Jump to content

Recommended Posts

hi,

i need some help(sorry for english, i'm french).

malwarebyte don't want to update. i cannot surf on the internet, although my connection is ok and i have a correct ip adress, on wifi or ethernet.

The PC is running Win Vista SP2 and is a HP pavillon

i followed your assistance procedure.

dds;txt content :

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19120

Run by famille brun at 13:15:24 on 2011-08-23

.

============== Running Processes ===============

.

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

c:\hp\HPEZBTN\HPBtnSrv.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\cspep\cspep.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files (x86)\Controle Parental\bin\OPTGui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\hp\kbd\kbd.exe

C:\Windows\SysWOW64\conime.exe

C:\Users\famille brun\Desktop\dds.com

C:\Windows\SysWOW64\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uWindow Title =

mWinlogon: Userinit=C:\Windows\system32\ezShellStart.exe,

BHO: Aide pour le lien d'Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_SF96B.tmp" /EF "HKCU"

uRun: [EPSON Stylus SX400 Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_SAD9D.tmp" /EF "HKCU"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun: [KBD] C:\HP\KBD\KbdStub.EXE

mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

mRun: [OPTENET_GUI] C:\PROGRA~2\CONTRO~1\bin\optgui.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce: [cspep.exe] "C:\Program Files (x86)\cspep\cspep.exe" -runonce

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_01\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

LSP: C:\Program Files (x86)\Controle Parental\bin\lsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{87129F8B-511B-4747-A1C1-06431A70056A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C3A1C949-5159-4A96-9705-6580B44078D9} : DhcpNameServer = 192.168.1.1

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe

mRun-x64: [KBD] C:\HP\KBD\KbdStub.EXE

mRun-x64: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"

mRun-x64: [OPTENET_GUI] C:\PROGRA~2\CONTRO~1\bin\optgui.exe

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRunOnce-x64: [cspep.exe] "C:\Program Files (x86)\cspep\cspep.exe" -runonce

SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? OPTENET_FILTER;Orange Contr“le Parental

R? PCAMp50a64;PCAMp50a64 NDIS Protocol Driver

R? PCAMPR4;PCAMPR4 NDIS Protocol Driver

R? PCANDIS4;PCANDIS4 NDIS Protocol Driver

R? PCASp50a64;PCASp50a64 NDIS Protocol Driver

R? PerfHost;H“te de DLL de compteur de performance

R? WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0

S? {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263}

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? ezSharedSvc;Easybits Shared Services for Windows

S? FontCache;Service de cache de police Windows

S? HPBtnSrv;HP Chasis Button Service

S? netr28x;Ralink 802.11n Wireless Driver for Windows Vista

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-08-23 10:49:02 -------- d-----w- C:\Users\famille brun\AppData\Local\{9506F2EB-F1F3-460F-9C7D-7DDFC5BC63C0}

2011-08-23 10:37:56 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4AC8308-723E-41A9-9025-E57F13C4AB81}\mpengine.dll

2011-08-23 10:01:02 -------- d-----w- C:\Users\famille brun\AppData\Local\{A39AA1D7-DBB9-4738-8124-F7682FF20978}

2011-08-23 09:53:28 -------- d-----w- C:\Program Files (x86)\Ad-Remover

2011-08-23 09:37:29 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-08-23 09:37:29 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-08-23 09:37:12 40112 ----a-w- C:\Windows\avastSS.scr

2011-08-23 09:36:58 -------- d-----w- C:\ProgramData\AVAST Software

2011-08-23 09:36:58 -------- d-----w- C:\Program Files\AVAST Software

2011-08-23 09:32:29 -------- d-----w- C:\Users\famille brun\AppData\Local\{4AEB3535-C024-4FF2-8F21-C7CA3CEE9A88}

2011-08-23 09:19:07 -------- d-----w- C:\Users\famille brun\AppData\Local\{1FDFE878-8987-4B56-83D9-0AD35827C337}

2011-08-23 09:12:46 -------- d-----w- C:\Windows\pss

2011-08-23 09:09:23 -------- d-----w- C:\Users\famille brun\AppData\Local\{2CD50236-6D1D-4F34-B336-1DEC320F86D1}

2011-08-22 16:27:32 -------- d-----w- C:\Program Files\CCleaner

2011-08-22 16:23:48 -------- d-----w- C:\Users\famille brun\AppData\Roaming\Malwarebytes

2011-08-22 16:23:40 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-22 16:23:39 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-22 16:23:37 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-22 16:23:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-22 16:17:44 -------- d-----w- C:\Users\famille brun\AppData\Local\{275A48D4-0600-446C-8607-6E7BFF2EC51A}

2011-08-18 19:06:51 -------- d-----w- C:\Users\famille brun\AppData\Local\{046B5834-ECB0-4984-8A25-2AC740C65AF9}

2011-08-16 16:23:38 -------- d-----w- C:\Users\famille brun\AppData\Local\{30A7943F-03D5-4F5C-B2FB-D30FA30A74A1}

2011-08-16 15:27:06 -------- d-----w- C:\Users\famille brun\AppData\Local\{590713A8-5C21-4DF9-A06A-705203A57A92}

2011-08-14 10:52:07 -------- d-----w- C:\Users\famille brun\AppData\Local\{764C1917-8400-4D46-9756-CD1D976AA46E}

2011-08-14 10:15:09 -------- d-----w- C:\Users\famille brun\AppData\Local\{DA62FF4A-6F41-466A-AC30-3BD3F474F664}

2011-08-14 01:30:06 -------- d-----w- C:\Users\famille brun\AppData\Local\{A92A717F-10E4-4DAE-A057-164EEAF68F8E}

2011-08-13 17:36:57 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-08-13 17:36:57 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-08-13 17:36:57 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-08-13 17:36:53 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-08-13 17:36:51 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-08-13 17:36:40 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-13 17:28:25 -------- d-----w- C:\Users\famille brun\AppData\Local\{522ADA1C-C9C2-4148-9ADD-00DA2CD19B27}

2011-08-02 17:31:13 -------- d-----w- C:\Users\famille brun\AppData\Local\{2A0310D5-4553-4EB9-99E7-B9A609D6D317}

2011-07-31 09:36:06 -------- d-----w- C:\Users\famille brun\AppData\Local\{D33A4EA0-7D4B-4A69-99E2-0062D434C050}

2011-07-26 15:57:50 -------- d-----w- C:\Users\famille brun\AppData\Local\{1F0FDBE8-33D8-486D-836C-1AA6224D49AF}

.

==================== Find3M ====================

.

2011-07-23 11:31:32 1147904 ----a-w- C:\Windows\System32\wininet.dll

2011-07-23 11:24:17 56832 ----a-w- C:\Windows\System32\licmgr10.dll

2011-07-23 11:23:51 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-07-23 11:23:30 132096 ----a-w- C:\Windows\System32\iesysprep.dll

2011-07-23 11:23:29 77312 ----a-w- C:\Windows\System32\iesetup.dll

2011-07-23 11:04:29 916480 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-07-23 11:00:05 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-07-23 10:59:52 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-07-23 10:59:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll

2011-07-23 10:59:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2011-07-23 10:31:39 479232 ----a-w- C:\Windows\System32\html.iec

2011-07-23 10:03:47 385024 ----a-w- C:\Windows\SysWow64\html.iec

2011-07-23 09:50:14 162816 ----a-w- C:\Windows\System32\ieUnatt.exe

2011-07-23 09:48:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-23 09:27:04 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2011-07-23 09:25:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 13:16:01,52 ===============

attach.zip

mbam-log-2011-08-23 (10-54-08).txt

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.