PDA

View Full Version : Killsoft.V2008 Help please


Folyz
2012-08-13, 02:03
Hi,

I contracted the virus following: killsoft.v2008 I can not rid myself. Can you help me? I followed the steps in the FAQ. Here are the two .txt files

--------------------------


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Nathalie at 1:10:21 on 2012-08-13
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1063 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Packardbell\EcoBtn\EcoBtn.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Nathalie\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Nathalie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\Program Files\KC Softwares\SUMo\SUMo.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://startsear.ch/?aff=1
uDefault_Page_URL = hxxp://go.packardbell.com/?id=9136
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Akamai NetSession Interface] "c:\users\nathalie\appdata\local\akamai\netsession_win.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\nathalie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: compte.betclic.fr
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CDC62F8D-E739-4922-9435-28F85998B0D8} : DhcpNameServer = 192.168.1.1
AppInit_DLLs:
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nathalie\appdata\roaming\mozilla\firefox\profiles\pglf3u55.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\nathalie\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: http://forums.spybot.info/misc.php?do=email_dev&email=d3JjQGF2YXN0LmNvbQ== - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: RealPlayer Browser Record Plugin: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 20286392;20286392 Boot Guard Driver;c:\windows\system32\drivers\20286392.sys [2011-7-7 37392]
R1 20286391;20286391;c:\windows\system32\drivers\20286391.sys [2011-7-7 128016]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\nathalie\downloads\emsisoftemergencykit\run\a2ddax86.sys [2012-7-28 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-3 353688]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-4-7 7936]
R1 setup_9.0.0.722_07.07.2011_09-12drv;setup_9.0.0.722_07.07.2011_09-12drv;c:\windows\system32\drivers\2028639.sys [2011-7-7 311312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-3 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 44808]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-24 47640]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-7 90112]
R2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe [2012-8-12 111632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-10 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-10-22 54784]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-6-26 115312]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-7-18 3662848]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-15 27632]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-10-22 13976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 gupdate1c9f0eca683aff0;Service Google Update (gupdate1c9f0eca683aff0);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-7-26 76088]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-15 115752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-7-26 181432]
.
=============== Created Last 30 ================
.
2012-08-12 22:20:46 -------- d-----w- c:\program files\Oracle
2012-08-12 21:29:42 -------- d-----w- c:\program files\RelevantKnowledge
2012-08-12 21:29:38 -------- d-----w- c:\users\nathalie\appdata\roaming\KC Softwares
2012-08-12 21:27:04 -------- d-----w- c:\program files\KC Softwares
2012-08-12 20:26:41 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-12 17:30:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-12 17:30:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 05:31:26 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84ac69d3-e036-4723-ab01-92845b81f8c3}\mpengine.dll
2012-08-08 20:57:18 -------- d-----w- c:\users\nathalie\appdata\local\DDMSettings
2012-08-08 20:41:54 -------- d-----w- c:\program files\common files\DivX Shared
2012-08-08 20:40:12 -------- d-----w- c:\program files\DivX
2012-08-08 20:38:37 -------- d-----w- c:\programdata\DivX
2012-08-04 12:50:07 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-04 12:48:06 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-04 12:48:06 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-04 12:48:06 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-04 12:48:05 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-04 12:40:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-04 12:40:01 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-08-04 12:40:01 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-08-04 12:33:02 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-08-04 12:31:33 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-08-04 12:31:32 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-08-04 12:31:32 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-08-04 12:31:31 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-08-04 12:31:31 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-08-04 12:31:30 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-08-04 12:30:49 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-04 12:30:47 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-04 12:30:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-04 12:30:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-04 12:30:45 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-04 12:30:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-04 12:30:44 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-04 12:30:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 12:30:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-04 12:25:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 12:25:09 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 12:25:09 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 12:25:04 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-04 12:25:03 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-04 09:06:00 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-28 05:54:20 -------- d-----w- c:\program files\Safer Networking
2012-07-15 13:22:58 -------- d-----w- c:\program files\Advanced Fix 2012
2012-07-15 13:10:59 -------- d-----r- c:\users\nathalie\4Sync
2012-07-15 13:09:23 -------- d-----w- c:\programdata\4Sync
.
==================== Find3M ====================
.
2012-07-05 20:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-15 16:16:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:12:48,23 ===============


Please, thank you.

and here the file generate by aswMBR



aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 08:37:01
-----------------------------
08:37:01.511 OS Version: Windows 6.0.6002 Service Pack 2
08:37:01.511 Number of processors: 2 586 0x1706
08:37:01.511 ComputerName: PC-DE-NATHALIE UserName: Nathalie
08:37:38.307 Initialize success
08:37:39.292 AVAST engine defs: 12081201
08:41:58.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:41:58.665 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
08:41:58.675 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:41:58.680 Disk 1 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
08:41:58.708 Disk 0 MBR read successfully
08:41:58.714 Disk 0 MBR scan
08:41:58.722 Disk 0 Windows VISTA default MBR code
08:41:58.730 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
08:41:58.749 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226182 MB offset 25173855
08:41:58.764 Disk 0 scanning sectors +488395120
08:41:58.863 Disk 0 scanning C:\Windows\system32\drivers
08:42:21.497 Service scanning
08:42:55.004 Modules scanning
08:43:14.113 Disk 0 trace - called modules:
08:43:14.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
08:43:14.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a57ac8]
08:43:14.144 3 CLASSPNP.SYS[8bba68b3] -> nt!IofCallDriver -> [0x86978058]
08:43:14.144 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8694d028]
08:43:15.361 AVAST engine scan C:\Windows
08:43:21.690 AVAST engine scan C:\Windows\system32
08:48:17.467 AVAST engine scan C:\Windows\system32\drivers
08:48:43.146 AVAST engine scan C:\Users\Nathalie
08:55:10.113 Disk 0 MBR has been saved successfully to "C:\Users\Nathalie\Downloads\MBR.dat"
08:55:10.145 The log file has been saved successfully to "C:\Users\Nathalie\Downloads\aswMBR.txt"
ken545
2012-08-15, 00:40
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR



Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Folyz
2012-08-16, 16:48
Hi,

I download it, but it doesn't work.

please no one has got the same virus ???

help please.
ken545
2012-08-16, 18:11
Try it this way,

Go to Start > All Programs> Malwarebytes Antimalware > Tools > Malwarebytes Antimalware Chameleon and it will take you to this page
http://i24.photobucket.com/albums/c30/ken545/ChameleonPic.jpg

Then click on the first link to run Malwarebytes and if wont run try the next one until one of them runs

If you still cant get it to run than try running Combofix

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ken545
2012-08-19, 12:22
How are you coming along, have you run the tools I posted ?
ken545
2012-08-19, 12:25
You need to reply to this thread only by using the POST REPLY button and do not start any new threads.

I'm trying to help you but you dont seem like your following along to well, if your not to computer savvy than you may want to ask a friend that is that can follow along and help you
ken545
2012-08-21, 10:06
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.