Report submission [SOLVED]

[titou56]

Hi friends :wink:

 

Could you have a look, please ? Here is the Hijackthis report ...

hijackthis.log.txt

[enoskype]

Hi titou56,

 

If you want other members to look at your HijackThis report and reply to you, please post in General Discussion IS360 section.

Here, only Malware Fighters can reply you.

 

In this section, please follow the instructions in Guidelines for requesting malware removal assistance thread.

 

You will be guided by a Malware Fighter.

 

 

Cheers.

[titou56]

Hi Enoskype :wink:

 

Thank you E..s ! I'll post in the good section...

 

Very best regards !

[titou56]

Hi friends :wink:

 

here we are :

 

IObit Security 360

 

OS:Windows Vista

Version:1.4.1.11

Préciser la Version:1419

Temps écoulé:00:28:40

Objets Scannés:68210

Menaces Trouvées:2

 

|Nom|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:t2 nomad@www.incredimail.com/, 7-1892

Tracking Cookies, Cookies, Cookie:t2 nomad@mystart.incredimail.com/, 7-1892

--------------------------------------------------------

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by t2 nomad at 15:03:38.77 on 02/05/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1152 [GMT 2:00]

 

SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\FsUsbExService.Exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\a-squared Anti-Malware\a2guard.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\Clavier+\Clavier.exe

C:\Program Files\AeroSnap\AeroSnap.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Windows\system32\conime.exe

C:\Users\t2 nomad\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://mystart.incredimail.com/

uWindow Title = Windows Internet Explorer

mStart Page =

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [incrediMail] c:\program files\incredimail\bin\IncMail.exe /c

uRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe

uRun: [Clavier+] c:\program files\clavier+\Clavier.exe

uRun: [AeroSnap] c:\program files\aerosnap\AeroSnap.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\t2noma~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\spamihilator.lnk - c:\program files\spamihilator\spamihilator.exe

uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

LSA: Authentication Packages = msv1_0 relog_ap

Hosts: 127.0.0.1 http://www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\users\t2noma~1\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\

FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs_IM2_TEST&search=

FF - component: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - component: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\openoffice.org 3\program\npsoplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\t2 nomad\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-3-17 15328]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-30 11608]

R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-11-11 1872320]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2009-4-30 194817]

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-4-30 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-30 185089]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2009-4-30 434945]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-30 56816]

R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-2-7 233472]

R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-3-17 220128]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2008-3-22 179712]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-2-7 36608]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-1-30 115312]

S2 gupdate1ca6bd77832db60;Service Google Update (gupdate1ca6bd77832db60);c:\program files\google\update\GoogleUpdate.exe [2009-11-23 133104]

S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-15 311568]

S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-22 21504]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-19 13224]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-4-19 90536]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-4-19 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-4-19 122152]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-4-19 115496]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-4-19 25768]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-4-19 111912]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-4-19 117672]

S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-2-7 90112]

S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-2-7 14976]

S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-2-7 121856]

 

=============== Created Last 30 ================

 

2010-04-26 18:52:51 0 d-----w- c:\program files\Emoticon

2010-04-26 14:59:12 0 d-----w- c:\users\t2 nomad\AdSigner

2010-04-26 14:29:58 0 d-----w- c:\program files\Trend Micro

2010-04-19 13:34:35 55315 ----a-w- C:\capture.jpg

2010-04-16 10:59:01 0 d-----w- c:\programdata\Apple

2010-04-15 13:53:12 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-14 10:58:26 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-14 10:58:25 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-14 10:58:25 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-14 10:58:22 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-14 10:58:22 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-14 10:58:17 430080 ----a-w- c:\windows\system32\vbscript.dll

2010-04-14 10:58:02 62464 ----a-w- c:\windows\system32\l3codeca.acm

2010-04-14 10:58:02 220672 ----a-w- c:\windows\system32\l3codecp.acm

2010-04-14 10:58:01 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-14 10:58:01 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-14 10:58:01 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-14 10:56:39 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-14 10:55:33 172032 ----a-w- c:\windows\system32\wintrust.dll

 

==================== Find3M ====================

 

2010-05-01 06:15:21 741588 ----a-w- c:\windows\system32\perfh00C.dat

2010-05-01 06:15:20 147404 ----a-w- c:\windows\system32\perfc00C.dat

2010-04-01 07:19:33 3353 ----a-w- C:\Français.zip

2010-03-17 09:51:48 15328 ----a-w- c:\windows\system32\drivers\pssnap.sys

2010-03-17 09:51:39 44512 ----a-w- c:\windows\system32\drivers\psmounter.sys

2010-02-24 08:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-13 05:23:12 41336 ----a-w- c:\users\t2noma~1\appdata\roaming\nvModes.dat

2010-02-08 06:53:14 86016 ----a-w- c:\windows\inf\infpub.dat

2010-02-08 06:53:14 143360 ----a-w- c:\windows\inf\infstrng.dat

2010-02-08 06:53:14 143360 ----a-w- c:\windows\inf\infstor.dat

2009-11-12 21:14:34 665600 ----a-w- c:\windows\inf\drvindex.dat

2008-03-22 11:28:23 174 --sha-w- c:\program files\desktop.ini

2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfd.dat

2006-11-02 15:45:47 37390 ----a-w- c:\windows\inf\perflib\040c\perfc.dat

2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfi.dat

2006-11-02 15:45:47 340236 ----a-w- c:\windows\inf\perflib\040c\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2008-05-21 16:42:10 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008052120080522\index.dat

2008-06-05 23:02:28 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008060620080607\index.dat

2008-06-09 01:53:18 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008060920080610\index.dat

2009-05-12 15:56:01 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009051220090513\index.dat

2009-10-03 11:11:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009100320091004\index.dat

2009-11-29 17:37:38 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112920091130\index.dat

2009-11-30 06:49:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091201\index.dat

2009-12-19 07:11:46 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121920091220\index.dat

2009-05-20 21:44:47 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

2007-06-10 18:36:51 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

 

============= FINISH: 15:04:42.70 ===============

 

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft® Windows Vista™ Édition Familiale Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 10/06/2007 12:45:45

System Uptime: 05/02/2010 14:23:12 (2065 hours ago)

 

Motherboard: Dell Inc. | | 0CF456

Processor: Intel® Core2 CPU T7200 @ 2.00GHz | Microprocessor | 2000/166mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 100 GiB total, 46.562 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 3.69 GiB free.

E: is CDROM ()

F: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}

Description: Conexant HDA D110 MDC V.92 Modem

Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&B1E9B9E&0&0102

Manufacturer: Conexant

Name: Conexant HDA D110 MDC V.92 Modem

PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&B1E9B9E&0&0102

Service: Modem

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

2007 Microsoft Office Suite Service Pack 1 (SP1)

7-Zip 4.65

a-squared Anti-Malware 4.5

Acronis*True*Image*Home

Adobe Flash Player 10 Plugin

Adobe Flash Player 9 ActiveX

Adobe Flash Player ActiveX

Advanced SystemCare 3

Advertising Center

AeroSnap 0.61

Apple Application Support

Audacity 1.2.6

AutoUpdate

Avira AntiVir Premium

Broadcom Management Programs

CamStudio 2.0 Fr

Canon MP180

CCleaner

CDBurnerXP

Clavier+ 10.6.1

ConvertHelper 2.2

DAEMON Tools Toolbar

Digital Line Detect

DivX Codec

Fast DVD Ripper 1.1

Foxit Reader

Gadwin PrintScreen

Galerie de photos Windows Live

GigaTribe 3.01.001

Google Update Helper

Google*Earth

HiJackThis

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Iconoid Version 3.8.5

IncrediMail

IncrediMail 2.0

Installation Windows Live

IObit Security 360

Java Auto Updater

Java 6 Update 20

KeyScrambler

Macrium Reflect - Free Edition

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft .NET Framework 3.5 Language Pack SP1 - fra

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft LifeCam

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (French) 2007

Microsoft Office Excel MUI (French) 2007

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office Outlook MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Office Word MUI (French) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Module linguistique Microsoft .NET Framework 3.5 SP1- fra

MozBackup 1.4.10

Mozilla Firefox (3.6.3)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Lite

Nero ControlCenter

Nero Installer

Nero Online Upgrade

Nero StartSmart

neroxml

Neuf - Kit de connexion

NVIDIA Drivers

OGA Notifier 2.0.0048.0

OpenOffice.org 3.2

Package de pilotes Windows - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)

Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)

PC Connectivity Solution

PhotoFiltre

PhotoMail Maker

QuickSet

QuickTime Alternative 3.1.1

Rainlendar2 (remove only)

Real Alternative 2.0.2 Lite

Recuva

Revo Uninstaller 1.87

RocketDock 1.3.5

SAMSUNG Mobile Composite Device Software

Samsung Mobile Modem Device Software

SAMSUNG Mobile Modem Driver Set

SAMSUNG Mobile Modem V2 Software

Samsung Mobile phone USB driver Software

SAMSUNG Mobile USB Download Driver Software

SAMSUNG Mobile USB Modem 1.0 Software

SAMSUNG Mobile USB Modem Software

Samsung New PC Studio

Samsung New PC Studio USB Driver Installer

Samsung PC Studio

SAMSUNG SYMBIAN USB Download Driver

SAMSUNG USB Mobile Device Software

SamsungConnectivityCableDriver

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB969679)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB969682)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office Word 2007 (KB969604)

SigmaTel Audio

Smart Defrag

Sonic Activation Module

Spamihilator

Spamihilator 0.9.9.53 (32 bit)

Synaptics Pointing Device Driver

SyncBack

TomTom HOME 2.7.3.1894

TomTom HOME Visual Studio Merge Modules

Tomtomax Maxi-Box V2.0.20

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb972691)

USB Storage Driver

VDownloader 1.12

Virtools 3D Life Player

VirusTotal Uploader 2.0

Visual C++ CRT 8.0

Visual C++ CRT 9.0

Visual C++ CRT 9.0 SP1

VLC media player 1.0.5

Winamp

Winamp Remote

Windows Live Call

Windows Live Communications Platform

Windows Live FolderShare

Windows Live Messenger

Windows Media Player Firefox Plugin

XPS LightFX SDK

 

==== End Of File ===========================

[titou56]

ouh-hou someone here ?

 

:wink: Hi friends :wink:

 

UP !

[evilfantasy]

Hello titou56. Sorry for the slow reply...

 

Can you give me an idea of what I might be looking for? What problems are you having?

[titou56]

better later than never

 

Hi Evilfantasy :wink:

 

nothing seems to be wrong, but, too many instances of svchost.exe...

 

and the automatic analysis is full of red crosses... !?

 

please gently have a look on the report ?

[evilfantasy]

Download HostsXpert and then follow the below steps.

 

* Unzip HostXpert to your desktop.

* Open up the HostsXpert program.

* (Vista and Windows 7 users right click HostsXpert and choose Run as Administrator)

* Make sure that the "Make Hosts Writable?" button in the upper left corner is enabled (unlocked).

* Click Create Back Up.

* Then click on Restore Microsoft's Host Files.

* Close the HostsXpert program.

 

Note: if you use SpywareBlaster, Spybot and/or IE-SPYAD, it will be necessary to re-install the protection they afford. For SpywareBlaster, run the program and select Enable all protection. For Spybot run the program and select Immunize. For IE-SPYAD, run the batch file and reinstall the protection.

 

----------

 

If you already have ComboFix be sure to delete it and download a new copy.

 

Download ComboFix© by sUBs from one of the below links. Be sure to save it to the Desktop.

 

Link #1

Link #2

 

**Note: It is important that it is saved directly to your Desktop

 

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Double click combofix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

When finished ComboFix will produce a log for you.

Post the ComboFix log in your next reply.

 

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

 

If you have problems with ComboFix usage, see How to use ComboFix

[titou56]

done

 

Hi evilfantasy : wink:

 

here we are :

combofix 7 mai.zip

[evilfantasy]

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

 

* Copy the file path in the below Code box:

c:\program files\Clavier+\Clavier.exe

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

[titou56]

here we are

 

Hi evilfantasy :wink:

 

http://virusscan.jotti.org/fr/scanresult/34a4fa7c35683111f8d9132a3c486fe6ef668164/c8fe6a206385e652d32346adef83e6eb473fde89

[evilfantasy]

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.

* Now type Combofix /Uninstall in the runbox

* Make sure there's a space between Combofix and /Uninstall

* Then hit Enter

 

* The above procedure will:

* Delete the following:

* ComboFix and its associated files and folders.

* Reset the clock settings.

* Hide file extensions, if required.

* Hide System/Hidden files, if required.

* Set a new, clean Restore Point.

 

----------

 

Clean out your temporary internet files and temp files.

 

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

 

----------

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the <<Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[titou56]

ouh ouh about 4 hours of scan

 

Hi evilfantasy :wink:

 

Here is the result of ESET scan...

rapport ESET.txt

[evilfantasy]

If there are no more malware issues we can finish up now.

 

Use the Secunia Software Inspector to check for out of date software.

Click Start Scanner

Check the box next to Enable thorough system inspection.

Click Start

Allow the scan to finish and scroll down to see if any updates are needed.

Update anything listed.

 

----------

 

Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

 

----------

 

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

 

----------

 

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

 

I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.

 

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.

* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Learn more about how to protect yourself while on the Internet from the following link. So how did I get infected in the first place? by Tony Klien.

[titou56]

Thanks

 

Hi evilfantasy :wink:

 

Thank you very much for the time you spent for this thread !

 

I actually protect my PC with Antivir Premium and Emisoft Antimalware both up to date and in their latest versions. Ccleanner is launched each time I leave Firefox, to erase traces of surf. ASC Pro is running in fond with a Vista SP2 maintained up to date...

 

Do you suggest that I should modify ? in which way ?

 

Very best regard,

 

Titou

[evilfantasy]

You have good protection now. Just use caution when surfing and downloading. Nothing beats common sense! ;-)