Folyz
2012-08-13, 03:03
Hi,
I contracted the virus following: killsoft.v2008 I can not rid myself. Can you help me? I followed the steps in the FAQ. Here are the two .txt files
--------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Nathalie at 1:10:21 on 2012-08-13
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1063 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Packardbell\EcoBtn\EcoBtn.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Nathalie\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Nathalie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\Program Files\KC Softwares\SUMo\SUMo.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://startsear.ch/?aff=1
uDefault_Page_URL = hxxp://go.packardbell.com/?id=9136
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Akamai NetSession Interface] "c:\users\nathalie\appdata\local\akamai\netsession_win.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\nathalie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: compte.betclic.fr
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CDC62F8D-E739-4922-9435-28F85998B0D8} : DhcpNameServer = 192.168.1.1
AppInit_DLLs:
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nathalie\appdata\roaming\mozilla\firefox\profiles\pglf3u55.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\nathalie\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: http://forums.spybot.info/misc.php?do=email_dev&email=d3JjQGF2YXN0LmNvbQ== - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: RealPlayer Browser Record Plugin: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 20286392;20286392 Boot Guard Driver;c:\windows\system32\drivers\20286392.sys [2011-7-7 37392]
R1 20286391;20286391;c:\windows\system32\drivers\20286391.sys [2011-7-7 128016]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\nathalie\downloads\emsisoftemergencykit\run\a2ddax86.sys [2012-7-28 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-3 353688]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-4-7 7936]
R1 setup_9.0.0.722_07.07.2011_09-12drv;setup_9.0.0.722_07.07.2011_09-12drv;c:\windows\system32\drivers\2028639.sys [2011-7-7 311312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-3 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 44808]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-24 47640]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-7 90112]
R2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe [2012-8-12 111632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-10 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-10-22 54784]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-6-26 115312]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-7-18 3662848]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-15 27632]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-10-22 13976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 gupdate1c9f0eca683aff0;Service Google Update (gupdate1c9f0eca683aff0);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-7-26 76088]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-15 115752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-7-26 181432]
.
=============== Created Last 30 ================
.
2012-08-12 22:20:46 -------- d-----w- c:\program files\Oracle
2012-08-12 21:29:42 -------- d-----w- c:\program files\RelevantKnowledge
2012-08-12 21:29:38 -------- d-----w- c:\users\nathalie\appdata\roaming\KC Softwares
2012-08-12 21:27:04 -------- d-----w- c:\program files\KC Softwares
2012-08-12 20:26:41 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-12 17:30:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-12 17:30:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 05:31:26 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84ac69d3-e036-4723-ab01-92845b81f8c3}\mpengine.dll
2012-08-08 20:57:18 -------- d-----w- c:\users\nathalie\appdata\local\DDMSettings
2012-08-08 20:41:54 -------- d-----w- c:\program files\common files\DivX Shared
2012-08-08 20:40:12 -------- d-----w- c:\program files\DivX
2012-08-08 20:38:37 -------- d-----w- c:\programdata\DivX
2012-08-04 12:50:07 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-04 12:48:06 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-04 12:48:06 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-04 12:48:06 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-04 12:48:05 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-04 12:40:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-04 12:40:01 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-08-04 12:40:01 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-08-04 12:33:02 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-08-04 12:31:33 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-08-04 12:31:32 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-08-04 12:31:32 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-08-04 12:31:31 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-08-04 12:31:31 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-08-04 12:31:30 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-08-04 12:30:49 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-04 12:30:47 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-04 12:30:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-04 12:30:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-04 12:30:45 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-04 12:30:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-04 12:30:44 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-04 12:30:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 12:30:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-04 12:25:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 12:25:09 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 12:25:09 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 12:25:04 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-04 12:25:03 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-04 09:06:00 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-28 05:54:20 -------- d-----w- c:\program files\Safer Networking
2012-07-15 13:22:58 -------- d-----w- c:\program files\Advanced Fix 2012
2012-07-15 13:10:59 -------- d-----r- c:\users\nathalie\4Sync
2012-07-15 13:09:23 -------- d-----w- c:\programdata\4Sync
.
==================== Find3M ====================
.
2012-07-05 20:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-15 16:16:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:12:48,23 ===============
Please, thank you.
and here the file generate by aswMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 08:37:01
-----------------------------
08:37:01.511 OS Version: Windows 6.0.6002 Service Pack 2
08:37:01.511 Number of processors: 2 586 0x1706
08:37:01.511 ComputerName: PC-DE-NATHALIE UserName: Nathalie
08:37:38.307 Initialize success
08:37:39.292 AVAST engine defs: 12081201
08:41:58.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:41:58.665 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
08:41:58.675 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:41:58.680 Disk 1 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
08:41:58.708 Disk 0 MBR read successfully
08:41:58.714 Disk 0 MBR scan
08:41:58.722 Disk 0 Windows VISTA default MBR code
08:41:58.730 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
08:41:58.749 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226182 MB offset 25173855
08:41:58.764 Disk 0 scanning sectors +488395120
08:41:58.863 Disk 0 scanning C:\Windows\system32\drivers
08:42:21.497 Service scanning
08:42:55.004 Modules scanning
08:43:14.113 Disk 0 trace - called modules:
08:43:14.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
08:43:14.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a57ac8]
08:43:14.144 3 CLASSPNP.SYS[8bba68b3] -> nt!IofCallDriver -> [0x86978058]
08:43:14.144 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8694d028]
08:43:15.361 AVAST engine scan C:\Windows
08:43:21.690 AVAST engine scan C:\Windows\system32
08:48:17.467 AVAST engine scan C:\Windows\system32\drivers
08:48:43.146 AVAST engine scan C:\Users\Nathalie
08:55:10.113 Disk 0 MBR has been saved successfully to "C:\Users\Nathalie\Downloads\MBR.dat"
08:55:10.145 The log file has been saved successfully to "C:\Users\Nathalie\Downloads\aswMBR.txt"
I contracted the virus following: killsoft.v2008 I can not rid myself. Can you help me? I followed the steps in the FAQ. Here are the two .txt files
--------------------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Nathalie at 1:10:21 on 2012-08-13
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.3070.1063 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\Packardbell\EcoBtn\EcoBtn.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Nathalie\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\Nathalie\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\Program Files\KC Softwares\SUMo\SUMo.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Nathalie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://startsear.ch/?aff=1
uDefault_Page_URL = hxxp://go.packardbell.com/?id=9136
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Akamai NetSession Interface] "c:\users\nathalie\appdata\local\akamai\netsession_win.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\nathalie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: compte.betclic.fr
DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CDC62F8D-E739-4922-9435-28F85998B0D8} : DhcpNameServer = 192.168.1.1
AppInit_DLLs:
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nathalie\appdata\roaming\mozilla\firefox\profiles\pglf3u55.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=101&systemid=406&sr=0&q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\nathalie\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: avast! WebRep: http://forums.spybot.info/misc.php?do=email_dev&email=d3JjQGF2YXN0LmNvbQ== - c:\program files\alwil software\avast5\webrep\FF
FF - Ext: RealPlayer Browser Record Plugin: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 20286392;20286392 Boot Guard Driver;c:\windows\system32\drivers\20286392.sys [2011-7-7 37392]
R1 20286391;20286391;c:\windows\system32\drivers\20286391.sys [2011-7-7 128016]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\nathalie\downloads\emsisoftemergencykit\run\a2ddax86.sys [2012-7-28 17904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-3 353688]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-4-7 7936]
R1 setup_9.0.0.722_07.07.2011_09-12drv;setup_9.0.0.722_07.07.2011_09-12drv;c:\windows\system32\drivers\2028639.sys [2011-7-7 311312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-3 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-10 44808]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-4-24 47640]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-7 90112]
R2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe [2012-8-12 111632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-10 1153368]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-10-22 54784]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-6-26 115312]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-7-18 3662848]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-9-15 27632]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-10-22 13976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-4 63928]
S2 gupdate1c9f0eca683aff0;Service Google Update (gupdate1c9f0eca683aff0);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-7-26 76088]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-19 133104]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-9-15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-9-15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-9-15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-9-15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-9-15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-9-15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-9-15 115752]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-7-26 181432]
.
=============== Created Last 30 ================
.
2012-08-12 22:20:46 -------- d-----w- c:\program files\Oracle
2012-08-12 21:29:42 -------- d-----w- c:\program files\RelevantKnowledge
2012-08-12 21:29:38 -------- d-----w- c:\users\nathalie\appdata\roaming\KC Softwares
2012-08-12 21:27:04 -------- d-----w- c:\program files\KC Softwares
2012-08-12 20:26:41 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-12 17:30:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-12 17:30:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-09 05:31:26 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84ac69d3-e036-4723-ab01-92845b81f8c3}\mpengine.dll
2012-08-08 20:57:18 -------- d-----w- c:\users\nathalie\appdata\local\DDMSettings
2012-08-08 20:41:54 -------- d-----w- c:\program files\common files\DivX Shared
2012-08-08 20:40:12 -------- d-----w- c:\program files\DivX
2012-08-08 20:38:37 -------- d-----w- c:\programdata\DivX
2012-08-04 12:50:07 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-04 12:48:06 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-04 12:48:06 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-08-04 12:48:06 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-04 12:48:05 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-04 12:40:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-04 12:40:01 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-08-04 12:40:01 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-08-04 12:33:02 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-08-04 12:31:33 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-08-04 12:31:32 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-08-04 12:31:32 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-08-04 12:31:31 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-08-04 12:31:31 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-08-04 12:31:30 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-08-04 12:30:49 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-04 12:30:47 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-08-04 12:30:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-08-04 12:30:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-08-04 12:30:45 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-08-04 12:30:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-08-04 12:30:44 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-08-04 12:30:41 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-08-04 12:30:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-08-04 12:25:09 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-08-04 12:25:09 278528 ----a-w- c:\windows\system32\schannel.dll
2012-08-04 12:25:09 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-08-04 12:25:04 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-04 12:25:03 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-04 09:06:00 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-28 05:54:20 -------- d-----w- c:\program files\Safer Networking
2012-07-15 13:22:58 -------- d-----w- c:\program files\Advanced Fix 2012
2012-07-15 13:10:59 -------- d-----r- c:\users\nathalie\4Sync
2012-07-15 13:09:23 -------- d-----w- c:\programdata\4Sync
.
==================== Find3M ====================
.
2012-07-05 20:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr
2012-06-15 16:16:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 1:12:48,23 ===============
Please, thank you.
and here the file generate by aswMBR
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 08:37:01
-----------------------------
08:37:01.511 OS Version: Windows 6.0.6002 Service Pack 2
08:37:01.511 Number of processors: 2 586 0x1706
08:37:01.511 ComputerName: PC-DE-NATHALIE UserName: Nathalie
08:37:38.307 Initialize success
08:37:39.292 AVAST engine defs: 12081201
08:41:58.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:41:58.665 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
08:41:58.675 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
08:41:58.680 Disk 1 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
08:41:58.708 Disk 0 MBR read successfully
08:41:58.714 Disk 0 MBR scan
08:41:58.722 Disk 0 Windows VISTA default MBR code
08:41:58.730 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
08:41:58.749 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226182 MB offset 25173855
08:41:58.764 Disk 0 scanning sectors +488395120
08:41:58.863 Disk 0 scanning C:\Windows\system32\drivers
08:42:21.497 Service scanning
08:42:55.004 Modules scanning
08:43:14.113 Disk 0 trace - called modules:
08:43:14.144 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
08:43:14.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a57ac8]
08:43:14.144 3 CLASSPNP.SYS[8bba68b3] -> nt!IofCallDriver -> [0x86978058]
08:43:14.144 5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8694d028]
08:43:15.361 AVAST engine scan C:\Windows
08:43:21.690 AVAST engine scan C:\Windows\system32
08:48:17.467 AVAST engine scan C:\Windows\system32\drivers
08:48:43.146 AVAST engine scan C:\Users\Nathalie
08:55:10.113 Disk 0 MBR has been saved successfully to "C:\Users\Nathalie\Downloads\MBR.dat"
08:55:10.145 The log file has been saved successfully to "C:\Users\Nathalie\Downloads\aswMBR.txt"