Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Advanced SystemCare Pro Review IObit Coupons A Good Utility Program From IObit IObit Driver Booster Pro Review IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs IObit Software Coupons & Promo Code

Report submission [SOLVED]

Recommended Posts

Hi friends :wink:


here we are :


IObit Security 360


OS:Windows Vista


Préciser la Version:1419

Temps écoulé:00:28:40

Objets Scannés:68210

Menaces Trouvées:2



Tracking Cookies, Cookies, Cookie:t2 nomad@www.incredimail.com/, 7-1892

Tracking Cookies, Cookies, Cookie:t2 nomad@mystart.incredimail.com/, 7-1892



DDS (Ver_10-03-17.01) - NTFSx86

Run by t2 nomad at 15:03:38.77 on 02/05/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1152 [GMT 2:00]


SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}


============== Running Processes ===============




C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup


C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService


C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork





C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe


C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe


C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\a-squared Anti-Malware\a2guard.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Clavier+\Clavier.exe

C:\Program Files\AeroSnap\AeroSnap.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe


C:\Users\t2 nomad\Desktop\dds.scr



============== Pseudo HJT Report ===============


uStart Page = hxxp://mystart.incredimail.com/

uWindow Title = Windows Internet Explorer

mStart Page =

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [incrediMail] c:\program files\incredimail\bin\IncMail.exe /c

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe

uRun: [Clavier+] c:\program files\clavier+\Clavier.exe

uRun: [AeroSnap] c:\program files\aerosnap\AeroSnap.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\t2noma~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\spamihilator.lnk - c:\program files\spamihilator\spamihilator.exe

uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

LSA: Authentication Packages = msv1_0 relog_ap

Hosts: http://www.spywareinfo.com


================= FIREFOX ===================


FF - ProfilePath - c:\users\t2noma~1\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\

FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=

FF - component: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - component: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\t2 nomad\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}



FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);


============= SERVICES / DRIVERS ===============


R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608]

R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-11-11 1872320]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-4-30 194817]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-4-30 434945]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 56816]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-2-7 233472]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2008-3-22 179712]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-7 36608]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-1-30 115312]

S2 gupdate1ca6bd77832db60;Service Google Update (gupdate1ca6bd77832db60);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104]

S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-15 311568]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-22 21504]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-19 13224]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-4-19 90536]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-4-19 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-4-19 122152]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-4-19 115496]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-4-19 25768]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-4-19 111912]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-4-19 117672]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-2-7 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-2-7 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-2-7 121856]


=============== Created Last 30 ================


2010-04-26 18:52:51 0 d-----w- c:\program files\Emoticon

2010-04-26 14:59:12 0 d-----w- c:\users\t2 nomad\AdSigner

2010-04-26 14:29:58 0 d-----w- c:\program files\Trend Micro

2010-04-19 13:34:35 55315 ----a-w- C:\capture.jpg

2010-04-16 10:59:01 0 d-----w- c:\programdata\Apple

2010-04-15 13:53:12 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-14 10:58:26 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-14 10:58:25 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-14 10:58:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-14 10:58:22 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-14 10:58:22 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-14 10:58:17 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-04-14 10:58:02 62464 ----a-w- c:\windows\system32\l3codeca.acm

2010-04-14 10:58:02 220672 ----a-w- c:\windows\system32\l3codecp.acm

2010-04-14 10:58:01 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-14 10:58:01 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-14 10:58:01 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-14 10:56:39 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-14 10:55:33 172032 ----a-w- c:\windows\system32\wintrust.dll


==================== Find3M ====================


2010-05-01 06:15:21 741588 ----a-w- c:\windows\system32\perfh00C.dat

2010-05-01 06:15:20 147404 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-01 07:19:33 3353 ----a-w- C:\Français.zip

2010-03-17 09:51:48 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys

2010-03-17 09:51:39 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-13 05:23:12 41336 ----a-w- c:\users\t2noma~1\appdata\roaming\nvModes.dat

2010-02-08 06:53:14 86016 ----a-w- c:\windows\inf\infpub.dat

2010-02-08 06:53:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-02-08 06:53:14 143360 ----a-w- c:\windows\inf\infstor.dat

2009-11-12 21:14:34 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-03-22 11:28:23 174 --sha-w- c:\program files\desktop.ini

2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat

2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat

2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat

2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-05-21 16:42:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008052120080522\index.dat

2008-06-05 23:02:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008060620080607\index.dat

2008-06-09 01:53:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008060920080610\index.dat

2009-05-12 15:56:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051220090513\index.dat

2009-10-03 11:11:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100320091004\index.dat

2009-11-29 17:37:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112920091130\index.dat

2009-11-30 06:49:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091201\index.dat

2009-12-19 07:11:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121920091220\index.dat

2009-05-20 21:44:47 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2007-06-10 18:36:51 8192 --sha-w- c:\windows\users\default\NTUSER.DAT


============= FINISH: 15:04:42.70 ===============






DDS (Ver_10-03-17.01)


Microsoft® Windows Vista™ Édition Familiale Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 10/06/2007 12:45:45

System Uptime: 05/02/2010 14:23:12 (2065 hours ago)


Motherboard: Dell Inc. | | 0CF456

Processor: Intel® Core2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 100 GiB total, 46.562 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 3.69 GiB free.

E: is CDROM ()

F: is CDROM ()


==== Disabled Device Manager Items =============


Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}

Description: Conexant HDA D110 MDC V.92 Modem

Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&B1E9B9E&0&0102

Manufacturer: Conexant

Name: Conexant HDA D110 MDC V.92 Modem

PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&B1E9B9E&0&0102

Service: Modem


==== System Restore Points ===================



==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)

7-Zip 4.65

a-squared Anti-Malware 4.5


Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Advanced SystemCare 3

Advertising Center

AeroSnap 0.61

Apple Application Support

Audacity 1.2.6


Avira AntiVir Premium

Broadcom Management Programs

CamStudio 2.0 Fr

Canon MP180



Clavier+ 10.6.1

ConvertHelper 2.2

DAEMON Tools Toolbar

Digital Line Detect

DivX Codec

Fast DVD Ripper 1.1

Foxit Reader

Gadwin PrintScreen

Galerie de photos Windows Live

GigaTribe 3.01.001

Google Update Helper



HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Iconoid Version 3.8.5


IncrediMail 2.0

Installation Windows Live

IObit Security 360

Java Auto Updater

Java 6 Update 20


Macrium Reflect - Free Edition

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 3.5 Language Pack SP1 - fra

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft LifeCam

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Module linguistique Microsoft .NET Framework 3.5 SP1- fra

MozBackup 1.4.10

Mozilla Firefox (3.6.3)


MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Lite

Nero ControlCenter

Nero Installer

Nero Online Upgrade

Nero StartSmart


Neuf - Kit de connexion

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.2

Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008

Package de pilotes Windows - Nokia pccsmcfd (10/12/2007

PC Connectivity Solution


PhotoMail Maker


QuickTime Alternative 3.1.1

Rainlendar2 (remove only)

Real Alternative 2.0.2 Lite


Revo Uninstaller 1.87

RocketDock 1.3.5

SAMSUNG Mobile Composite Device Software

Samsung Mobile Modem Device Software

SAMSUNG Mobile Modem Driver Set

SAMSUNG Mobile Modem V2 Software

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Download Driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

Samsung New PC Studio USB Driver Installer

Samsung PC Studio


SAMSUNG USB Mobile Device Software


Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

SigmaTel Audio

Smart Defrag

Sonic Activation Module


Spamihilator (32 bit)

Synaptics Pointing Device Driver



TomTom HOME Visual Studio Merge Modules

Tomtomax Maxi-Box V2.0.20

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb972691)

USB Storage Driver

VDownloader 1.12

Virtools 3D Life Player

VirusTotal Uploader 2.0

Visual C++ CRT 8.0

Visual C++ CRT 9.0

Visual C++ CRT 9.0 SP1

VLC media player 1.0.5


Winamp Remote

Windows Live Call

Windows Live Communications Platform

Windows Live FolderShare

Windows Live Messenger

Windows Media Player Firefox Plugin



==== End Of File ===========================

Link to comment
Share on other sites

better later than never


Hi Evilfantasy :wink:


nothing seems to be wrong, but, too many instances of svchost.exe...


and the automatic analysis is full of red crosses... !?


please gently have a look on the report ?

Link to comment
Share on other sites

Download HostsXpert and then follow the below steps.


* Unzip HostXpert to your desktop.

* Open up the HostsXpert program.

* (Vista and Windows 7 users right click HostsXpert and choose Run as Administrator)

* Make sure that the "Make Hosts Writable?" button in the upper left corner is enabled (unlocked).

* Click Create Back Up.

* Then click on Restore Microsoft's Host Files.

* Close the HostsXpert program.


Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.




If you already have ComboFix be sure to delete it and download a new copy.


Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.


Link #1

Link #2


**Note: It is important that it is saved directly to your Desktop


Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.


Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.


Double click combofix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

When finished ComboFix will produce a log for you.

Post the ComboFix log in your next reply.


Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.


Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.


If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)


* Copy the file path in the below Code box:

c:\program files\Clavier+\Clavier.exe

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Link to comment
Share on other sites

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.

* Now type Combofix /Uninstall in the runbox

* Make sure there's a space between Combofix and /Uninstall

* Then hit Enter


* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.




Clean out your temporary internet files and temp files.


Download TFC by OldTimer to your desktop.


Double-click TFC.exe to run it.


Note: If you are running on Vista, right-click on the file and choose Run As Administrator


TFC will close all programs when run, so make sure you have saved all your work before you begin.


* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.


Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.




ESET Online Scan


Scan your computer with the ESET FREE Online Virus Scan


* Click the ESET Online Scanner button.


* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.


* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the <<Back button then click Finish.


In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

If there are no more malware issues we can finish up now.


Use the Secunia Software Inspector to check for out of date software.

Click Start Scanner

Check the box next to Enable thorough system inspection.

Click Start

Allow the scan to finish and scroll down to see if any updates are needed.

Update anything listed.




Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)




If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.




I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.


I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.


SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware


I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.


Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.

* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ


Learn more about how to protect yourself while on the Internet from the following link. So how did I get infected in the first place? by Tony Klien.

Link to comment
Share on other sites



Hi evilfantasy :wink:


Thank you very much for the time you spent for this thread !


I actually protect my PC with Antivir Premium and Emisoft Antimalware both up to date and in their latest versions. Ccleanner is launched each time I leave Firefox, to erase traces of surf. ASC Pro is running in fond with a Vista SP2 maintained up to date...


Do you suggest that I should modify ? in which way ?


Very best regard,



Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...