Hi Andrewuk,
thanks for your reply.
It is impossible to close all internet Explorer windows, due to the virus that is infecting my PC.
Anyway there was only 1 internet explorer window opened during the execution of DSS.
Main.txt
"
Deckard's System Scanner v20071014.68
Run by luka on 2008-04-06 19:02:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- Last 5 Restore Point(s) --
7: 2008-04-06 12:04:31 UTC - RP263 - Point de contrôle planifié
6: 2008-04-02 11:54:53 UTC - RP262 - Point de contrôle planifié
5: 2008-03-29 23:00:02 UTC - RP261 - Point de contrôle planifié
4: 2008-03-29 01:35:09 UTC - RP260 - Point de contrôle planifié
3: 2008-03-26 09:23:54 UTC - RP259 - Point de contrôle planifié
-- First Restore Point --
1: 2008-03-24 09:14:48 UTC - RP257 - Point de contrôle planifié
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as luka.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:02, on 06/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\luka\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\luka\Desktop\temp_Manuel\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\luka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://fr.fr.acer.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.sweetim.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Biasdelete] "C:\ProgramData\Tool Software Software.72b88v"
O4 - HKCU\..\Run: [bait face type axis] "C:\ProgramData\move loud bold.p4jopjx"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://www.pandasoftware.comO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl-esd.su...ows-i586-jc.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12728 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ALaunchService (ALaunch Service) - c:\acer\alaunch\alaunchsvc.exe <Not Verified; ; ALaunchSvc Service Image>
R2 eLockService (eLock Service) - c:\acer\empowering technology\elock\service\elockserv.exe <Not Verified; Acer Inc.; Acer eLock Management>
R2 eNet Service - c:\acer\empowering technology\enet\enet service.exe <Not Verified; Acer Inc.; Acer eNet Management>
R2 eRecoveryService (eRecovery Service) - c:\acer\empowering technology\erecovery\erecoveryservice.exe <Not Verified; Acer Inc.; eRecoveryService>
R2 eSettingsService (eSettings Service) - c:\acer\empowering technology\esettings\service\capuserv.exe <Not Verified; ; Service>
R2 MobilityService - c:\acer\mobility center\mobilityservice.exe -p
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 WMIService (ePower Service) - c:\acer\empowering technology\epower\epowersvc.exe <Not Verified; acer; Acer ePower Management>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Carte Microsoft ISATAP
Device ID: ROOT\*ISATAP\0021
Manufacturer: Microsoft
Name: isatap.{6DA4E4F2-DFE4-463C-8B69-69F0B5AD00DA}
PNP Device ID: ROOT\*ISATAP\0021
Service: tunnel
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011E1025&REV_02\4&185174AE&0&00E2
Manufacturer: Broadcom
Name: Broadcom NetLink Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011E1025&REV_02\4&185174AE&0&00E2
Service: b57nd60x
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5200
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia 5310 XpressMusic
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 5310 XpressMusic
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
-- Scheduled Tasks -------------------------------------------------------------
2008-03-24 21:36:26 580 --a------ C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - luka.job
-- Files created between 2008-03-06 and 2008-04-06 -----------------------------
2008-03-22 23:02:11 164352 --a------ C:\Windows\system32\unrar.dll
2008-03-22 23:02:08 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-03-22 23:02:08 755027 --a------ C:\Windows\system32\xvidcore.dll
2008-03-22 23:02:07 159839 --a------ C:\Windows\system32\xvidvfw.dll
2008-03-22 23:02:07 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-03-22 23:02:07 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-22 23:02:06 682496 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-22 23:02:05 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-03-22 23:02:03 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-12 23:46:53 0 -rahs---- C:\MSDOS.SYS
2008-03-12 23:46:53 0 -rahs---- C:\IO.SYS
2008-03-11 12:02:13 0 d-------- C:\Program Files\Java
2008-03-11 12:01:30 0 d-------- C:\Program Files\Common Files\Java
2008-03-10 00:49:15 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-10 00:49:02 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-10 00:48:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 00:26:36 0 d-------- C:\Program Files\Trend Micro
2008-03-09 23:29:08 0 d-------- C:\Users\All Users\Grisoft
2008-03-09 23:28:26 0 d-------- C:\Program Files\CCleaner
-- Find3M Report ---------------------------------------------------------------
2008-04-06 19:00:53 0 d-------- C:\Users\luka\AppData\Roaming\Skype
2008-04-06 17:55:20 0 d-------- C:\Users\luka\AppData\Roaming\skypePM
2008-04-06 12:41:20 690832 --a------ C:\Windows\system32\perfh00C.dat
2008-04-06 12:41:20 117572 --a------ C:\Windows\system32\perfc00C.dat
2008-04-06 12:34:37 27240 --a------ C:\Users\luka\AppData\Roaming\nvModes.001
2008-03-29 02:36:51 0 d-------- C:\Program Files\Circle Developement
2008-03-29 02:36:50 0 d-------- C:\Program Files\Messenger Plus! Live
2008-03-28 17:02:39 0 d-------- C:\Program Files\Norton Security Scan
2008-03-23 10:05:33 0 d-------- C:\Users\luka\AppData\Roaming\Media Player Classic
2008-03-17 00:12:00 27240 --a------ C:\Users\luka\AppData\Roaming\nvModes.dat
2008-03-13 00:01:29 0 d-------- C:\Program Files\Google
2008-03-12 23:49:41 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-12 23:46:45 0 d-------- C:\Program Files\PMsn Paraiso
2008-03-12 23:44:59 0 d-------- C:\Program Files\Macrogaming
2008-03-12 23:43:53 0 d-------- C:\Program Files\Yahoo!
2008-03-12 13:11:15 0 d-------- C:\Program Files\Windows Mail
2008-03-11 12:01:30 0 d-------- C:\Program Files\Common Files
2008-03-10 00:49:02 0 d-------- C:\Users\luka\AppData\Roaming\SUPERAntiSpyware.com
2008-03-09 23:29:58 0 d-------- C:\Users\luka\AppData\Roaming\Grisoft
2008-03-04 19:23:09 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-03 00:21:03 0 d-------- C:\Program Files\Windows Live
2008-03-02 00:01:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-26 18:26:33 0 d-------- C:\Users\luka\AppData\Roaming\CoSoSys
2008-02-26 17:17:06 0 d-------- C:\Users\luka\AppData\Roaming\Google
2008-02-11 22:25:56 10743 --a------ C:\Users\luka\AppData\Roaming\NMM-MetaData.db
2008-02-11 22:15:24 0 d-------- C:\Users\luka\AppData\Roaming\Nokia
2008-02-11 22:03:04 0 d-------- C:\Users\luka\AppData\Roaming\PC Suite
2008-02-01 12:17:40 587264 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
24/08/2007 21:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
01/02/2008 22:37 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [24/08/2007 21:51 316784]
[-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [10/08/2007 08:58]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" []
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" []
"Persistence"="C:\Windows\system32\igfxpers.exe" []
"ALaunch"="C:\Acer\ALaunch\AlaunchClient.exe" []
"RtHDVCpl"="RtHDVCpl.exe" [06/07/2007 05:06 C:\Windows\RtHDVCpl.exe]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [25/04/2007 16:33]
"Acer Tour"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08/03/2007 04:38]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [25/07/2007 17:39]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [25/07/2007 17:39]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [25/07/2007 17:39]
"PLFSetL"="C:\Windows\PLFSetL.exe" [05/07/2007 12:35]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [27/06/2007 11:15]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [24/05/2007 13:38]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 13:00]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [06/06/2007 10:06]
"eRecoveryService"="" []
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [22/05/2007 15:49]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 22:48]
"SetPanel"="C:\Acer\APanel\APanel.cmd" []
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [11/06/2007 15:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/01/2008 14:15]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [07/03/2006 03:52]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 22:37]
"Acer Tour Reminder"="" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]
"ares"="C:\Program Files\Ares\Ares.exe" [23/11/2007 18:18]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [10/12/2007 22:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [21/12/2007 01:13]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [06/02/2008 19:37]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [27/02/2007 12:39]
"Biasdelete"="C:\ProgramData\Tool Software Software.72b88v" [29/03/2008 02:37]
"bait face type axis"="C:\ProgramData\move loud bold.p4jopjx" [29/03/2008 02:38]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 11:12]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
C:\Users\luka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [26/10/2006 20:24:54]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [10/08/2007 09:29:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 12:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26956731-b582-11dc-b813-8523475c9e21}]
AutoRun\command- F:\
explore\Command- RECYCLER\autorun.exe -ExploreCurDir
open\Command- RECYCLER\autorun.exe -OpenCurDir
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7ac9def-bef3-11dc-985d-ad261b4dcb64}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c46e9b44-a82e-11dc-9725-999809496c4d}]
AutoRun\command- ay8p6v3.cmd
explore\Command- ay8p6v3.cmd
open\Command- ay8p6v3.cmd
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
-- End of Deckard's System Scanner: finished at 2008-04-06 19:05:09 ------------
"