\Program Files\DAEMON Tools Lite\DTLite.exe
DivX Update 2096 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Google Chrome 608 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1116 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2324 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3136 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3348 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4204 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5736 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5740 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Intel(R) Common User Interface 2072 C:\Windows\System32\hkcmd.exe
Intel(R) Common User Interface 2080 C:\Windows\System32\igfxpers.exe
Java(TM) Platform SE Auto Updater 2 0 2088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 332 C:\Windows\System32\wuauclt.exe
Nero BackItUp 2104 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
new 2476 C:\Users\Allan\AppData\Roaming\Microsoft\svchost.exe
MSN Gift Notification 2404 C:\Users\Allan\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
RocketDock.exe 2176 C:\Program Files\RocketDock\RocketDock.exe
School Project 3088 C:\Users\Allan\AppData\Roaming\lsass.exe
SMSTray 1828 C:\Program Files\Samsung\EmoDio\SMSTray.exe
Microsoft® Windows® Operating System 2160 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 980 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 976 C:\Windows\System32\dwm.exe
Microsoft® Windows® Operating System 1548 C:\Windows\System32\taskhost.exe
Microsoft® Windows® Operating System 4272 C:\Windows\System32\taskmgr.exe
µTorrent 2120 C:\Program Files\uTorrent\uTorrent.exe
Network Activity
------------------
Process chrome.exe (608) connected on port 80 (HTTP) --> 69.63.190.18
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.220.151.71
Process chrome.exe (608) connected on port 80 (HTTP) --> 209.85.227.100
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.89
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.105
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.105
Process chrome.exe (608) connected on port 80 (HTTP) --> 213.199.186.202
Process chrome.exe (608) connected on port 80 (HTTP) --> 213.199.186.202
Process chrome.exe (608) connected on port 80 (HTTP) --> 91.103.142.194
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.98
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.249.92.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.249.92.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.249.92.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 209.85.229.102
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 443 (HTTP over SSL) --> 209.85.227.95
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 92.123.148.20
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.61.115
Process chrome.exe (608) connected on port 443 (HTTP over SSL) --> 209.85.229.132
Process sidebar.exe (2160) connected on port 80 (HTTP) --> 92.61.160.129
Process LimeWire.exe (2344) connected on port 51885 --> 24.34.14.57
Process LimeWire.exe (2344) connected on port 46019 --> 75.74.239.198
Process LimeWire.exe (2344) connected on port 3063 --> 98.252.204.201
Process uTorrent.exe (2120) listening on ports: 46681
Process LimeWire.exe (2344) listening on ports: 45100, 50258
Critical Files and Autorun
-----------------------------
LimeWire C:\Program Files\LimeWire\LimeWire.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\DTLite.exe
DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Google Update C:\Users\Allan\AppData\Local\Google\Update\GoogleUpdate.exe
Intel(R) Common User Interface C:\Windows\System32\hkcmd.exe
Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
Intel(R) Common User Interface C:\Windows\System32\igfxpers.exe
Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Nero BackItUp C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
new C:\Users\Allan\AppData\Roaming\Microsoft\svchost.exe
MSN Gift Notification C:\Users\Allan\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
RocketDock.exe C:\Program Files\RocketDock\RocketDock.exe
School Project C:\Users\Allan\AppData\Roaming\lsass.exe
SMSTray C:\Program Files\Samsung\EmoDio\SMSTray.exe
Stardock WindowBlinds 7.0 C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
win.exe C:\Users\Allan\AppData\Roaming\win.exe
WindowBlinds 5.x for x86 machines C:\Windows\system32\wbsys.dll
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser Plugins
---------------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.41_0\npqscan.dll
BitDefender QuickScan C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.41_0\npqslauncher.dll
Conduit Toolbar c:\program files\softonic_france\tbsoft.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
EA Battlefield Heroes Updater C:\Windows\Downloaded Program Files\BFHUpdater.dll
EA Battlefield Heroes Updater C:\Windows\Downloaded Program Files\BFHUpdater.exe
Installer Control C:\Windows\Downloaded Program Files\InstallerControl.dll
Java(TM) Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Live ID C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MineSweeper.dll
Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
UNO Messenger C:\Windows\Downloaded Program Files\GAME_UNO1.dll
Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Missing Files
------------------
File not found: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
--> HLKM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\"Path"
File not found: C:\Users\Allan\AppData\Local\Temp\IXP000.TMP\CRYPTE~1.EXE
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"WinUpdate"
File not found: C:\install\svchost.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"HKCU"
Analysis
-------
No files uploaded to the server.
Analysis completed - the communication lasted 2 seconds
Total traffic - 0.04 Mo sent, 0.81 Ko received
988 files and modules analyzed - 90 seconds
==============================================================================
Thank you émooc I found the software the software is: win.exe
Then I searched the internet for the errors associated with Win.exe and in a forum, they asked the person to do a scan!
Below is the analysis, I would like to know how to fix my problem?
So I did the scan with BitDefender QuickScan, here are the results:
QuickScan Beta 32-bit v0.9.9.41
-------------------------------
Date of the analysis: Tue Sep 28 23:35:27 2010
Machine ID: D236CF5C
C:\Windows\system32\Wat\WatAdminSvc.exe - scan failed
--> HKLM\System\ControlSet002\services\WatAdminSvc\"ImagePath"
Detection of 3 infected files!
---------------------------------
C:\Users\Allan\AppData\Roaming\Microsoft\svchost.exe --> Backdoor.Generic.448552
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"svchost.exe"
--> Process svchost.exe (2476)
C:\Users\Allan\AppData\Roaming\win.exe --> Backdoor.Generic.360461
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"{9B71D88C-C598-4935-C5D1-43AA4DB90836}"
C:\Users\Allan\AppData\Roaming\lsass.exe --> Trojan.Generic.3913902
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"MSWUpdate"
--> Process lsass.exe (3088)
Process
---------
LimeWire 2344 C:\Program Files\LimeWire\LimeWire.exe
DAEMON Tools Lite 2136 C:\Program Files\DAEMON Tools Lite\DTLite.exe
DivX Update 2096 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Google Chrome 608 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 1116 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 2324 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3136 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 3348 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 4204 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5736 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Google Chrome 5740 C:\Users\Allan\AppData\Local\Google\Chrome\Application\chrome.exe
Intel(R) Common User Interface 2072 C:\Windows\System32\hkcmd.exe
Intel(R) Common User Interface 2080 C:\Windows\System32\igfxpers.exe
Java(TM) Platform SE Auto Updater 2 0 2088 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 332 C:\Windows\System32\wuauclt.exe
Nero BackItUp 2104 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
new 2476 C:\Users\Allan\AppData\Roaming\Microsoft\svchost.exe
MSN Gift Notification 2404 C:\Users\Allan\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
RocketDock.exe 2176 C:\Program Files\RocketDock\RocketDock.exe
School Project 3088 C:\Users\Allan\AppData\Roaming\lsass.exe
SMSTray 1828 C:\Program Files\Samsung\EmoDio\SMSTray.exe
Microsoft® Windows® Operating System 2160 C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System 980 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 976 C:\Windows\System32\dwm.exe
Microsoft® Windows® Operating System 1548 C:\Windows\System32\taskhost.exe
Microsoft® Windows® Operating System 4272 C:\Windows\System32\taskmgr.exe
µTorrent 2120 C:\Program Files\uTorrent\uTorrent.exe
Network Activity
------------------
Process chrome.exe (608) connected on port 80 (HTTP) --> 69.63.190.18
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.220.151.71
Process chrome.exe (608) connected on port 80 (HTTP) --> 209.85.227.100
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.89
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.105
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.105
Process chrome.exe (608) connected on port 80 (HTTP) --> 213.199.186.202
Process chrome.exe (608) connected on port 80 (HTTP) --> 213.199.186.202
Process chrome.exe (608) connected on port 80 (HTTP) --> 91.103.142.194
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.98
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.249.92.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.249.92.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 66.249.92.104
Process chrome.exe (608) connected on port 80 (HTTP) --> 209.85.229.102
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 443 (HTTP over SSL) --> 209.85.227.95
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.93.88
Process chrome.exe (608) connected on port 80 (HTTP) --> 92.123.148.20
Process chrome.exe (608) connected on port 80 (HTTP) --> 88.221.61.115
Process chrome.exe (608) connected on port 443 (HTTP over SSL) --> 209.85.229.132
Process sidebar.exe (2160) connected on port 80 (HTTP) --> 92.61.160.129
Process LimeWire.exe (2344) connected on port 51885 --> 24.34.14.57
Process LimeWire.exe (2344) connected on port 46019 --> 75.74.239.198
Process LimeWire.exe (2344) connected on port 3063 --> 98.252.204.201
Process uTorrent.exe (2120) listening on ports: 46681
Process LimeWire.exe (2344) listening on ports: 45100, 50258
Critical Files and Autorun
-----------------------------
LimeWire C:\Program Files\LimeWire\LimeWire.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
DAEMON Tools Lite C:\Program Files\DAEMON Tools Lite\DTLite.exe
DivX Update C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Google Update C:\Users\Allan\AppData\Local\Google\Update\GoogleUpdate.exe
Intel(R) Common User Interface C:\Windows\System32\hkcmd.exe
Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
Intel(R) Common User Interface C:\Windows\System32\igfxpers.exe
Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Nero BackItUp C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBCore.exe
new C:\Users\Allan\AppData\Roaming\Microsoft\svchost.exe
MSN Gift Notification C:\Users\Allan\AppData\Roaming\Microsoft\MSN Gift Notification\lsnfier.exe
RocketDock.exe C:\Program Files\RocketDock\RocketDock.exe
School Project C:\Users\Allan\AppData\Roaming\lsass.exe
SMSTray C:\Program Files\Samsung\EmoDio\SMSTray.exe
Stardock WindowBlinds 7.0 C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
win.exe C:\Users\Allan\AppData\Roaming\win.exe
WindowBlinds 5.x for x86 machines C:\Windows\system32\wbsys.dll
Windows Live Messenger C:\Program Files\Windows Live\Messenger\msnmsgr.exe
µTorrent C:\Program Files\uTorrent\uTorrent.exe
Browser Plugins
---------------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.41_0\npqscan.dll
BitDefender QuickScan C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.41_0\npqslauncher.dll
Conduit Toolbar c:\program files\softonic_france\tbsoft.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
EA Battlefield Heroes Updater C:\Windows\Downloaded Program Files\BFHUpdater.dll
EA Battlefield Heroes Updater C:\Windows\Downloaded Program Files\BFHUpdater.exe
Installer Control C:\Windows\Downloaded Program Files\InstallerControl.dll
Java(TM) Platform SE 6 U21 c:\program files\java\jre6\bin\jp2ssv.dll
Java(TM) Platform SE 6 U21 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
Microsoft Search Enhancement Pack c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
Microsoft® Windows Live ID c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® Windows Live ID C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
MSN® Games by Zone.com C:\Windows\Downloaded Program Files\MineSweeper.dll
Nexon Game Controller C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
nppdf32.FRA C:\Program Files\Internet Explorer\plugins\nppdf32.FRA
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll
Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
UNO Messenger C:\Windows\Downloaded Program Files\GAME_UNO1.dll
Windows Live Toolbar c:\program files\windows live\toolbar\wltcore.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\System32\ieframe.dll
Missing Files
------------------
File not found: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
--> HLKM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\"Path"
File not found: C:\Users\Allan\AppData\Local\Temp\IXP000.TMP\CRYPTE~1.EXE
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"WinUpdate"
File not found: C:\install\svchost.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"HKCU"
Analysis
-------
No files uploaded to the server.
Analysis completed - the communication lasted 2 seconds
Total traffic - 0.04 Mo sent, 0.81 Ko received
988 files and modules analyzed - 90 seconds
==============================================================================
1°) Did you run MDG.bat???
for the report
2°) download Malwarebytes' Anti-Malware (to keep and run once a week)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
run a quick scan at the end of the installation, then restart the PC, do an update and run a full scan (all external sources connected)
tutorial: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
(NB: If you are missing "COMCTL32.OCX" during installation, download it here: https://www.malekal.com/tutorial-aboutbuster/; copy it to C:\WINDOWS\system32)
and post both reports
3°) perform a cleanup with "Ccleaner"
* tutorial and download for ccleaner: https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/46630.html
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
https://www.pcastuces.com/pratique/securite/nettoyer_windows/page1.htmpage1.htm
- choose "French" for the language
- before clicking the "install" button, uncheck all "optional extras" except for the first 2.
( be careful not to install the Yahoo ToolBar which is useless )
- disconnect and close all running applications
- uncheck in the "Options" menu - "Advanced" submenu = Only delete files in the Windows temp folder older than 48 hours.
- "Cleaner" section: do "Scan" then "Clean"
- registry section (for the first time): "Search for issues", select them then the "Fix all issues" option
multiple times, restarting CCleaner, until there are no more issues.
for the report
2°) download Malwarebytes' Anti-Malware (to keep and run once a week)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
run a quick scan at the end of the installation, then restart the PC, do an update and run a full scan (all external sources connected)
tutorial: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
(NB: If you are missing "COMCTL32.OCX" during installation, download it here: https://www.malekal.com/tutorial-aboutbuster/; copy it to C:\WINDOWS\system32)
and post both reports
3°) perform a cleanup with "Ccleaner"
* tutorial and download for ccleaner: https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/46630.html
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
https://www.pcastuces.com/pratique/securite/nettoyer_windows/page1.htmpage1.htm
- choose "French" for the language
- before clicking the "install" button, uncheck all "optional extras" except for the first 2.
( be careful not to install the Yahoo ToolBar which is useless )
- disconnect and close all running applications
- uncheck in the "Options" menu - "Advanced" submenu = Only delete files in the Windows temp folder older than 48 hours.
- "Cleaner" section: do "Scan" then "Clean"
- registry section (for the first time): "Search for issues", select them then the "Fix all issues" option
multiple times, restarting CCleaner, until there are no more issues.
Hello everyone, well for me it's the opposite... I had already posted a question... but still today without any answer... so I'm asking you:
well when I turn off my PC it tells me every day before "program in C"
that's all it doesn't finish its sentence plus it doesn't show me the name of the program or the symbol... and I check the task manager and it says everything is closed... I don't understand... it slows down my PC for at least 3 minutes at shutdown... thanks in advance and please reply to me...
well when I turn off my PC it tells me every day before "program in C"
that's all it doesn't finish its sentence plus it doesn't show me the name of the program or the symbol... and I check the task manager and it says everything is closed... I don't understand... it slows down my PC for at least 3 minutes at shutdown... thanks in advance and please reply to me...
Hello,
Thank you for the advice and the answers!
But after installing Malwarebytes' Anti-Malware thanks to this software, I was able to remove the virus from my PC and now I have no more issues ^^
Thanks to everyone for your answers.
Thank you for the advice and the answers!
But after installing Malwarebytes' Anti-Malware thanks to this software, I was able to remove the virus from my PC and now I have no more issues ^^
Thanks to everyone for your answers.