Got a pb...

[titou56]

here we are :

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.2.0

Run by t2 nomad at 19:19:01 on 2012-01-14

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1079 [GMT 1:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Clavier+\Clavier.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Program Files\Spamihilator\spamihilator.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\IncrediMail\Bin\ImApp.exe

C:\Program Files\IObit\Advanced SystemCare 5\DelayLoad.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox9\firefox.exe

C:\Program Files\Mozilla Firefox\firefox9\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = my.daemon-search.com

mStart Page =

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [Clavier+] c:\program files\clavier+\Clavier.exe

uRun: [Rainlendar2] c:\program files\rainlendar2\rainlendar2.exe

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [incMail.exe] c:\program files\incredimail\bin\incmail.exe

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /Manual

mRun: [synTPEnh] c:\program files\synaptics\syntp\syntpenh.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\users\t2noma~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\spamih~1.lnk - c:\program files\spamihilator\spamihilator.exe

uPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-explorer: HonorAutoRunSetting = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4BAC198E-CA11-402F-B802-C6F16144B4F6} : DhcpNameServer = 192.168.1.1

SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/nwshp?hl=fr&tab=wn

FF - prefs.js: keyword.URL - hxxp://www.yahoo.fr

FF - component: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll

FF - component: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\firefox 6\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\mozilla firefox\firefox 6\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\t2 nomad\appdata\roaming\mozilla\firefox\profiles\6o4gbyrt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\users\t2 nomad\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-12-22 16024]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-7 15672]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-15 36000]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-8-15 497496]

R2 AntiVirMailService;Avira Protection e-mail;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-15 342480]

R2 AntiVirSchedulerService;Avira Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-12-15 86224]

R2 AntiVirService;Avira Protection temps réel;c:\program files\avira\antivir desktop\avguard.exe [2011-12-15 110032]

R2 AntiVirWebService;Avira Protection Web;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-12-15 463824]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-15 74640]

R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-22 21504]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2010-12-27 821592]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-12-22 224920]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R3 b57nd60x;%SvcDispName%;c:\windows\system32\drivers\b57nd60x.sys [2008-3-22 179712]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-1-30 173880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-7 30312]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-19 13224]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-12-22 47256]

S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2011-12-22 12952]

S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [2011-9-27 53248]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-7 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-7 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-7 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-7 114280]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]

S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-4-19 90536]

S4 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-4-19 15016]

S4 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-4-19 122152]

S4 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-4-19 115496]

S4 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-4-19 25768]

S4 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-4-19 111912]

S4 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-4-19 117672]

S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]

.

=============== Created Last 30 ================

.

2012-01-13 09:18:38 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-13 09:18:38 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-13 09:18:38 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-13 09:18:38 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-13 09:18:38 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-13 09:18:38 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-11 07:35:20 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-11 07:35:20 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-11 07:35:18 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 07:35:16 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-11 07:35:14 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-11 07:35:12 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 07:35:12 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-09 06:35:04 -------- d-----w- c:\users\t2 nomad\appdata\roaming\Canneverbe Limited

2012-01-09 06:35:04 -------- d-----w- c:\programdata\Canneverbe Limited

2012-01-07 16:08:38 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-01-07 16:08:38 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-01-06 05:01:57 -------- d-----w- c:\programdata\UDL

2012-01-05 18:07:48 -------- d-----w- c:\program files\common files\EPSON

2012-01-05 18:07:00 8192 ----a-w- c:\windows\system32\E_DCINST.DLL

2012-01-05 18:06:59 93696 ----a-w- c:\windows\system32\E_FLBHLE.DLL

2012-01-05 18:06:57 63488 ----a-w- c:\windows\system32\E_FD4BHLE.DLL

2012-01-05 18:06:28 -------- d-----w- c:\programdata\EPSON

2012-01-05 18:05:48 341504 ----a-w- c:\windows\system32\esw2ud.dll

2012-01-05 18:05:48 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-01-05 18:05:48 12800 ----a-w- c:\windows\system32\escdev.dll

2012-01-05 18:05:34 -------- d-----w- c:\program files\epson

2012-01-03 09:46:07 -------- d-----w- c:\users\t2 nomad\appdata\roaming\LOdev

2012-01-02 12:59:12 -------- d-----w- c:\users\t2 nomad\appdata\roaming\AIMP3

2012-01-02 12:59:07 -------- d-----w- c:\program files\AIMP3

2011-12-31 15:52:56 -------- d-----w- c:\users\t2 nomad\appdata\roaming\SingularLabs

2011-12-24 15:12:46 -------- d-----w- c:\program files\Emoticon

2011-12-22 21:30:02 -------- d-----w- c:\users\t2 nomad\appdata\roaming\Druide

2011-12-22 21:28:51 -------- d-----w- c:\program files\Druide

2011-12-22 16:11:42 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-12-22 16:11:42 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-12-22 16:11:42 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-12-20 14:42:09 -------- d-----w- c:\users\t2 nomad\appdata\roaming\LibreOffice

2011-12-20 14:20:03 -------- d-----w- c:\program files\LibreOffice 3.4

2011-12-20 10:29:58 -------- d-----w- c:\users\t2 nomad\appdata\local\Apps

2011-12-18 01:25:04 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

.

==================== Find3M ====================

.

2011-12-15 00:41:38 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2011-12-10 14:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-01 17:02:22 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-01 17:02:22 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-17 17:06:09 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-11 08:07:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-08 05:54:46 512 ----a-w- C:\PhysicalDisk0_MBR.bin

2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 08:02:56 389632 ----a-w- c:\windows\system32\html.iec

2011-10-26 08:02:55 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-26 08:02:54 834048 ----a-w- c:\windows\system32\wininet.dll

2011-10-26 08:01:04 502272 ----a-w- c:\windows\system32\usp10.dll

2011-10-26 07:59:30 293376 ----a-w- c:\windows\system32\browserchoice.exe

2011-10-26 07:59:09 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-10-25 15:56:04 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-19 21:16:02 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

============= FINISH: 19:21:21.07 ===============

[titou56]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Édition Familiale Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 10/06/2007 12:45:45

System Uptime: 14/01/2012 19:00:31 (0 hours ago)

.

Motherboard: Dell Inc. | | 0CF456

Processor: Intel® Core2 CPU T7200 @ 2.00GHz | Microprocessor | 1000/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 100 GiB total, 48.169 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.133 GiB free.

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96d-e325-11ce-bfc1-08002be10318}

Description: Conexant HDA D110 MDC V.92 Modem

Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&B1E9B9E&0&0102

Manufacturer: Conexant

Name: Conexant HDA D110 MDC V.92 Modem

PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&B1E9B9E&0&0102

Service: Modem

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

7-Zip 9.22beta

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Advanced SystemCare 5

Advertising Center

AIMP3

Antidote HD

Apple Application Support

Audacity 1.3.14 (Unicode)

AutoUpdate

Avira Antivirus Premium 2012

Broadcom Management Programs

CamStudio 2.0 Fr

CCleaner

CDBurnerXP

Clavier+ 10.6.4

DAEMON Tools Lite

Digital Line Detect

EPSON Scan

EPSON SX235 Series Printer Uninstall

Fast DVD Ripper 1.1

FastFontPreview v3.0.2 FREEWARE

Gadwin PrintScreen

Galerie de photos Windows Live

GigaTribe 3.01.006

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Iconoid version 3.8.6

IncrediMail

IncrediMail 2.0

Inpaint 3.1

Installation Windows Live

IObit Malware Fighter

Java 6 Update 29

Java 7 Update 2

KeyScrambler

LAME v3.98.2 for Audacity

LibreOffice 3.4

Macrium Reflect Free Edition

Malwarebytes Anti-Malware version 1.60.0.1800

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 Language Pack SP1 - fra

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile FRA Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Image Composite Editor

Microsoft LifeCam

Microsoft Office InfoPath MUI (French) 2007

Microsoft Office PowerPoint MUI (French) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proofing (French) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (French) 2007

Microsoft Office Shared MUI (French) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Module linguistique Microsoft .NET Framework 3.5 SP1- fra

Module linguistique Microsoft .NET Framework 4 Client Profile FRA

MozBackup 1.5.1

Mozilla Firefox 4.0b7 (x86 en-US)

Mozilla Firefox 9.0.1 (x86 fr)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero ControlCenter

Nero Installer

Nero Online Upgrade

neroxml

Neuf - Kit de connexion

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PDF-Viewer

Photo Notifier and Animation Creator

PhotoFiltre

PhotoMail Maker

QuickSet

QuickTime Alternative 3.1.1

Rainlendar2 (remove only)

Real Alternative 2.0.2 Lite

Revo Uninstaller 1.93

RocketDock 1.3.5

Samsung Kies

Samsung New PC Studio USB Driver Installer

Samsung PC Studio

SAMSUNG SYMBIAN USB Download Driver

SAMSUNG USB Driver for Mobile Phones

SamsungConnectivityCableDriver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663)

Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870)

SigmaTel Audio

Smart Defrag

Smart Defrag 2

Sonic Activation Module

Spamihilator

Spamihilator 1.0.0 (32 bit)

Spotify

Synaptics Pointing Device Driver

SyncBack

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Tomtomax Maxi-Box V2.0.24

Unlocker 1.9.1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

USB Storage Driver

VDownloader 1.12

VirusTotal Uploader 2.0

Visual C++ CRT 8.0

Visual C++ CRT 9.0

Visual C++ CRT 9.0 SP1

VLC media player 1.1.11

WD SmartWare

Windows Live Call

Windows Live Communications Platform

Windows Live Messenger

XPS LightFX SDK

.

==== End Of File ===========================

[titou56]

Avira Antivirus Premium 2012

Date de création du fichier de rapport : samedi 14 janvier 2012 03:08

 

La recherche porte sur 3069807 souches de virus.

 

Le programme fonctionne en version intégrale illimitée.

Les services en ligne sont disponibles.

 

Détenteur de la licence : thierry lefour

Numéro de série : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Plateforme : Windows Vista

Version de Windows : (Service Pack 2) [6.0.6002]

Mode Boot : Démarré normalement

Identifiant : SYSTEM

Nom de l'ordinateur : T2-XPS-M1710

 

Informations de version :

BUILD.DAT : 12.0.0.171 42511 Bytes 16/12/2011 10:50:00

AVSCAN.EXE : 12.1.0.18 490448 Bytes 01/12/2011 17:02:00

AVSCAN.DLL : 12.1.0.17 64976 Bytes 29/09/2011 10:28:06

LUKE.DLL : 12.1.0.17 68304 Bytes 01/12/2011 17:02:08

AVSCPLR.DLL : 12.1.0.21 99536 Bytes 01/12/2011 17:02:00

AVREG.DLL : 12.1.0.27 227536 Bytes 15/12/2011 12:15:35

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:18:34

VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 09:07:39

VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 17:21:32

VBASE003.VDF : 7.11.19.171 2048 Bytes 20/12/2011 17:21:32

VBASE004.VDF : 7.11.19.172 2048 Bytes 20/12/2011 17:21:35

VBASE005.VDF : 7.11.19.173 2048 Bytes 20/12/2011 17:21:35

VBASE006.VDF : 7.11.19.174 2048 Bytes 20/12/2011 17:21:36

VBASE007.VDF : 7.11.19.175 2048 Bytes 20/12/2011 17:21:36

VBASE008.VDF : 7.11.19.176 2048 Bytes 20/12/2011 17:21:36

VBASE009.VDF : 7.11.19.177 2048 Bytes 20/12/2011 17:21:36

VBASE010.VDF : 7.11.19.178 2048 Bytes 20/12/2011 17:21:37

VBASE011.VDF : 7.11.19.179 2048 Bytes 20/12/2011 17:21:37

VBASE012.VDF : 7.11.19.180 2048 Bytes 20/12/2011 17:21:37

VBASE013.VDF : 7.11.19.217 182784 Bytes 22/12/2011 13:05:16

VBASE014.VDF : 7.11.19.255 148480 Bytes 24/12/2011 14:35:55

VBASE015.VDF : 7.11.20.29 164352 Bytes 27/12/2011 16:58:20

VBASE016.VDF : 7.11.20.70 180224 Bytes 29/12/2011 19:51:13

VBASE017.VDF : 7.11.20.102 240640 Bytes 02/01/2012 12:20:57

VBASE018.VDF : 7.11.20.139 164864 Bytes 04/01/2012 09:37:55

VBASE019.VDF : 7.11.20.178 167424 Bytes 06/01/2012 09:51:41

VBASE020.VDF : 7.11.20.207 230400 Bytes 10/01/2012 06:46:35

VBASE021.VDF : 7.11.20.236 150528 Bytes 11/01/2012 17:20:47

VBASE022.VDF : 7.11.21.13 135168 Bytes 13/01/2012 13:20:27

VBASE023.VDF : 7.11.21.14 2048 Bytes 13/01/2012 13:20:27

VBASE024.VDF : 7.11.21.15 2048 Bytes 13/01/2012 13:20:27

VBASE025.VDF : 7.11.21.16 2048 Bytes 13/01/2012 13:20:27

VBASE026.VDF : 7.11.21.17 2048 Bytes 13/01/2012 13:20:27

VBASE027.VDF : 7.11.21.18 2048 Bytes 13/01/2012 13:20:27

VBASE028.VDF : 7.11.21.19 2048 Bytes 13/01/2012 13:20:28

VBASE029.VDF : 7.11.21.20 2048 Bytes 13/01/2012 13:20:28

VBASE030.VDF : 7.11.21.21 2048 Bytes 13/01/2012 13:20:28

VBASE031.VDF : 7.11.21.28 26112 Bytes 13/01/2012 16:18:41

Version du moteur : 8.2.8.26

AEVDF.DLL : 8.1.2.2 106868 Bytes 01/12/2011 17:01:56

AESCRIPT.DLL : 8.1.3.97 426363 Bytes 13/01/2012 02:00:29

AESCN.DLL : 8.1.7.2 127349 Bytes 01/09/2011 21:46:02

AESBX.DLL : 8.2.4.5 434549 Bytes 01/12/2011 15:48:34

AERDL.DLL : 8.1.9.15 639348 Bytes 08/09/2011 21:16:06

AEPACK.DLL : 8.2.15.1 770423 Bytes 15/12/2011 12:15:34

AEOFFICE.DLL : 8.1.2.25 201084 Bytes 30/12/2011 08:44:15

AEHEUR.DLL : 8.1.3.18 4297079 Bytes 13/01/2012 02:00:28

AEHELP.DLL : 8.1.18.0 254327 Bytes 01/12/2011 17:01:53

AEGEN.DLL : 8.1.5.17 405877 Bytes 15/12/2011 12:15:28

AEEMU.DLL : 8.1.3.0 393589 Bytes 01/09/2011 21:46:01

AECORE.DLL : 8.1.24.3 201079 Bytes 28/12/2011 13:47:31

AEBB.DLL : 8.1.1.0 53618 Bytes 01/09/2011 21:46:01

AVWINLL.DLL : 12.1.0.17 27856 Bytes 01/12/2011 17:02:02

AVPREF.DLL : 12.1.0.17 52432 Bytes 01/12/2011 17:01:59

AVREP.DLL : 12.1.0.17 179920 Bytes 01/12/2011 17:01:59

AVARKT.DLL : 12.1.0.19 208848 Bytes 01/12/2011 17:01:57

AVEVTLOG.DLL : 12.1.0.17 169680 Bytes 01/12/2011 17:01:58

SQLITE3.DLL : 3.7.0.0 398288 Bytes 01/12/2011 17:02:12

AVSMTP.DLL : 12.1.0.17 63440 Bytes 01/12/2011 17:02:00

NETNT.DLL : 12.1.0.17 17616 Bytes 01/12/2011 17:02:09

RCIMAGE.DLL : 12.1.0.13 4493520 Bytes 20/09/2011 00:36:18

RCTEXT.DLL : 12.1.0.16 99792 Bytes 27/09/2011 09:23:07

 

Configuration pour la recherche actuelle :

Nom de la tâche...............................: Contrôle intégral du système

Fichier de configuration......................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20120113-230935-1883102B.avp

Documentation.................................: par défaut

Action principale.............................: interactif

Action secondaire.............................: ignorer

Recherche sur les secteurs d'amorçage maître..: marche

Recherche sur les secteurs d'amorçage.........: marche

Secteurs d'amorçage...........................: C:, D:,

Recherche dans les programmes actifs..........: marche

Programmes en cours étendus...................: marche

Recherche en cours sur l'enregistrement.......: marche

Recherche de Rootkits.........................: marche

Contrôle d'intégrité de fichiers système......: marche

Fichier mode de recherche.....................: Tous les fichiers

Recherche sur les archives....................: marche

Limiter la profondeur de récursivité..........: 20

Archive Smart Extensions......................: marche

Heuristique de macrovirus.....................: marche

Heuristique fichier...........................: avancé

Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

 

Début de la recherche : samedi 14 janvier 2012 03:08

 

La recherche sur les secteurs d'amorçage maître commence :

Secteur d'amorçage maître HD0

[iNFO] Aucun virus trouvé !

 

La recherche sur les secteurs d'amorçage commence :

Secteur d'amorçage 'C:\'

[iNFO] Aucun virus trouvé !

Secteur d'amorçage 'D:\'

[iNFO] Aucun virus trouvé !

 

La recherche d'objets cachés commence.

Pilote caché

[REMARQUE] Une modification de la mémoire a été détectée, qui pourrait éventuellement être utilisée abusivement pour des accès fichiers cachés.

 

La recherche sur les processus démarrés commence :

Processus de recherche 'plugin-container.exe' - '74' module(s) sont contrôlés

Processus de recherche 'firefox.exe' - '131' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '21' module(s) sont contrôlés

Processus de recherche 'mscorsvw.exe' - '25' module(s) sont contrôlés

Processus de recherche 'ImApp.exe' - '105' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '30' module(s) sont contrôlés

Processus de recherche 'vssvc.exe' - '49' module(s) sont contrôlés

Processus de recherche 'avscan.exe' - '77' module(s) sont contrôlés

Processus de recherche 'taskeng.exe' - '47' module(s) sont contrôlés

Processus de recherche 'avscan.exe' - '29' module(s) sont contrôlés

Processus de recherche 'wmiprvse.exe' - '34' module(s) sont contrôlés

Processus de recherche 'spamihilator.exe' - '65' module(s) sont contrôlés

Processus de recherche 'IncMail.exe' - '148' module(s) sont contrôlés

Processus de recherche 'RocketDock.exe' - '32' module(s) sont contrôlés

Processus de recherche 'Rainlendar2.exe' - '55' module(s) sont contrôlés

Processus de recherche 'NicConfigSvc.exe' - '44' module(s) sont contrôlés

Processus de recherche 'Clavier.exe' - '21' module(s) sont contrôlés

Processus de recherche 'avgnt.exe' - '66' module(s) sont contrôlés

Processus de recherche 'SynTPEnh.exe' - '27' module(s) sont contrôlés

Processus de recherche 'WDSmartWareBackgroundService.exe' - '34' module(s) sont contrôlés

Processus de recherche 'WDDMService.exe' - '29' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés

Processus de recherche 'ReflectService.exe' - '31' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '43' module(s) sont contrôlés

Processus de recherche 'MSCamS32.exe' - '18' module(s) sont contrôlés

Processus de recherche 'AVWEBGRD.EXE' - '42' module(s) sont contrôlés

Processus de recherche 'avmailc.exe' - '36' module(s) sont contrôlés

Processus de recherche 'Explorer.EXE' - '110' module(s) sont contrôlés

Processus de recherche 'taskeng.exe' - '80' module(s) sont contrôlés

Processus de recherche 'Dwm.exe' - '32' module(s) sont contrôlés

Processus de recherche 'IMFsrv.exe' - '33' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '62' module(s) sont contrôlés

Processus de recherche 'sched.exe' - '56' module(s) sont contrôlés

Processus de recherche 'spoolsv.exe' - '85' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '88' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '64' module(s) sont contrôlés

Processus de recherche 'SLsvc.exe' - '23' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '37' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '144' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '97' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '64' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '39' module(s) sont contrôlés

Processus de recherche 'avshadow.exe' - '33' module(s) sont contrôlés

Processus de recherche 'avguard.exe' - '82' module(s) sont contrôlés

Processus de recherche 'ASCService.exe' - '44' module(s) sont contrôlés

Processus de recherche 'svchost.exe' - '40' module(s) sont contrôlés

Processus de recherche 'lsm.exe' - '32' module(s) sont contrôlés

Processus de recherche 'lsass.exe' - '60' module(s) sont contrôlés

Processus de recherche 'services.exe' - '39' module(s) sont contrôlés

Processus de recherche 'winlogon.exe' - '30' module(s) sont contrôlés

Processus de recherche 'wininit.exe' - '26' module(s) sont contrôlés

Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés

Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés

Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés

 

Début du contrôle des fichiers système :

Signé -> 'C:\Windows\system32\svchost.exe'

Signé -> 'C:\Windows\system32\winlogon.exe'

Signé -> 'C:\Windows\explorer.exe'

Signé -> 'C:\Windows\system32\smss.exe'

Signé -> 'C:\Windows\system32\wininet.DLL'

Signé -> 'C:\Windows\system32\wsock32.DLL'

Signé -> 'C:\Windows\system32\ws2_32.DLL'

Signé -> 'C:\Windows\system32\services.exe'

Signé -> 'C:\Windows\system32\lsass.exe'

Signé -> 'C:\Windows\system32\csrss.exe'

Signé -> 'C:\Windows\system32\drivers\kbdclass.sys'

Signé -> 'C:\Windows\system32\spoolsv.exe'

Signé -> 'C:\Windows\system32\alg.exe'

Signé -> 'C:\Windows\system32\wuauclt.exe'

Signé -> 'C:\Windows\system32\advapi32.DLL'

Signé -> 'C:\Windows\system32\user32.DLL'

Signé -> 'C:\Windows\system32\gdi32.DLL'

Signé -> 'C:\Windows\system32\kernel32.DLL'

Signé -> 'C:\Windows\system32\ntdll.DLL'

Signé -> 'C:\Windows\system32\ntoskrnl.exe'

Signé -> 'C:\Windows\system32\ctfmon.exe'

Les fichiers système ont été contrôlés ('21' fichiers)

 

La recherche sur les renvois aux fichiers exécutables (registre) commence :

Le registre a été contrôlé ( '3694' fichiers).

 

 

La recherche sur les fichiers sélectionnés commence :

 

Recherche débutant dans 'C:\' <T2 XPS 2007>

Recherche débutant dans 'D:\' <RECOVERY>

 

 

Fin de la recherche : samedi 14 janvier 2012 06:09

Temps nécessaire: 3:00:52 Heure(s)

 

La recherche a été effectuée intégralement

 

28550 Les répertoires ont été contrôlés

786524 Des fichiers ont été contrôlés

0 Des virus ou programmes indésirables ont été trouvés

0 Des fichiers ont été classés comme suspects

0 Des fichiers ont été supprimés

0 Des virus ou programmes indésirables ont été réparés

0 Les fichiers ont été déplacés dans la quarantaine

0 Les fichiers ont été renommés

0 Impossible de scanner des fichiers

786524 Fichiers non infectés

7439 Les archives ont été contrôlées

0 Avertissements

1 Consignes

783509 Des objets ont été contrôlés lors du Rootkitscan

1 Des objets cachés ont été trouvés

[titou56]

Malwarebytes Anti-Malware 1.60.0.1800

http://www.malwarebytes.org

 

Version de la base de données: v2012.01.13.02

 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 7.0.6002.18005

t2 nomad :: T2-XPS-M1710 [administrateur]

 

14/01/2012 08:16:19

mbam-log-2012-01-14 (08-16-19).txt

 

Type d'examen: Examen complet

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P

Options d'examen désactivées:

Elément(s) analysé(s): 295865

Temps écoulé: 3 heure(s), 7 minute(s),

 

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

 

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

 

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

 

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

 

Fichier(s) détecté(s): 0

(Aucun élément nuisible détecté)

 

(fin)

[Melvin_Deal]

All Dave will need is both of the DDS logs.

 

-Mel

 

Tous Dave aura besoin est à la fois des journaux de la DDS.

[titou56]

Hi Mel,

 

Is it OK ?

[Melvin_Deal]

Hi Titou!

 

It is good... I have notified Dave, we will await his advisement!:smile:

 

Sincerely,

-Mel

 

 

Il est bon ... J'ai avisé Dave, nous attendons son délibéré!

[titou56]

thank you for your attention and your patience !

 

Your french is really good :lol:

 

Very best regards

[titou56]

nothing found neither with... IMF pro

 

Hi friends :wink:

 

...IMF pro :

 

http://i44.tinypic.com/1vvk6.jpg

[titou56]

Following...

 

Hi friends :wink:

 

New boot : desktop empty !

 

I tried to verify the system files integrity :

 

In the Windows menu, All Programs, Accessories, right click on Command Prompt and Run as administrator.

A DOS window opens.

I typed sfc / scannow, Enter

 

"Starting the verification phase of system analysis.

The verification is complete ..% "

 

At the end of scan, a brief report was displayed in the window.

http://i43.tinypic.com/n3ngo7.jpg

 

As proposed, I reboot : nothing changed ! :-(

[titou56]

Here is the translation of the content of the window :

 

Windows Resource Protection found corrupt files but was unable to repair all. Details are included in the CBS.log.

Consequential amendments to the repair files sytems take effect the next system startup.

[Melvin_Deal]

Hi Titou!

 

There is no doubt some damage to your OS! Please wait for Dave's advisement as to whether or not some malware removal steps should be taken... please don't download and run any more diagnostic or repair tools until he advises as this will change what is reflected in your DDS logs! Your Macrium image may be corrupt as well! Please be patient... I'm sure Dave will post when he can... he is aware of your situation! :-D

 

Sincerely,

-Mel

 

Il ne fait aucun doute que certains des dommages à votre système d'exploitation! S'il vous plaît attendre délibéré Dave quant à savoir si ou non certaines mesures de suppression de malwares devraient être prises ... s'il vous plaît ne pas télécharger et exécuter des outils de diagnostic plus ou réparer jusqu'à ce qu'il conseille que cela va changer ce qui est reflété dans les journaux de votre DDS! Votre image Macrium peut-être corrompu aussi bien! S'il vous plaît être patient ... Je suis sûr que Dave message quand il le peut ... Il est conscient de votre situation!

[titou56]

Hi Mel :wink:

 

Ok, Mel : 5/5, I stop my personal search !

 

Cordialy, all the best

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please run a defrag on your harddrive.

 

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
  
• If this tool doesn´t fix the problem, please let me know.
  

****************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[titou56]

Done...

 

Hi SuperDave :wink:

 

Glad to meet you and thank you for your help.

 

Superantispyware didn't found anything...

Here is the combofix report :

 

At the boot : no icon on my desktop :sad:

by the way : what is this file on C disk root (PhysicalDisk0_mbr.bin) ?

 

 

 

ComboFix 12-01-15.01 - t2 nomad 16/01/2012 7:29.3.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1177 [GMT 1:00]

Lancé depuis: c:\users\t2 nomad\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-12-16 au 2012-01-16 ))))))))))))))))))))))))))))))))))))

.

.

2012-01-16 06:43 . 2012-01-16 06:43 -------- d-----w- c:\users\t2 nomad\AppData\Local\temp

2012-01-15 20:08 . 2012-01-15 20:08 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\SUPERAntiSpyware.com

2012-01-15 20:07 . 2012-01-15 20:08 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-01-15 20:07 . 2012-01-15 20:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-01-15 11:32 . 2012-01-15 11:32 -------- d-----w- c:\users\Default

2012-01-13 09:18 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-13 09:18 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-13 09:18 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-13 09:18 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-13 09:18 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-13 09:18 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-11 07:35 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-01-11 07:35 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-01-11 07:35 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 07:35 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-01-11 07:35 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-01-11 07:35 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 07:35 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll

2012-01-09 06:35 . 2012-01-09 06:35 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\Canneverbe Limited

2012-01-09 06:35 . 2012-01-09 06:35 -------- d-----w- c:\programdata\Canneverbe Limited

2012-01-07 16:08 . 2011-12-16 16:21 29016 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-01-07 16:08 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-01-06 05:01 . 2012-01-06 05:01 -------- d-----w- c:\programdata\UDL

2012-01-05 19:45 . 2012-01-06 06:18 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\Epson

2012-01-05 18:07 . 2012-01-05 18:15 -------- d-----w- c:\program files\Common Files\EPSON

2012-01-05 18:07 . 2012-01-05 18:03 8192 ----a-w- c:\windows\system32\E_DCINST.DLL

2012-01-05 18:06 . 2012-01-05 18:03 93696 ----a-w- c:\windows\system32\E_FLBHLE.DLL

2012-01-05 18:06 . 2012-01-05 18:03 63488 ----a-w- c:\windows\system32\E_FD4BHLE.DLL

2012-01-05 18:06 . 2012-01-06 04:38 -------- d-----w- c:\programdata\EPSON

2012-01-05 18:05 . 2011-08-09 23:00 341504 ----a-w- c:\windows\system32\esw2ud.dll

2012-01-05 18:05 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe

2012-01-05 18:05 . 2009-10-15 23:00 12800 ----a-w- c:\windows\system32\escdev.dll

2012-01-05 18:05 . 2012-01-06 14:19 -------- d-----w- c:\program files\epson

2012-01-03 09:46 . 2012-01-03 09:46 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\LOdev

2012-01-02 12:59 . 2012-01-14 08:23 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\AIMP3

2012-01-02 12:59 . 2012-01-06 06:08 -------- d-----w- c:\program files\AIMP3

2011-12-31 15:52 . 2011-12-31 15:52 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\SingularLabs

2011-12-24 15:12 . 2012-01-09 12:15 -------- d-----w- c:\program files\Emoticon

2011-12-22 21:30 . 2011-12-22 21:30 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\Druide

2011-12-22 21:28 . 2011-12-23 03:51 -------- d-----w- c:\program files\Druide

2011-12-22 16:11 . 2011-12-22 15:16 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-12-22 16:11 . 2011-12-22 15:16 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-12-22 16:11 . 2011-12-22 15:16 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-12-20 14:42 . 2011-12-20 14:42 -------- d-----w- c:\users\t2 nomad\AppData\Roaming\LibreOffice

2011-12-20 14:20 . 2011-12-20 14:23 -------- d-----w- c:\program files\LibreOffice 3.4

2011-12-20 10:29 . 2011-12-20 10:29 -------- d-----w- c:\users\t2 nomad\AppData\Local\Apps

2011-12-18 01:25 . 2011-11-17 17:06 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-15 00:41 . 2010-01-30 17:34 173880 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2011-12-10 14:24 . 2010-12-20 20:35 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-01 17:02 . 2011-12-15 12:00 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-12-01 17:02 . 2011-12-15 12:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2011-12-01 17:02 . 2011-12-15 12:00 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-11-23 13:37 . 2011-12-15 10:39 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-17 17:06 . 2010-04-15 13:53 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-11 08:07 . 2011-06-07 05:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-08 14:42 . 2011-12-15 10:39 2048 ----a-w- c:\windows\system32\tzres.dll

2011-10-27 08:01 . 2011-12-15 10:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01 . 2011-12-15 10:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-10-26 08:02 . 2011-10-26 08:02 389632 ----a-w- c:\windows\system32\html.iec

2011-10-26 08:02 . 2011-10-26 08:02 1383424 ----a-w- c:\windows\system32\mshtml.tlb

2011-10-26 08:02 . 2011-10-26 08:02 834048 ----a-w- c:\windows\system32\wininet.dll

2011-10-26 08:01 . 2011-10-26 08:01 502272 ----a-w- c:\windows\system32\usp10.dll

2011-10-26 07:59 . 2011-10-26 07:59 293376 ----a-w- c:\windows\system32\browserchoice.exe

2011-10-26 07:59 . 2011-10-26 07:59 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-10-25 15:56 . 2011-12-15 10:39 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-10-19 21:16 . 2011-08-15 20:40 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Clavier+"="c:\program files\Clavier+\Clavier.exe" [2011-11-26 101888]

"Rainlendar2"="c:\program files\rainlendar2\rainlendar2.exe" [2011-12-06 2442240]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"IncMail.exe"="c:\program files\incredimail\bin\incmail.exe" [2011-08-16 366024]

"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\synaptics\syntp\syntpenh.exe" [2006-11-20 815104]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]

.

c:\users\t2 nomad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Spamihilator.lnk - c:\program files\Spamihilator\spamihilator.exe [2011-11-7 1993728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]

backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^t2 nomad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GigaTribe.lnk]

backup=c:\windows\pss\GigaTribe.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanSoft OmniPage 16-reminder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]

2011-12-29 15:43 620376 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agentantidote.exe]

2011-12-03 12:50 942656 ----a-w- c:\program files\Druide\Antidote 7\Programmes32\agentantidote.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX235 Series]

2012-01-06 15:56 212480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIHLE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-02-16 15:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-02-16 14:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]

2011-12-08 01:33 935824 ----a-w- c:\program files\Samsung\Kies\KiesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2011-12-08 01:33 21392 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2011-12-08 01:33 3508624 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

2007-09-02 11:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]

2005-10-11 18:54 339968 ----a-w- c:\windows\vsnpstd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-09-30 11:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2546932419-2157123574-332354276-1000]

"EnableNotifications"=dword:00000001

"EnableNotificationsRef"=dword:00000007

.

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-29 497496]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contenu du dossier 'Tâches planifiées'

.

2010-12-15 c:\windows\Tasks\User_Feed_Synchronization-{C45EDA2C-562A-45C5-AA52-9E18065ECD97}.job

- c:\windows\system32\msfeedssync.exe [2008-03-22 22:33]

.

.

------- Examen supplémentaire -------

.

uStart Page =

mStart Page =

IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\t2 nomad\AppData\Roaming\Mozilla\Firefox\Profiles\6o4gbyrt.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.fr/nwshp?hl=fr&tab=wn

FF - prefs.js: keyword.URL - hxxp://www.yahoo.fr

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHELINS SUPPRIMES - - - -

.

MSConfigStartUp-EEventManager - c:\program files\Epson Software\Event Manager\EEventManager.exe

MSConfigStartUp-OpAgent - OpAgent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-16 07:43

Windows 6.0.6002 Service Pack 2 NTFS

.

Recherche de processus cachés ...

.

[0] 0x720C820C

.

Recherche d'éléments en démarrage automatique cachés ...

.

Recherche de fichiers cachés ...

.

Scan terminé avec succès

Fichiers cachés: 0

.

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

"Licence0"="04F0D21-79D8-7A25-D702-433F"

"v5Licence0"="15-ZJ8Y-USYV-Y93X-N2J6-PK4Z-ABRSTR9"

"Activated"="Y"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Heure de fin: 2012-01-16 07:50:03

ComboFix-quarantined-files.txt 2012-01-16 06:49

.

Avant-CF: 49 643 196 416 octets libres

Après-CF: 49 375 629 312 octets libres

.

- - End Of File - - 6FCC4C587E51DDA263CD1CD3BCF1F3D6

ComboFix.txt

[titou56]

...and this directory also in the root : "BOOT" ?

[titou56]

I just retrieved my icons disabling and reactivating `Display` right click on the desktop... :?

[titou56]

... and it seems it is stable now : after a boot my desk is ok and tray too...

 

4 windows updates have been installed but they are not noticed in the history of updates... ? I'am afraid that the updates of the net framework 4 continue to move in a loop ...

[Superdave]

what is this file on C disk root (PhysicalDisk0_mbr.bin) ?

It's a file associated with MBR(Master Boot Record) a vital part of your computer.

 

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    

  [*]At the bottom of the page

  • Hidden Objects Only << Selected
    

  [*]Click on the Create Log button on the bottom right.

  [*]After a few seconds a new window should appear.

  [*]Select Scan Root Drive. Click on the Start button.

  [*]When it is complete a new window will appear to indicate that the scan is finished.

  [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[titou56]

Hi SuperDave :wink:

 

here is the report :

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\a1gqyutq.SYS

Service Name: ---

Module Base: 887AB000

Module End: 887EB000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwCreateSymbolicLinkObject

Address: 8A9CBE9E

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwLoadDriver

Address: 8A9CBEA3

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenSection

Address: 8A9CBE99

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetSystemInformation

Address: 8A9CBEA8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwTerminateProcess

Address: 8A9CBE67

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Status: Access denied

[Superdave]

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[titou56]

after eset

 

Hi SuperDave :wink:

 

here is the result of Eset seach which takes about 5 hours : an suspicious file with Win32/Babylon... quarantined.

[titou56]

system auto boot after windows updates :

[titou56]

we can notice Net framework 4 updates are still there !

 

I haven't any MS Office 2007 product

[titou56]

And, again, somes updates to instal... the same ! grrrrr