View Full Version : Click.Gifltoad - HijackerC
Hello,
I am stucked with this Click.Giftload and do not find any easy way to get rid of it (do not want to risk any hazardous manipulation either).
I found this forum 2 weeks ago and would be grateful if somebody could help me with this annoying thing...
Here the story in case it might help :
Previous config : Vista SP2 Pro - IE8.0
2-3 weeks ago, my system began to slow down drastically and IE wouldn't load a few pages (I am normally using Opera). CPU usage was always above 60% even as no program was running and memory load had doubled...
So, I ran Spybot S&D and it found this Hijacker. Removed it but nothing changed. Did a full scan with Avira which found iertutil.dll corrupted and placed it in quarantine.
I tried to replace the file from original CD but it did not have the same version nr. (?) Tried from the net : nothing to do.
I then downloaded IE9 and installed it but it was not better.
Ran a scan with MBAM : found 1 adware only.
Ran a scan with Spysweeper : found another adware (only).
I finally tried a repair from Windows recovery CD and it crashed the system.
So I took the opportunity to format the system partition and to downgrade Vista to XP Pro (had been thinking to do this for a few months anyway).
Everything was OK during the 2-3 first start up but then again Click.Giftload reappeared...
As I am using this laptop for business I can not stop working with it. So here is the way I am running it :
Immediately after log on I terminate the "explorer.exe" process from the task manager => new task => C:\windows\explorer.exe
And everything is running fine as long as I turn off the laptop in sleep mode except that IE7 is not starting any more (I do not use it anyway).
I can check that the system is running "normally" by the memory load of the 8 "svchost.exe" processes : if only one of them is going above 12Mb the system does not slow down and there is no problem to browse the net...
Can someone please help me to clean my system ? Thanks in advance.
Here is the last DDS log :
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Etienne at 15:00:24,54 on mar. 05/04/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3001.2139 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Etienne\Bureau\dds.scr
C:\Program Files\Avira\AntiVir Desktop\checkt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
mDefault_Page_URL = hxxp://global.acer.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search 2] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [AzMixerSel] "c:\program files\realtek\audio\installshield\AzMixerSel.exe"
mRun: [ePower_DMC] "c:\program files\acer\empowering technology\epower\ePower_DMC.exe"
mRun: [Boot] "c:\program files\acer\empowering technology\epower\Boot.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Talk] "c:\program files\nch swift sound\talk\talk.exe" -logon
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\fichiers communs\spba\homefus2.dll
Notify: WRNotifier - WRLogonNTF.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-14 11608]
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-21 201288]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-14 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-14 421032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 WebrootSpySweeperService;Moteur Webroot Spy Sweeper;c:\program files\spy sweeper\SpySweeper.exe [2006-1-25 3379264]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-14 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-16 1691480]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-21 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-7-21 40488]
.
=============== Created Last 30 ================
.
2011-04-04 13:51:52 -------- d-----w- c:\program files\MSECache
2011-03-31 16:43:40 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath Corporation
2011-03-31 16:43:33 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath
2011-03-31 16:43:00 -------- d-----w- c:\program files\CounterPath
2011-03-31 16:40:32 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-31 16:38:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-31 16:37:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-31 16:37:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-31 16:37:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-31 16:37:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-31 16:37:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-31 16:37:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-31 16:37:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-31 16:37:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-31 16:37:28 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-31 15:02:04 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
2011-03-31 15:01:47 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA1.DLL
2011-03-31 15:01:47 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA1.DLL
2011-03-31 15:01:46 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-03-29 14:09:06 282624 ----a-w- c:\program files\fichiers communs\installshield\updateservice\agent.exe
2011-03-29 14:06:22 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
2011-03-29 14:06:22 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-03-29 14:06:22 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
2011-03-29 14:06:22 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
2011-03-29 14:06:21 696320 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-03-29 14:06:21 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
2011-03-29 14:06:21 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-03-29 14:05:42 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-03-29 14:05:32 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-03-29 14:05:32 413696 ----a-w- c:\windows\system32\PICSDK.dll
2011-03-29 14:05:32 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-03-29 14:05:27 724992 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iKernel.dll
2011-03-29 14:05:27 69715 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\ctor.dll
2011-03-29 14:05:27 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2011-03-29 14:05:27 266240 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iscript.dll
2011-03-29 14:05:27 192512 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iuser.dll
2011-03-29 14:05:26 311428 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\Setup.dll
2011-03-29 14:05:26 184452 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iGdi.dll
2011-03-29 14:04:04 -------- d-----w- c:\program files\epson
2011-03-29 14:00:59 29696 ----a-w- c:\windows\system32\escwiab.dll
2011-03-29 14:00:58 33280 ----a-w- c:\windows\system32\esccm.dll
2011-03-29 14:00:58 27648 ----a-w- c:\windows\system32\escimg.dll
2011-03-29 14:00:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-29 14:00:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-24 11:49:13 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-23 12:36:12 22080 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-03-23 12:36:12 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
2011-03-23 12:36:12 20544 ----a-w- c:\windows\system32\drivers\SSFS0509.sys
2011-03-23 12:36:12 144960 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-03-23 12:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-03-23 12:34:13 -------- d-----w- c:\docume~1\etienne\applic~1\Webroot
2011-03-23 10:45:31 -------- d-----w- c:\program files\MSSOAP
2011-03-23 10:24:12 1563008 ----a-w- c:\windows\WRSetup.dll
2011-03-23 09:50:39 102912 ----a-w- c:\windows\system32\islzma.dll
2011-03-23 09:50:29 -------- d-----w- c:\program files\Spy Sweeper
2011-03-22 22:13:24 -------- d-----w- c:\docume~1\etienne\applic~1\Malwarebytes
2011-03-22 10:15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-22 10:15:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-21 23:03:19 -------- d-----w- c:\windows\pss
2011-03-21 17:02:58 -------- d-----w- c:\program files\GhostScript
2011-03-21 16:19:45 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2011-03-19 12:17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-03-16 18:32:44 327168 ----a-w- c:\windows\IsUn040c.exe
2011-03-16 12:06:25 359016 ----a-w- c:\windows\vncutil.exe
2011-03-16 12:06:21 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-16 12:06:21 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-03-16 12:06:20 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-03-16 12:06:18 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-03-16 11:34:34 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2011-03-16 11:34:34 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2011-03-16 11:17:05 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-03-14 21:32:20 199176 ----a-w- c:\windows\GVUni.exe
2011-03-14 21:32:19 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2011-03-14 21:32:19 207368 ----a-w- c:\windows\UNINST32.EXE
2011-03-14 21:32:19 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-03-14 21:31:50 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-03-14 21:31:50 380928 ----a-w- c:\windows\AcerStore.exe
2011-03-14 21:31:20 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2011-03-14 21:31:20 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-03-14 21:31:20 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-03-14 21:31:19 -------- d-----w- c:\windows\WLAN
2011-03-14 21:30:32 -------- d-----w- c:\windows\VGA
2011-03-14 21:30:24 147456 ----a-w- c:\windows\PLAUNCH.EXE
2011-03-14 21:30:23 -------- d-----w- c:\windows\Lan
2011-03-14 18:17:49 -------- d-----w- C:\TMP
2011-03-14 18:16:40 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
2011-03-14 18:16:32 -------- d-----w- c:\program files\Common Files
2011-03-14 18:16:13 -------- d-----w- c:\program files\Data-Concept
2011-03-14 18:15:56 304128 ----a-w- c:\windows\unin040c.exe
2011-03-14 18:15:52 -------- d-----w- c:\documents and settings\etienne\WINDOWS
2011-03-14 18:09:33 -------- d-----w- c:\program files\PowerArchiver
2011-03-14 18:02:57 -------- d-----w- c:\docume~1\etienne\applic~1\XnView
2011-03-14 18:02:32 -------- d-----w- c:\program files\XnView
2011-03-14 18:00:06 -------- d-----w- c:\program files\VideoLAN
2011-03-14 17:56:01 -------- d-----w- c:\program files\NK2View
2011-03-14 17:52:49 -------- d-----w- c:\program files\Kyocera
2011-03-14 17:51:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-14 17:51:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-14 17:47:59 100580 ------w- c:\windows\system32\KMPJLMN.DLL
2011-03-14 17:47:52 46877 ------w- c:\windows\system32\KM-PMKN.DLL
2011-03-14 17:37:22 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-14 17:37:19 -------- d-----w- c:\windows\PrimoPDF
2011-03-14 17:37:19 -------- d-----w- c:\program files\PrimoPDF
2011-03-14 17:36:40 -------- d-----w- c:\program files\Unlocker
2011-03-14 16:21:42 -------- d-----w- c:\program files\NCH Swift Sound
2011-03-14 16:14:19 -------- d-----r- c:\program files\Skype
2011-03-14 15:47:20 -------- d-----w- c:\docume~1\etienne\applic~1\Avira
2011-03-14 15:37:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-03-14 15:37:02 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-03-14 15:35:50 -------- d-----w- c:\windows\SHELLNEW
2011-03-14 14:57:15 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Opera
2011-03-14 14:49:05 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Copernic
2011-03-14 14:48:49 -------- d-----w- c:\program files\Copernic Desktop Search 2
2011-03-14 14:47:53 -------- d-----w- c:\program files\CCleaner
2011-03-14 14:42:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-14 14:42:51 -------- d-----w- c:\program files\Avira
2011-03-14 14:42:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-03-14 14:23:00 -------- d-----w- c:\program files\Acer Inc
2011-03-14 14:09:33 -------- d-----w- c:\program files\Launch Manager
2011-03-14 14:08:47 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2011-03-14 14:08:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2011-03-14 14:08:28 -------- d-----w- c:\program files\fichiers communs\InterVideo
2011-03-14 14:08:27 -------- d-----w- c:\program files\fichiers communs\Protexis
2011-03-14 14:06:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-03-14 14:06:51 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-03-14 14:06:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-14 14:06:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-14 14:06:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2011-03-14 14:05:56 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-03-14 14:05:56 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-03-14 14:05:56 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-03-14 14:05:56 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-03-14 14:05:16 69632 ----a-w- c:\windows\system32\eRecUtil.dll
2011-03-14 14:05:16 24576 ----a-w- c:\windows\system32\SysMonitor.exe
2011-03-14 14:05:14 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-03-14 13:58:54 24578845 ----a-w- c:\windows\system32\acer.exe
2011-03-14 13:58:52 36909056 ----a-w- c:\windows\system32\acer.scr
2011-03-14 13:58:47 -------- d-----w- c:\program files\Acer Incorporated
2011-03-14 13:58:26 -------- d-----w- c:\windows\ACER
2011-03-14 13:58:08 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-03-14 13:56:54 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2011-03-14 13:56:54 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2011-03-14 13:56:41 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2011-03-14 13:56:40 5632 ----a-w- c:\windows\system32\biologon.dll
2011-03-14 13:56:32 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2011-03-14 13:56:32 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
2011-03-14 13:56:32 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-03-14 13:56:27 1468928 ----a-w- c:\windows\system32\bsapi.dll
2011-03-14 13:56:26 -------- d-----w- c:\program files\Acer
2011-03-14 13:56:16 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys
2011-03-14 13:56:08 -------- d-----w- c:\program files\fichiers communs\SPBA
2011-03-14 13:53:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-03-14 13:52:29 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2011-03-14 13:52:29 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-14 13:52:29 108032 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2011-03-14 13:52:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-03-14 13:52:27 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-03-14 13:52:27 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-03-14 13:52:26 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-03-14 13:52:26 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-03-14 13:52:26 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-03-14 13:52:25 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
2011-03-14 13:52:25 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2011-03-14 13:52:25 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-03-14 12:37:41 -------- d-----w- c:\windows\system32\LogFiles
2011-03-14 12:35:18 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-14 12:35:14 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-03-14 12:35:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-03-14 12:35:13 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-03-14 12:35:13 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-03-14 12:35:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-03-14 12:35:12 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-03-14 12:35:12 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-03-14 12:35:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-03-14 12:35:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-14 12:34:50 -------- d-----w- c:\program files\CONEXANT
2011-03-14 12:34:29 -------- d-----w- c:\windows\system32\RTCOM
.
==================== Find3M ====================
.
2011-02-17 13:02:04 20029032 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-09 14:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Hitachi_ rev.FB2O -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A216439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a21c7d0]; MOV EAX, [0x8a21c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8A23F030]
3 CLASSPNP[0xBA1A8FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> [0x8ABC8B80]
\Driver\iaStor[0x8ABDC888] -> IRP_MJ_CREATE -> 0x8A216439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543216L9A300_________________FB2OC40C#4&31843f9c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 15:01:43,03 ===============
Hi,
Please post attach.txt part too.
Hi,
Here is the file...
Thanks a lot for your time..
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 14/03/2011 14:39:39
System Uptime: 5/04/2011 11:15:48 (4 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 44,483 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 52,89 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 14/03/2011 14:39:45 - Point de vérification système
RP2: 14/03/2011 14:55:28 - Installé Acer Crystal Eye Webcam Video Class Camera
RP3: 14/03/2011 14:55:49 - Installé Acer Crystal Eye Webcam 2.0.8.4
RP4: 14/03/2011 14:57:36 - Installé Realtek High Definition Audio Driver
RP5: 14/03/2011 14:58:25 - Installed Acer ScreenSaver
RP6: 14/03/2011 15:02:37 - Removed 2007 Microsoft Office system
RP7: 14/03/2011 15:05:08 - Installé Acer Empowering Technology
RP8: 14/03/2011 15:05:56 - Installé Acer ePower Management
RP9: 14/03/2011 15:06:28 - Installé eSobi v2
RP10: 14/03/2011 15:42:51 - Avira AntiVir Premium - 14/03/2011 15:41
RP11: 14/03/2011 16:14:06 - 2011.03.14 Après réinstall
RP12: 14/03/2011 16:35:39 - Installé Microsoft Office Professional Edition 2003
RP13: 14/03/2011 16:45:15 - Pilote d'imprimante Microsoft Office Document Image Wr installé
RP14: 14/03/2011 16:53:55 - Installed Microsoft Outlook Personal Folders Backup
RP15: 14/03/2011 18:29:26 - 20110314 Après install MSOFFICE 2003 SP3
RP16: 14/03/2011 18:37:28 - Pilote d'imprimante PrimoPDF installé
RP17: 14/03/2011 18:53:01 - Pilote d'imprimante Kyocera FS-920 KX installé
RP18: 15/03/2011 20:00:38 - Point de vérification système
RP19: 16/03/2011 13:06:17 - Installé Realtek High Definition Audio Driver
RP20: 16/03/2011 14:32:02 - Installation finale av. Outlook OK
RP21: 17/03/2011 21:15:47 - Point de vérification système
RP22: 19/03/2011 14:28:49 - Point de vérification système
RP23: 21/03/2011 14:26:40 - Point de vérification système
RP24: 22/03/2011 20:59:23 - Point de vérification système
RP25: 23/03/2011 23:06:54 - Point de vérification système
RP26: 24/03/2011 0:53:54 - Supprimé Activation Assistant for the 2007 Microsoft Office suites
RP27: 25/03/2011 19:21:00 - Point de vérification système
RP28: 27/03/2011 15:26:38 - Point de vérification système
RP29: 28/03/2011 20:50:20 - Point de vérification système
RP30: 29/03/2011 16:05:32 - Installé EPSON EasyPrintModule
RP31: 29/03/2011 16:05:40 - Installé ABBYY FineReader 5.0 Sprint Plus
RP32: 29/03/2011 16:07:58 - Installed EPSON Attach To Email
RP33: 29/03/2011 16:08:27 - Installed EPSON Send To Web
RP34: 29/03/2011 16:09:05 - Installé EPSON Image Clip Palette
RP35: 29/03/2011 16:09:43 - Installé EPSON Event Manager
RP36: 29/03/2011 16:10:20 - Installé EPSON Scan Assistant
RP37: 29/03/2011 16:10:53 - Installé EPSON File Manager
RP38: 29/03/2011 16:10:57 - Installé EPSON File Manager
RP39: 30/03/2011 20:12:01 - Point de vérification système
RP40: 31/03/2011 18:37:36 - Installed Windows KB954550-v5.
RP41: 31/03/2011 18:37:44 - Pilote d'imprimante Microsoft XPS Document Writer installé
RP42: 31/03/2011 18:37:53 - Pilote d'imprimante Microsoft XPS Document Writer installé
RP43: 31/03/2011 18:40:32 - Installed %1 %2.
RP44: 31/03/2011 18:43:00 - Installed X-Lite 4
RP45: 1/04/2011 21:18:50 - Point de vérification système
RP46: 4/04/2011 14:00:30 - Point de vérification système
RP47: 4/04/2011 15:52:01 - Installé Module de compatibilité pour Microsoft Office System 2007
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint Plus
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.8.4
Acer Crystal Eye Webcam Video Class Camera
Acer Empowering Technology
Acer ePower Management
Acer GridVista
Acer ScreenSaver
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.0
ALPS Touch Pad Driver
Analyseur MSXML 6.0
Avira AntiVir Premium
Broadcom Gigabit Integrated Controller
Canon iP4700 series Printer Driver
CCleaner
Copernic Desktop Search 2
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Image Clip Palette
EPSON Scan
EPSON Scan Assistant
EPSON Send To Web
ERUNT 1.1j
Express Talk
Fastworks- Desktop
Fastworks-Entreprise
Fichiers de prise en charge de l'installation de Microsoft SQL*Server (Français)
GPL Ghostscript 9.01
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Kyocera Product Library
Launch Manager
LightScribe 1.4.142.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Outlook Personal Folders Backup
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951978)
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver (x86)
Opera 11.01
PERF4990P Guide de référence
PowerArchiver
PrimoPDF
PrimoPDF Redistribution Package
Realtek High Definition Audio Driver
Skype™ 5.1
SPBA 5.8
Spy Sweeper
Spybot - Search & Destroy
Unlocker 1.8.8
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
X-Lite 4
XML Paper Specification Shared Components Language Pack 1.0
XnView 1.97.8
.
==== End Of File ===========================
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Hello again,
Scan done. My laptop refused to reboot from the "reboot now" button of TDSS. I had to do it manually and it took a while...
The computer is now running extremely slowly and Opera takes an eternity to load pages !
Even switching between applications windows seems to freeze the OS...
By the way, the scheduled scan task of Avira found 3 Trojans yesterday among which 1 in ntuser.dat
I haven't done anything (nor quarantine, nor repair) waiting for your advice. I attach the Avira report for your information, just in case.
Here is the TDSS log file.
Thanks
2011/04/09 20:25:59.0531 6252 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 20:26:00.0890 6252 ================================================================================
2011/04/09 20:26:00.0890 6252 SystemInfo:
2011/04/09 20:26:00.0890 6252
2011/04/09 20:26:00.0890 6252 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/09 20:26:00.0890 6252 Product type: Workstation
2011/04/09 20:26:00.0890 6252 ComputerName: ACER_TM5730
2011/04/09 20:26:00.0890 6252 UserName: Etienne
2011/04/09 20:26:00.0890 6252 Windows directory: C:\WINDOWS
2011/04/09 20:26:00.0890 6252 System windows directory: C:\WINDOWS
2011/04/09 20:26:00.0890 6252 Processor architecture: Intel x86
2011/04/09 20:26:00.0890 6252 Number of processors: 2
2011/04/09 20:26:00.0890 6252 Page size: 0x1000
2011/04/09 20:26:00.0890 6252 Boot type: Normal boot
2011/04/09 20:26:00.0890 6252 ================================================================================
2011/04/09 20:26:02.0140 6252 Initialize success
2011/04/09 20:26:12.0687 5868 ================================================================================
2011/04/09 20:26:12.0687 5868 Scan started
2011/04/09 20:26:12.0687 5868 Mode: Manual;
2011/04/09 20:26:12.0687 5868 ================================================================================
2011/04/09 20:26:13.0546 5868 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/09 20:26:13.0562 5868 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/09 20:26:13.0578 5868 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/04/09 20:26:13.0609 5868 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/09 20:26:13.0656 5868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/09 20:26:13.0843 5868 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys
2011/04/09 20:26:13.0906 5868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/09 20:26:13.0921 5868 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/09 20:26:13.0937 5868 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/09 20:26:13.0953 5868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/09 20:26:13.0968 5868 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/09 20:26:13.0984 5868 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/09 20:26:14.0000 5868 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/09 20:26:14.0093 5868 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/04/09 20:26:14.0343 5868 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/09 20:26:14.0359 5868 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/09 20:26:14.0406 5868 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/09 20:26:14.0437 5868 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/09 20:26:14.0453 5868 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/09 20:26:14.0468 5868 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/09 20:26:14.0515 5868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/09 20:26:14.0656 5868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/09 20:26:14.0703 5868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/09 20:26:14.0765 5868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/09 20:26:14.0859 5868 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/09 20:26:14.0953 5868 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/09 20:26:14.0968 5868 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/09 20:26:15.0078 5868 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/09 20:26:15.0156 5868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/09 20:26:15.0218 5868 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/09 20:26:15.0296 5868 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/04/09 20:26:15.0359 5868 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/09 20:26:15.0421 5868 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/09 20:26:15.0531 5868 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/09 20:26:15.0593 5868 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/04/09 20:26:15.0718 5868 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/09 20:26:15.0750 5868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/09 20:26:15.0781 5868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/09 20:26:15.0828 5868 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/09 20:26:15.0859 5868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/09 20:26:15.0968 5868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/09 20:26:16.0015 5868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/09 20:26:16.0078 5868 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/09 20:26:16.0109 5868 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/09 20:26:16.0125 5868 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/09 20:26:16.0156 5868 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/09 20:26:16.0171 5868 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/09 20:26:16.0187 5868 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/09 20:26:16.0218 5868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/09 20:26:16.0265 5868 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/09 20:26:16.0421 5868 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/09 20:26:16.0437 5868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/09 20:26:16.0484 5868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/09 20:26:16.0531 5868 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/09 20:26:16.0546 5868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/09 20:26:16.0703 5868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/09 20:26:16.0781 5868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/09 20:26:16.0812 5868 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/09 20:26:16.0968 5868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/09 20:26:17.0015 5868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/09 20:26:17.0062 5868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/09 20:26:17.0093 5868 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/09 20:26:17.0218 5868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/09 20:26:17.0296 5868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/09 20:26:17.0343 5868 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/09 20:26:17.0500 5868 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/09 20:26:17.0531 5868 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/04/09 20:26:17.0609 5868 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/04/09 20:26:17.0765 5868 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/09 20:26:17.0828 5868 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/09 20:26:17.0984 5868 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/09 20:26:18.0031 5868 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/09 20:26:18.0250 5868 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/04/09 20:26:18.0578 5868 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/04/09 20:26:18.0609 5868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/09 20:26:18.0640 5868 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/09 20:26:18.0875 5868 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/09 20:26:19.0031 5868 IntcHdmiAddService (331244286fa249f2456e6d78fda4a93e) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/04/09 20:26:19.0078 5868 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/09 20:26:19.0109 5868 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/09 20:26:19.0250 5868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/09 20:26:19.0312 5868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/09 20:26:19.0359 5868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/09 20:26:19.0500 5868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/09 20:26:19.0578 5868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/09 20:26:19.0640 5868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/09 20:26:19.0765 5868 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/09 20:26:19.0796 5868 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/09 20:26:19.0843 5868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/09 20:26:20.0015 5868 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/09 20:26:20.0109 5868 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/09 20:26:20.0156 5868 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/04/09 20:26:20.0296 5868 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/04/09 20:26:20.0359 5868 mfehidk (f85cd2b918202b7ee49757c361c7eac2) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/04/09 20:26:20.0406 5868 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/04/09 20:26:20.0531 5868 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/04/09 20:26:20.0578 5868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/09 20:26:20.0625 5868 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/09 20:26:20.0718 5868 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/04/09 20:26:20.0890 5868 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/09 20:26:20.0937 5868 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/09 20:26:21.0000 5868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/09 20:26:21.0093 5868 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/09 20:26:21.0109 5868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/09 20:26:21.0140 5868 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/09 20:26:21.0171 5868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/09 20:26:21.0203 5868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/09 20:26:21.0250 5868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/09 20:26:21.0359 5868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/09 20:26:21.0406 5868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/09 20:26:21.0437 5868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/09 20:26:21.0500 5868 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/09 20:26:21.0609 5868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/09 20:26:21.0671 5868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/09 20:26:21.0687 5868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/09 20:26:21.0734 5868 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/09 20:26:21.0859 5868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/09 20:26:21.0890 5868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/09 20:26:21.0968 5868 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/09 20:26:22.0078 5868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/09 20:26:22.0109 5868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/09 20:26:22.0281 5868 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/04/09 20:26:22.0562 5868 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/09 20:26:22.0625 5868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/09 20:26:22.0656 5868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/09 20:26:22.0781 5868 NTIDrvr (5535174933a08bb8f1cee26dffb930e4) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/04/09 20:26:22.0843 5868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/09 20:26:22.0890 5868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/09 20:26:23.0046 5868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/09 20:26:23.0109 5868 O2MDRDR (f1072a203fb1e246be62d736a5b88dfd) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/04/09 20:26:23.0125 5868 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/04/09 20:26:23.0171 5868 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/09 20:26:23.0250 5868 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/04/09 20:26:23.0281 5868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/09 20:26:23.0296 5868 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/09 20:26:23.0328 5868 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/09 20:26:23.0359 5868 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/09 20:26:23.0375 5868 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/09 20:26:23.0453 5868 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/09 20:26:23.0468 5868 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/09 20:26:23.0515 5868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/09 20:26:23.0656 5868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/09 20:26:23.0687 5868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/09 20:26:23.0750 5868 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/09 20:26:23.0765 5868 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/09 20:26:23.0781 5868 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/09 20:26:23.0796 5868 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/09 20:26:23.0812 5868 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/09 20:26:23.0843 5868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/09 20:26:24.0015 5868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/09 20:26:24.0062 5868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/09 20:26:24.0109 5868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/09 20:26:24.0250 5868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/09 20:26:24.0281 5868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/09 20:26:24.0343 5868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/09 20:26:24.0375 5868 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/09 20:26:24.0515 5868 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/09 20:26:24.0578 5868 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/09 20:26:24.0640 5868 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/09 20:26:24.0765 5868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/09 20:26:24.0828 5868 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/04/09 20:26:24.0890 5868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/09 20:26:25.0109 5868 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/09 20:26:25.0140 5868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/09 20:26:25.0171 5868 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/09 20:26:25.0203 5868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/09 20:26:25.0343 5868 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/09 20:26:25.0359 5868 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/09 20:26:25.0406 5868 SSFS0509 (e4c3b3a14fb2abf5ce1ff05418ba73c1) C:\WINDOWS\system32\Drivers\SSFS0509.SYS
2011/04/09 20:26:25.0421 5868 SSHRMD (251141fd898c0ef76976f51d39ea881d) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
2011/04/09 20:26:25.0437 5868 SSIDRV (339e268e1f0df8868045977ccca6391f) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
2011/04/09 20:26:25.0468 5868 SSKBFD (ca85b64bc98ababdd858143933b6fd4e) C:\WINDOWS\system32\Drivers\sskbfd.sys
2011/04/09 20:26:25.0531 5868 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/09 20:26:25.0656 5868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/09 20:26:25.0718 5868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/09 20:26:25.0765 5868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/09 20:26:25.0906 5868 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/09 20:26:25.0921 5868 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/09 20:26:25.0968 5868 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/09 20:26:25.0984 5868 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/09 20:26:26.0015 5868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/09 20:26:26.0125 5868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/09 20:26:26.0250 5868 TcUsb (72b9e77565da5fa564581976e000d29b) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/04/09 20:26:26.0328 5868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/09 20:26:26.0375 5868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/09 20:26:26.0468 5868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/09 20:26:26.0562 5868 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/09 20:26:26.0687 5868 TpChoice (3afff25eae28188fa4ecd292658be31b) C:\WINDOWS\system32\DRIVERS\TpChoice.sys
2011/04/09 20:26:26.0734 5868 UBHelper (5e3966a0d9b57531264fc0c835021fa1) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/04/09 20:26:26.0765 5868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/09 20:26:26.0796 5868 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/09 20:26:26.0875 5868 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/04/09 20:26:27.0015 5868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/09 20:26:27.0109 5868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/09 20:26:27.0218 5868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/09 20:26:27.0296 5868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/09 20:26:27.0375 5868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/09 20:26:27.0500 5868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/09 20:26:27.0562 5868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/09 20:26:27.0640 5868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/09 20:26:27.0703 5868 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/04/09 20:26:27.0796 5868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/09 20:26:27.0875 5868 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/09 20:26:27.0921 5868 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/09 20:26:27.0937 5868 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/09 20:26:27.0968 5868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/09 20:26:28.0000 5868 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/09 20:26:28.0187 5868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/09 20:26:28.0250 5868 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/09 20:26:28.0437 5868 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/04/09 20:26:28.0468 5868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/09 20:26:28.0531 5868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/09 20:26:28.0593 5868 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/09 20:26:28.0609 5868 ================================================================================
2011/04/09 20:26:28.0609 5868 Scan finished
2011/04/09 20:26:28.0609 5868 ================================================================================
2011/04/09 20:26:28.0625 6160 Detected object count: 1
2011/04/09 20:27:00.0046 6160 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/09 20:27:00.0046 6160 \HardDisk0 - ok
2011/04/09 20:27:00.0046 6160 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/09 20:28:36.0359 0276 Deinitialize success
Sorry...
Unable to attach anything to my previous reply (??)
Here is a copy of the Avira scan report in case it would help...
See "Recherche débutant dans 'C:\' <ACER>" (in French) near the end.
Txs
Avira AntiVir Premium
Date de création du fichier de rapport : vendredi 8 avril 2011 13:00
La recherche porte sur 2534339 souches de virus.
Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.
Détenteur de la licence : Etienne *****
Numéro de série : *******-PEPWE-0000001
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : ACER_TM5730
Informations de version :
BUILD.DAT : 10.0.0.104 35932 Bytes 07/03/2011 14:25:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 14/03/2011 14:40:38
AVSCAN.DLL : 10.0.3.0 56168 Bytes 14/03/2011 14:40:37
LUKE.DLL : 10.0.3.2 104296 Bytes 14/03/2011 14:40:47
LUKERES.DLL : 10.0.0.0 13672 Bytes 14/03/2011 14:40:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:40:12
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:40:24
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 14:40:25
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 11:16:37
VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 11:16:37
VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 11:16:37
VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 11:16:37
VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 11:16:37
VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 11:16:37
VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 11:16:37
VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 11:16:37
VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 11:16:37
VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 11:16:37
VBASE013.VDF : 7.11.5.235 2048 Bytes 07/04/2011 11:16:37
VBASE014.VDF : 7.11.5.236 2048 Bytes 07/04/2011 11:16:37
VBASE015.VDF : 7.11.5.237 2048 Bytes 07/04/2011 11:16:37
VBASE016.VDF : 7.11.5.238 2048 Bytes 07/04/2011 11:16:37
VBASE017.VDF : 7.11.5.239 2048 Bytes 07/04/2011 11:16:37
VBASE018.VDF : 7.11.5.240 2048 Bytes 07/04/2011 11:16:37
VBASE019.VDF : 7.11.5.241 2048 Bytes 07/04/2011 11:16:37
VBASE020.VDF : 7.11.5.242 2048 Bytes 07/04/2011 11:16:37
VBASE021.VDF : 7.11.5.243 2048 Bytes 07/04/2011 11:16:38
VBASE022.VDF : 7.11.5.244 2048 Bytes 07/04/2011 11:16:38
VBASE023.VDF : 7.11.5.245 2048 Bytes 07/04/2011 11:16:38
VBASE024.VDF : 7.11.5.246 2048 Bytes 07/04/2011 11:16:38
VBASE025.VDF : 7.11.5.247 2048 Bytes 07/04/2011 11:16:38
VBASE026.VDF : 7.11.5.248 2048 Bytes 07/04/2011 11:16:38
VBASE027.VDF : 7.11.5.249 2048 Bytes 07/04/2011 11:16:38
VBASE028.VDF : 7.11.5.250 2048 Bytes 07/04/2011 11:16:38
VBASE029.VDF : 7.11.5.251 2048 Bytes 07/04/2011 11:16:38
VBASE030.VDF : 7.11.5.252 2048 Bytes 07/04/2011 11:16:38
VBASE031.VDF : 7.11.6.10 49152 Bytes 08/04/2011 09:16:35
Version du moteur : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 14/03/2011 14:40:32
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04/04/2011 08:40:44
AESCN.DLL : 8.1.7.2 127349 Bytes 14/03/2011 14:40:31
AESBX.DLL : 8.1.3.2 254324 Bytes 14/03/2011 14:40:32
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 17:44:40
AEPACK.DLL : 8.2.6.0 549237 Bytes 07/04/2011 19:16:39
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04/04/2011 08:40:43
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 07/04/2011 19:16:39
AEHELP.DLL : 8.1.16.1 246134 Bytes 14/03/2011 14:40:29
AEGEN.DLL : 8.1.5.4 397684 Bytes 04/04/2011 08:40:41
AEEMU.DLL : 8.1.3.0 393589 Bytes 14/03/2011 14:40:29
AECORE.DLL : 8.1.20.2 196982 Bytes 07/04/2011 19:16:37
AEBB.DLL : 8.1.1.0 53618 Bytes 14/03/2011 14:40:29
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/03/2011 14:39:47
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/03/2011 14:40:37
AVREP.DLL : 10.0.0.8 62209 Bytes 14/03/2011 14:40:37
AVREG.DLL : 10.0.3.2 53096 Bytes 14/03/2011 14:40:37
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 14/03/2011 14:40:38
AVARKT.DLL : 10.0.22.6 231784 Bytes 14/03/2011 14:40:33
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 14/03/2011 14:40:34
SQLITE3.DLL : 3.6.19.0 355688 Bytes 14/03/2011 14:40:50
AVSMTP.DLL : 10.0.0.17 63848 Bytes 14/03/2011 14:40:38
NETNT.DLL : 10.0.0.0 11624 Bytes 14/03/2011 14:40:47
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 14/03/2011 14:39:49
RCTEXT.DLL : 10.0.58.0 99688 Bytes 14/03/2011 14:39:49
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Disques durs locaux
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: renommer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Sélection de fichiers intelligente
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Types d'archives divergents...................: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Fichiers à exclure............................: D:\DONNEES\Documents\EVMH\images, D:\DONNEES\Documents\EVMH\Photos, D:\DONNEES\Documents\Mes images, D:\DONNEES\Downloads Scanned,
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Début de la recherche : vendredi 8 avril 2011 13:00
La recherche d'objets cachés commence.
c:\windows\system32\shlcmd.exe
c:\windows\system32\shlcmd.exe
[REMARQUE] Le processus n'est pas visible.
c:\windows\system32\shlcmd.exe
c:\windows\system32\shlcmd.exe
c:\windows\system32\shlcmd.exe
c:\windows\system32\shlcmd.exe
c:\windows\system32\shlcmd.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
[REMARQUE] Le processus n'est pas visible.
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
[REMARQUE] Le processus n'est pas visible.
La recherche sur les processus démarrés commence :
Processus de recherche 'rsmsink.exe' - '1' module(s) sont contrôlés
Processus de recherche 'msdtc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vssvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'xnview.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AcroRd32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'EXCEL.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'opera.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'OUTLOOK.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'X-Lite4.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DESKTO~1.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'DESKTO~3.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PresentationFontCache.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AVWEBGRD.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'avmailc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SpySweeper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'o2flash.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SchedulerSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BackupSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avshadow.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Agentsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'btwdins.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '497' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\' <ACER>
C:\Documents and Settings\Etienne\Application Data\ntuser.dat
[RESULTAT] Contient le cheval de Troie TR/Obfuscated.29996C
C:\Documents and Settings\Etienne\Local Settings\Temp\65C.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.Carberp.C.90
C:\Documents and Settings\Etienne\Local Settings\Temporary Internet Files\Content.IE5\S02ADJQI\063c0f0fd[1].exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Dofoil.D.8
Recherche débutant dans 'D:\' <Data>
Le répertoire 'D:\DONNEES\Documents\EVMH\images\' a été exclu par la recherche !
Le répertoire 'D:\DONNEES\Documents\EVMH\Photos\' a été exclu par la recherche !
Le répertoire 'D:\DONNEES\Documents\Mes images\' a été exclu par la recherche !
Le répertoire 'D:\DONNEES\Downloads Scanned\' a été exclu par la recherche !
Début de la désinfection :
C:\Documents and Settings\Etienne\Local Settings\Temporary Internet Files\Content.IE5\S02ADJQI\063c0f0fd[1].exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Dofoil.D.8
[AVERTISSEMENT] Fichier ignoré.
C:\Documents and Settings\Etienne\Local Settings\Temp\65C.tmp
[RESULTAT] Contient le cheval de Troie TR/Dldr.Carberp.C.90
[AVERTISSEMENT] Fichier ignoré.
C:\Documents and Settings\Etienne\Application Data\ntuser.dat
[RESULTAT] Contient le cheval de Troie TR/Obfuscated.29996C
[AVERTISSEMENT] Fichier ignoré.
Fin de la recherche : vendredi 8 avril 2011 15:05
Temps nécessaire: 38:20 Minute(s)
La recherche a été effectuée intégralement
5839 Les répertoires ont été contrôlés
489614 Des fichiers ont été contrôlés
3 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
489611 Fichiers non infectés
9188 Les archives ont été contrôlées
3 Avertissements
0 Consignes
30881 Des objets ont été contrôlés lors du Rootkitscan
8 Des objets cachés ont été trouvés
Hi,
Please post fresh dds logs too.
Hi,
Here are the last DDS report and Attach.txt
I did a "normal" startup and ran the scan with Windows running also "normally" this time (without killing the explorer process at logon) in order to try to get an actual image of the system...
But it is impossible for me to work, the system being terribly slow...
I also checked the task manager and neither the processors, nor the memory seem to be overloaded (?) So, I am wondering if this Click.giftload is still active.
Anyway there is still something corrupting the OS...
Thanks
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Etienne at 10:31:30,64 on lun. 11/04/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3001.2235 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NCH Swift Sound\Talk\talk.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Etienne\Application Data\FW-312826385.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Etienne\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Etienne\Bureau\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
mDefault_Page_URL = hxxp://global.acer.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search 2] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
uRun: [Microsoft Firewall 2.9] "c:\documents and settings\etienne\application data\FW-312826385.exe" /s
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [AzMixerSel] "c:\program files\realtek\audio\installshield\AzMixerSel.exe"
mRun: [ePower_DMC] "c:\program files\acer\empowering technology\epower\ePower_DMC.exe"
mRun: [Boot] "c:\program files\acer\empowering technology\epower\Boot.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Talk] "c:\program files\nch swift sound\talk\talk.exe" -logon
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\fichiers communs\spba\homefus2.dll
Notify: WRNotifier - WRLogonNTF.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-14 11608]
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-21 201288]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-14 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-14 421032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R2 WebrootSpySweeperService;Moteur Webroot Spy Sweeper;c:\program files\spy sweeper\SpySweeper.exe [2006-1-25 3379264]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-14 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-16 1691480]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-21 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-7-21 40488]
.
=============== Created Last 30 ================
.
2011-04-09 22:36:13 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-09 22:24:20 -------- d-----w- C:\Desktop
2011-04-06 13:39:45 29996 ---h--w- c:\docume~1\etienne\applic~1\ntuser.dat
2011-04-06 13:39:45 100352 ---h--w- c:\docume~1\etienne\applic~1\FW-312826385.exe
2011-04-04 13:51:52 -------- d-----w- c:\program files\MSECache
2011-03-31 16:43:40 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath Corporation
2011-03-31 16:43:33 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath
2011-03-31 16:43:00 -------- d-----w- c:\program files\CounterPath
2011-03-31 16:40:32 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-31 16:38:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-31 16:37:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-31 16:37:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-31 16:37:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-31 16:37:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-31 16:37:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-31 16:37:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-31 16:37:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-31 16:37:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-31 16:37:28 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-31 15:02:04 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
2011-03-31 15:01:47 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA1.DLL
2011-03-31 15:01:47 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA1.DLL
2011-03-31 15:01:46 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-03-29 14:09:06 282624 ----a-w- c:\program files\fichiers communs\installshield\updateservice\agent.exe
2011-03-29 14:06:22 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
2011-03-29 14:06:22 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-03-29 14:06:22 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
2011-03-29 14:06:22 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
2011-03-29 14:06:21 696320 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-03-29 14:06:21 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
2011-03-29 14:06:21 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-03-29 14:05:42 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-03-29 14:05:32 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-03-29 14:05:32 413696 ----a-w- c:\windows\system32\PICSDK.dll
2011-03-29 14:05:32 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-03-29 14:05:27 724992 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iKernel.dll
2011-03-29 14:05:27 69715 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\ctor.dll
2011-03-29 14:05:27 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2011-03-29 14:05:27 266240 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iscript.dll
2011-03-29 14:05:27 192512 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iuser.dll
2011-03-29 14:05:26 311428 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\Setup.dll
2011-03-29 14:05:26 184452 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iGdi.dll
2011-03-29 14:04:04 -------- d-----w- c:\program files\epson
2011-03-29 14:00:59 29696 ----a-w- c:\windows\system32\escwiab.dll
2011-03-29 14:00:58 33280 ----a-w- c:\windows\system32\esccm.dll
2011-03-29 14:00:58 27648 ----a-w- c:\windows\system32\escimg.dll
2011-03-29 14:00:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-29 14:00:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-24 11:49:13 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-23 12:36:12 22080 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-03-23 12:36:12 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
2011-03-23 12:36:12 20544 ----a-w- c:\windows\system32\drivers\SSFS0509.sys
2011-03-23 12:36:12 144960 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-03-23 12:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-03-23 12:34:13 -------- d-----w- c:\docume~1\etienne\applic~1\Webroot
2011-03-23 10:45:31 -------- d-----w- c:\program files\MSSOAP
2011-03-23 10:24:12 1563008 ----a-w- c:\windows\WRSetup.dll
2011-03-23 09:50:39 102912 ----a-w- c:\windows\system32\islzma.dll
2011-03-23 09:50:29 -------- d-----w- c:\program files\Spy Sweeper
2011-03-22 22:13:24 -------- d-----w- c:\docume~1\etienne\applic~1\Malwarebytes
2011-03-22 10:15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-22 10:15:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-21 23:03:19 -------- d-----w- c:\windows\pss
2011-03-21 17:02:58 -------- d-----w- c:\program files\GhostScript
2011-03-21 16:19:45 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2011-03-19 12:17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-03-16 18:32:44 327168 ----a-w- c:\windows\IsUn040c.exe
2011-03-16 12:06:25 359016 ----a-w- c:\windows\vncutil.exe
2011-03-16 12:06:21 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-16 12:06:21 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-03-16 12:06:20 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-03-16 12:06:18 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-03-16 11:34:34 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2011-03-16 11:34:34 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2011-03-16 11:17:05 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-03-14 21:32:20 199176 ----a-w- c:\windows\GVUni.exe
2011-03-14 21:32:19 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2011-03-14 21:32:19 207368 ----a-w- c:\windows\UNINST32.EXE
2011-03-14 21:32:19 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-03-14 21:31:50 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-03-14 21:31:50 380928 ----a-w- c:\windows\AcerStore.exe
2011-03-14 21:31:20 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2011-03-14 21:31:20 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-03-14 21:31:20 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-03-14 21:31:19 -------- d-----w- c:\windows\WLAN
2011-03-14 21:30:32 -------- d-----w- c:\windows\VGA
2011-03-14 21:30:24 147456 ----a-w- c:\windows\PLAUNCH.EXE
2011-03-14 21:30:23 -------- d-----w- c:\windows\Lan
2011-03-14 18:17:49 -------- d-----w- C:\TMP
2011-03-14 18:16:40 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
2011-03-14 18:16:32 -------- d-----w- c:\program files\Common Files
2011-03-14 18:16:13 -------- d-----w- c:\program files\Data-Concept
2011-03-14 18:15:56 304128 ----a-w- c:\windows\unin040c.exe
2011-03-14 18:15:52 -------- d-----w- c:\documents and settings\etienne\WINDOWS
2011-03-14 18:09:33 -------- d-----w- c:\program files\PowerArchiver
2011-03-14 18:02:57 -------- d-----w- c:\docume~1\etienne\applic~1\XnView
2011-03-14 18:02:32 -------- d-----w- c:\program files\XnView
2011-03-14 18:00:06 -------- d-----w- c:\program files\VideoLAN
2011-03-14 17:56:01 -------- d-----w- c:\program files\NK2View
2011-03-14 17:52:49 -------- d-----w- c:\program files\Kyocera
2011-03-14 17:51:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-14 17:51:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-14 17:47:59 100580 ------w- c:\windows\system32\KMPJLMN.DLL
2011-03-14 17:47:52 46877 ------w- c:\windows\system32\KM-PMKN.DLL
2011-03-14 17:37:22 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-14 17:37:19 -------- d-----w- c:\windows\PrimoPDF
2011-03-14 17:37:19 -------- d-----w- c:\program files\PrimoPDF
2011-03-14 17:36:40 -------- d-----w- c:\program files\Unlocker
2011-03-14 16:21:42 -------- d-----w- c:\program files\NCH Swift Sound
2011-03-14 16:14:19 -------- d-----r- c:\program files\Skype
2011-03-14 15:47:20 -------- d-----w- c:\docume~1\etienne\applic~1\Avira
2011-03-14 15:37:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-03-14 15:37:02 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-03-14 15:35:50 -------- d-----w- c:\windows\SHELLNEW
2011-03-14 14:57:15 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Opera
2011-03-14 14:49:05 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Copernic
2011-03-14 14:48:49 -------- d-----w- c:\program files\Copernic Desktop Search 2
2011-03-14 14:47:53 -------- d-----w- c:\program files\CCleaner
2011-03-14 14:42:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-14 14:42:51 -------- d-----w- c:\program files\Avira
2011-03-14 14:42:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-03-14 14:23:00 -------- d-----w- c:\program files\Acer Inc
2011-03-14 14:09:33 -------- d-----w- c:\program files\Launch Manager
2011-03-14 14:08:47 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2011-03-14 14:08:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2011-03-14 14:08:28 -------- d-----w- c:\program files\fichiers communs\InterVideo
2011-03-14 14:08:27 -------- d-----w- c:\program files\fichiers communs\Protexis
2011-03-14 14:06:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-03-14 14:06:51 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-03-14 14:06:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-14 14:06:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-14 14:06:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2011-03-14 14:05:56 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-03-14 14:05:56 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-03-14 14:05:56 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-03-14 14:05:56 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-03-14 14:05:16 69632 ----a-w- c:\windows\system32\eRecUtil.dll
2011-03-14 14:05:16 24576 ----a-w- c:\windows\system32\SysMonitor.exe
2011-03-14 14:05:14 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-03-14 13:58:54 24578845 ----a-w- c:\windows\system32\acer.exe
2011-03-14 13:58:52 36909056 ----a-w- c:\windows\system32\acer.scr
2011-03-14 13:58:47 -------- d-----w- c:\program files\Acer Incorporated
2011-03-14 13:58:26 -------- d-----w- c:\windows\ACER
2011-03-14 13:58:08 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-03-14 13:56:54 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2011-03-14 13:56:54 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2011-03-14 13:56:41 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2011-03-14 13:56:40 5632 ----a-w- c:\windows\system32\biologon.dll
2011-03-14 13:56:32 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2011-03-14 13:56:32 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
2011-03-14 13:56:32 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-03-14 13:56:27 1468928 ----a-w- c:\windows\system32\bsapi.dll
2011-03-14 13:56:26 -------- d-----w- c:\program files\Acer
2011-03-14 13:56:16 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys
2011-03-14 13:56:08 -------- d-----w- c:\program files\fichiers communs\SPBA
2011-03-14 13:53:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-03-14 13:52:29 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2011-03-14 13:52:29 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-14 13:52:29 108032 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2011-03-14 13:52:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-03-14 13:52:27 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-03-14 13:52:27 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-03-14 13:52:26 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-03-14 13:52:26 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-03-14 13:52:26 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-03-14 13:52:25 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
2011-03-14 13:52:25 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2011-03-14 13:52:25 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-03-14 12:37:41 -------- d-----w- c:\windows\system32\LogFiles
2011-03-14 12:35:18 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-14 12:35:14 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-03-14 12:35:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-03-14 12:35:13 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-03-14 12:35:13 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-03-14 12:35:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-03-14 12:35:12 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-03-14 12:35:12 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-03-14 12:35:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-03-14 12:35:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-14 12:34:50 -------- d-----w- c:\program files\CONEXANT
2011-03-14 12:34:29 -------- d-----w- c:\windows\system32\RTCOM
.
==================== Find3M ====================
.
2011-03-10 10:27:50 1377112 ----a-w- C:\TDSSKiller.exe
2011-02-17 13:02:04 20029032 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-09 14:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
.
============= FINISH: 10:32:16,40 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 14/03/2011 14:39:39
System Uptime: 11/04/2011 10:13:24 (0 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 44,18 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 52,883 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 14/03/2011 14:39:45 - Point de vérification système
RP2: 14/03/2011 14:55:28 - Installé Acer Crystal Eye Webcam Video Class Camera
RP3: 14/03/2011 14:55:49 - Installé Acer Crystal Eye Webcam 2.0.8.4
RP4: 14/03/2011 14:57:36 - Installé Realtek High Definition Audio Driver
RP5: 14/03/2011 14:58:25 - Installed Acer ScreenSaver
RP6: 14/03/2011 15:02:37 - Removed 2007 Microsoft Office system
RP7: 14/03/2011 15:05:08 - Installé Acer Empowering Technology
RP8: 14/03/2011 15:05:56 - Installé Acer ePower Management
RP9: 14/03/2011 15:06:28 - Installé eSobi v2
RP10: 14/03/2011 15:42:51 - Avira AntiVir Premium - 14/03/2011 15:41
RP11: 14/03/2011 16:14:06 - 2011.03.14 Après réinstall
RP12: 14/03/2011 16:35:39 - Installé Microsoft Office Professional Edition 2003
RP13: 14/03/2011 16:45:15 - Pilote d'imprimante Microsoft Office Document Image Wr installé
RP14: 14/03/2011 16:53:55 - Installed Microsoft Outlook Personal Folders Backup
RP15: 14/03/2011 18:29:26 - 20110314 Après install MSOFFICE 2003 SP3
RP16: 14/03/2011 18:37:28 - Pilote d'imprimante PrimoPDF installé
RP17: 14/03/2011 18:53:01 - Pilote d'imprimante Kyocera FS-920 KX installé
RP18: 15/03/2011 20:00:38 - Point de vérification système
RP19: 16/03/2011 13:06:17 - Installé Realtek High Definition Audio Driver
RP20: 16/03/2011 14:32:02 - Installation finale av. Outlook OK
RP21: 17/03/2011 21:15:47 - Point de vérification système
RP22: 19/03/2011 14:28:49 - Point de vérification système
RP23: 21/03/2011 14:26:40 - Point de vérification système
RP24: 22/03/2011 20:59:23 - Point de vérification système
RP25: 23/03/2011 23:06:54 - Point de vérification système
RP26: 24/03/2011 0:53:54 - Supprimé Activation Assistant for the 2007 Microsoft Office suites
RP27: 25/03/2011 19:21:00 - Point de vérification système
RP28: 27/03/2011 15:26:38 - Point de vérification système
RP29: 28/03/2011 20:50:20 - Point de vérification système
RP30: 29/03/2011 16:05:32 - Installé EPSON EasyPrintModule
RP31: 29/03/2011 16:05:40 - Installé ABBYY FineReader 5.0 Sprint Plus
RP32: 29/03/2011 16:07:58 - Installed EPSON Attach To Email
RP33: 29/03/2011 16:08:27 - Installed EPSON Send To Web
RP34: 29/03/2011 16:09:05 - Installé EPSON Image Clip Palette
RP35: 29/03/2011 16:09:43 - Installé EPSON Event Manager
RP36: 29/03/2011 16:10:20 - Installé EPSON Scan Assistant
RP37: 29/03/2011 16:10:53 - Installé EPSON File Manager
RP38: 29/03/2011 16:10:57 - Installé EPSON File Manager
RP39: 30/03/2011 20:12:01 - Point de vérification système
RP40: 31/03/2011 18:37:36 - Installed Windows KB954550-v5.
RP41: 31/03/2011 18:37:44 - Pilote d'imprimante Microsoft XPS Document Writer installé
RP42: 31/03/2011 18:37:53 - Pilote d'imprimante Microsoft XPS Document Writer installé
RP43: 31/03/2011 18:40:32 - Installed %1 %2.
RP44: 31/03/2011 18:43:00 - Installed X-Lite 4
RP45: 1/04/2011 21:18:50 - Point de vérification système
RP46: 4/04/2011 14:00:30 - Point de vérification système
RP47: 4/04/2011 15:52:01 - Installé Module de compatibilité pour Microsoft Office System 2007
RP48: 5/04/2011 21:20:34 - Point de vérification système
RP49: 7/04/2011 13:58:57 - Point de vérification système
RP50: 8/04/2011 20:09:06 - Point de vérification système
RP51: 9/04/2011 20:53:58 - Point de vérification système
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint Plus
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.8.4
Acer Crystal Eye Webcam Video Class Camera
Acer Empowering Technology
Acer ePower Management
Acer GridVista
Acer ScreenSaver
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.2.6
ALPS Touch Pad Driver
Analyseur MSXML 6.0
Avira AntiVir Premium
Broadcom Gigabit Integrated Controller
Canon iP4700 series Printer Driver
CCleaner
Copernic Desktop Search 2
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Image Clip Palette
EPSON Scan
EPSON Scan Assistant
EPSON Send To Web
ERUNT 1.1j
Express Talk
Fastworks- Desktop
Fastworks-Entreprise
Fichiers de prise en charge de l'installation de Microsoft SQL*Server (Français)
GPL Ghostscript 9.01
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Kyocera Product Library
Launch Manager
LightScribe 1.4.142.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Outlook Personal Folders Backup
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951978)
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver (x86)
Opera 11.01
PERF4990P Guide de référence
PowerArchiver
PrimoPDF
PrimoPDF Redistribution Package
Realtek High Definition Audio Driver
Skype™ 5.1
SPBA 5.8
Spy Sweeper
Spybot - Search & Destroy
Unlocker 1.8.8
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
X-Lite 4
XML Paper Specification Shared Components Language Pack 1.0
XnView 1.97.8
.
==== Event Viewer Messages From Past Week ========
.
5/04/2011 11:17:10, error: Service Control Manager [7000] - Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur*: Le chemin d'accès spécifié est introuvable.
5/04/2011 11:10:15, error: Service Control Manager [7000] - Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur*: Le chemin d'accès spécifié est introuvable.
4/04/2011 12:54:49, error: Service Control Manager [7034] - Le service O2Micro Flash Memory Card Service s'est terminé de façon inattendue pour la 1ème fois.
4/04/2011 12:54:35, error: Service Control Manager [7034] - Le service NTI Backup Now 5 Backup Service s'est terminé de façon inattendue pour la 1ème fois.
.
==== End Of File ===========================
Hi,
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Here we go...
Applications are apparently running normally after "normal" reboot, but Windows took a while to start up. I don't know if this is due to completion of MBAM cleaning ?
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6330
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11/04/2011 13:55:11
mbam-log-2011-04-11 (13-55-11).txt
Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 230281
Temps écoulé: 45 minute(s), 20 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Value: Microsoft Firewall 2.9 -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\documents and settings\Etienne\application data\ntuser.dat (VirTool.Obfuscator) -> Quarantined and deleted successfully.
c:\documents and settings\Etienne\application data\fw-312826385.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
FYI, I re-ran an MBAM quick scan after having followed your instructions as stated in my previous post...
Although MBAM did not find anything any more, Avira Guard popped up with a warning stating that the same previous Trojan (TR/Dldr.Dofoil.D.8) had been found in the directory C:\Documents and Setting\Etienne\Local Settings\Temporary Internet Files\Content.IE5\S02ADJQ\063c0f0fd[1].exe
I did not do anything before posting this information...
The odd thing is that when I try to check the presence of the file in the above mentioned directory, I do not see the "Content.IE5" folder though the option "view hidden...." is enable in the folders & files options.
Any idea ?
Hi,
Post fresh dds logs. Were you browsing the web when Antivir popped up the alert?
Hi Blade81,
Here are today's DDS logs. There is something new appearing at the end of the Attach.txt file (if you need me to translate the message, please ask)...
No, I was not browsing the web when Avira popped up the warning. It happened exactly when MBAM was scanning the corresponding file but MBAM did not report anything neither during the scan, nor at the end...
I must say that I had another new warning tonight from Avira Guard when Opera (alone) was "on" but computer was idle !
I placed this one in quarantine.
Here is the information from Avira about this file :
Type: File
Source*: C:\System Volume Information\_restore{252295B3-C40E-48B4-9091-1C42FC8617DF}\RP51\A0016742.exe
State*: Contaminated
Message : Contains the Trojan TR/Trash.Gen
Date/Hour : 12/04/2011, 0:08
Thanks for your follow up !
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Etienne at 11:15:44,48 on mar. 12/04/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3001.2061 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\DOCUME~1\Etienne\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COPERN~1\DESKTO~1.EXE
C:\Program Files\NCH Swift Sound\Talk\talk.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Etienne\Bureau\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
mDefault_Page_URL = hxxp://global.acer.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers
communs\adobe\acrobat\activex\AcroIEHelper.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2
\DesktopSearchBand203000030.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2
\DesktopSearchBand203000030.dll
EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2
\DesktopSearchBand203000030.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Copernic Desktop Search 2] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [AzMixerSel] "c:\program files\realtek\audio\installshield\AzMixerSel.exe"
mRun: [ePower_DMC] "c:\program files\acer\empowering technology\epower\ePower_DMC.exe"
mRun: [Boot] "c:\program files\acer\empowering technology\epower\Boot.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Talk] "c:\program files\nch swift sound\talk\talk.exe" -logon
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers
communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\bluetooth
software\BTTray.exe
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11
\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\fichiers communs\spba\homefus2.dll
Notify: WRNotifier - WRLogonNTF.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-14 11608]
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-21 201288]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-14 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-14 421032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe
[2008-3-3 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6
50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe
[2008-4-4 131072]
R2 WebrootSpySweeperService;Moteur Webroot Spy Sweeper;c:\program files\spy sweeper\SpySweeper.exe [2006-1-25 3379264]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-14 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-16 1691480]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-21 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-7-21 40488]
.
=============== Created Last 30 ================
.
2011-04-11 11:02:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 11:02:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-11 11:02:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 11:02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 22:36:13 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-09 22:24:20 -------- d-----w- C:\Desktop
2011-04-04 13:51:52 -------- d-----w- c:\program files\MSECache
2011-03-31 16:43:40 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath Corporation
2011-03-31 16:43:33 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath
2011-03-31 16:43:00 -------- d-----w- c:\program files\CounterPath
2011-03-31 16:40:32 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-31 16:38:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-31 16:37:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-31 16:37:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-31 16:37:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-31 16:37:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-31 16:37:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-31 16:37:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-31 16:37:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-31 16:37:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-31 16:37:28 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-31 15:02:04 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
2011-03-31 15:01:47 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA1.DLL
2011-03-31 15:01:47 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA1.DLL
2011-03-31 15:01:46 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-03-29 14:09:06 282624 ----a-w- c:\program files\fichiers communs\installshield\updateservice\agent.exe
2011-03-29 14:06:22 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\ctor.dll
2011-03-29 14:06:22 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\DotNetInstaller.exe
2011-03-29 14:06:22 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\iscript.dll
2011-03-29 14:06:22 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\iuser.dll
2011-03-29 14:06:21 696320 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\iKernel.dll
2011-03-29 14:06:21 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\setup.dll
2011-03-29 14:06:21 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701
\intel32\iGdi.dll
2011-03-29 14:05:42 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-03-29 14:05:32 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-03-29 14:05:32 413696 ----a-w- c:\windows\system32\PICSDK.dll
2011-03-29 14:05:32 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-03-29 14:05:27 724992 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\iKernel.dll
2011-03-29 14:05:27 69715 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\ctor.dll
2011-03-29 14:05:27 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\DotNetInstaller.exe
2011-03-29 14:05:27 266240 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\iscript.dll
2011-03-29 14:05:27 192512 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\iuser.dll
2011-03-29 14:05:26 311428 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\Setup.dll
2011-03-29 14:05:26 184452 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00
\intel32\iGdi.dll
2011-03-29 14:04:04 -------- d-----w- c:\program files\epson
2011-03-29 14:00:59 29696 ----a-w- c:\windows\system32\escwiab.dll
2011-03-29 14:00:58 33280 ----a-w- c:\windows\system32\esccm.dll
2011-03-29 14:00:58 27648 ----a-w- c:\windows\system32\escimg.dll
2011-03-29 14:00:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-29 14:00:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-24 11:49:13 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-23 12:36:12 22080 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-03-23 12:36:12 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
2011-03-23 12:36:12 20544 ----a-w- c:\windows\system32\drivers\SSFS0509.sys
2011-03-23 12:36:12 144960 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-03-23 12:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-03-23 12:34:13 -------- d-----w- c:\docume~1\etienne\applic~1\Webroot
2011-03-23 10:45:31 -------- d-----w- c:\program files\MSSOAP
2011-03-23 10:24:12 1563008 ----a-w- c:\windows\WRSetup.dll
2011-03-23 09:50:39 102912 ----a-w- c:\windows\system32\islzma.dll
2011-03-23 09:50:29 -------- d-----w- c:\program files\Spy Sweeper
2011-03-22 22:13:24 -------- d-----w- c:\docume~1\etienne\applic~1\Malwarebytes
2011-03-22 10:15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-22 10:15:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-21 23:03:19 -------- d-----w- c:\windows\pss
2011-03-21 17:02:58 -------- d-----w- c:\program files\GhostScript
2011-03-21 16:19:45 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2011-03-19 12:17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-03-16 18:32:44 327168 ----a-w- c:\windows\IsUn040c.exe
2011-03-16 12:06:25 359016 ----a-w- c:\windows\vncutil.exe
2011-03-16 12:06:21 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-16 12:06:21 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-03-16 12:06:20 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-03-16 12:06:18 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-03-16 11:34:34 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2011-03-16 11:34:34 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2011-03-16 11:17:05 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-03-14 21:32:20 199176 ----a-w- c:\windows\GVUni.exe
2011-03-14 21:32:19 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2011-03-14 21:32:19 207368 ----a-w- c:\windows\UNINST32.EXE
2011-03-14 21:32:19 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-03-14 21:31:50 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-03-14 21:31:50 380928 ----a-w- c:\windows\AcerStore.exe
2011-03-14 21:31:20 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2011-03-14 21:31:20 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-03-14 21:31:20 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-03-14 21:31:19 -------- d-----w- c:\windows\WLAN
2011-03-14 21:30:32 -------- d-----w- c:\windows\VGA
2011-03-14 21:30:24 147456 ----a-w- c:\windows\PLAUNCH.EXE
2011-03-14 21:30:23 -------- d-----w- c:\windows\Lan
2011-03-14 18:17:49 -------- d-----w- C:\TMP
2011-03-14 18:16:40 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
2011-03-14 18:16:32 -------- d-----w- c:\program files\Common Files
2011-03-14 18:16:13 -------- d-----w- c:\program files\Data-Concept
2011-03-14 18:15:56 304128 ----a-w- c:\windows\unin040c.exe
2011-03-14 18:15:52 -------- d-----w- c:\documents and settings\etienne\WINDOWS
2011-03-14 18:09:33 -------- d-----w- c:\program files\PowerArchiver
2011-03-14 18:02:57 -------- d-----w- c:\docume~1\etienne\applic~1\XnView
2011-03-14 18:02:32 -------- d-----w- c:\program files\XnView
2011-03-14 18:00:06 -------- d-----w- c:\program files\VideoLAN
2011-03-14 17:56:01 -------- d-----w- c:\program files\NK2View
2011-03-14 17:52:49 -------- d-----w- c:\program files\Kyocera
2011-03-14 17:51:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-14 17:51:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-14 17:47:59 100580 ------w- c:\windows\system32\KMPJLMN.DLL
2011-03-14 17:47:52 46877 ------w- c:\windows\system32\KM-PMKN.DLL
2011-03-14 17:37:22 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-14 17:37:19 -------- d-----w- c:\windows\PrimoPDF
2011-03-14 17:37:19 -------- d-----w- c:\program files\PrimoPDF
2011-03-14 17:36:40 -------- d-----w- c:\program files\Unlocker
2011-03-14 16:21:42 -------- d-----w- c:\program files\NCH Swift Sound
2011-03-14 16:14:19 -------- d-----r- c:\program files\Skype
2011-03-14 15:47:20 -------- d-----w- c:\docume~1\etienne\applic~1\Avira
2011-03-14 15:37:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-03-14 15:37:02 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-03-14 15:35:50 -------- d-----w- c:\windows\SHELLNEW
2011-03-14 14:57:15 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Opera
2011-03-14 14:49:05 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Copernic
2011-03-14 14:48:49 -------- d-----w- c:\program files\Copernic Desktop Search 2
2011-03-14 14:47:53 -------- d-----w- c:\program files\CCleaner
2011-03-14 14:42:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-14 14:42:51 -------- d-----w- c:\program files\Avira
2011-03-14 14:42:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-03-14 14:23:00 -------- d-----w- c:\program files\Acer Inc
2011-03-14 14:09:33 -------- d-----w- c:\program files\Launch Manager
2011-03-14 14:08:47 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2011-03-14 14:08:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2011-03-14 14:08:28 -------- d-----w- c:\program files\fichiers communs\InterVideo
2011-03-14 14:08:27 -------- d-----w- c:\program files\fichiers communs\Protexis
2011-03-14 14:06:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-03-14 14:06:51 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-03-14 14:06:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-14 14:06:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-14 14:06:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2011-03-14 14:05:56 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-03-14 14:05:56 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-03-14 14:05:56 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-03-14 14:05:56 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-03-14 14:05:16 69632 ----a-w- c:\windows\system32\eRecUtil.dll
2011-03-14 14:05:16 24576 ----a-w- c:\windows\system32\SysMonitor.exe
2011-03-14 14:05:14 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-03-14 13:58:54 24578845 ----a-w- c:\windows\system32\acer.exe
2011-03-14 13:58:52 36909056 ----a-w- c:\windows\system32\acer.scr
2011-03-14 13:58:47 -------- d-----w- c:\program files\Acer Incorporated
2011-03-14 13:58:26 -------- d-----w- c:\windows\ACER
2011-03-14 13:58:08 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-03-14 13:56:54 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2011-03-14 13:56:54 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2011-03-14 13:56:41 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2011-03-14 13:56:40 5632 ----a-w- c:\windows\system32\biologon.dll
2011-03-14 13:56:32 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2011-03-14 13:56:32 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
2011-03-14 13:56:32 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-03-14 13:56:27 1468928 ----a-w- c:\windows\system32\bsapi.dll
2011-03-14 13:56:26 -------- d-----w- c:\program files\Acer
2011-03-14 13:56:16 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys
2011-03-14 13:56:08 -------- d-----w- c:\program files\fichiers communs\SPBA
2011-03-14 13:53:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-03-14 13:52:29 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2011-03-14 13:52:29 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-14 13:52:29 108032 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2011-03-14 13:52:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-03-14 13:52:27 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-03-14 13:52:27 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-03-14 13:52:26 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-03-14 13:52:26 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-03-14 13:52:26 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-03-14 13:52:25 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
2011-03-14 13:52:25 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2011-03-14 13:52:25 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-03-14 12:37:41 -------- d-----w- c:\windows\system32\LogFiles
2011-03-14 12:35:18 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-14 12:35:14 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-03-14 12:35:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-03-14 12:35:13 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-03-14 12:35:13 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-03-14 12:35:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-03-14 12:35:12 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-03-14 12:35:12 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-03-14 12:35:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-03-14 12:35:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-14 12:34:50 -------- d-----w- c:\program files\CONEXANT
2011-03-14 12:34:29 -------- d-----w- c:\windows\system32\RTCOM
.
==================== Find3M ====================
.
2011-03-10 10:27:50 1377112 ----a-w- C:\TDSSKiller.exe
2011-02-17 13:02:04 20029032 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-09 14:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
.
============= FINISH: 11:16:25,97 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 14/03/2011 14:39:39
System Uptime: 12/04/2011 0:36:44 (11 hours ago)
.
Motherboard: Acer | | Homa
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 70 GiB total, 44,104 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 52,874 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 14/03/2011 14:39:45 - Point de vérification système
RP2: 14/03/2011 14:55:28 - Installé Acer Crystal Eye Webcam Video Class Camera
RP3: 14/03/2011 14:55:49 - Installé Acer Crystal Eye Webcam 2.0.8.4
RP4: 14/03/2011 14:57:36 - Installé Realtek High Definition Audio Driver
RP5: 14/03/2011 14:58:25 - Installed Acer ScreenSaver
RP6: 14/03/2011 15:02:37 - Removed 2007 Microsoft Office system
RP7: 14/03/2011 15:05:08 - Installé Acer Empowering Technology
RP8: 14/03/2011 15:05:56 - Installé Acer ePower Management
RP9: 14/03/2011 15:06:28 - Installé eSobi v2
RP10: 14/03/2011 15:42:51 - Avira AntiVir Premium - 14/03/2011 15:41
RP11: 14/03/2011 16:14:06 - 2011.03.14 Après réinstall
RP12: 14/03/2011 16:35:39 - Installé Microsoft Office Professional Edition 2003
RP13: 14/03/2011 16:45:15 - Pilote d'imprimante Microsoft Office Document Image Wr installé
RP14: 14/03/2011 16:53:55 - Installed Microsoft Outlook Personal Folders Backup
RP15: 14/03/2011 18:29:26 - 20110314 Après install MSOFFICE 2003 SP3
RP16: 14/03/2011 18:37:28 - Pilote d'imprimante PrimoPDF installé
RP17: 14/03/2011 18:53:01 - Pilote d'imprimante Kyocera FS-920 KX installé
RP18: 15/03/2011 20:00:38 - Point de vérification système
RP19: 16/03/2011 13:06:17 - Installé Realtek High Definition Audio Driver
RP20: 16/03/2011 14:32:02 - Installation finale av. Outlook OK
RP21: 17/03/2011 21:15:47 - Point de vérification système
RP22: 19/03/2011 14:28:49 - Point de vérification système
RP23: 21/03/2011 14:26:40 - Point de vérification système
RP24: 22/03/2011 20:59:23 - Point de vérification système
RP25: 23/03/2011 23:06:54 - Point de vérification système
RP26: 24/03/2011 0:53:54 - Supprimé Activation Assistant for the 2007 Microsoft Office suites
RP27: 25/03/2011 19:21:00 - Point de vérification système
RP28: 27/03/2011 15:26:38 - Point de vérification système
RP29: 28/03/2011 20:50:20 - Point de vérification système
RP30: 29/03/2011 16:05:32 - Installé EPSON EasyPrintModule
RP31: 29/03/2011 16:05:40 - Installé ABBYY FineReader 5.0 Sprint Plus
RP32: 29/03/2011 16:07:58 - Installed EPSON Attach To Email
RP33: 29/03/2011 16:08:27 - Installed EPSON Send To Web
RP34: 29/03/2011 16:09:05 - Installé EPSON Image Clip Palette
RP35: 29/03/2011 16:09:43 - Installé EPSON Event Manager
RP36: 29/03/2011 16:10:20 - Installé EPSON Scan Assistant
RP37: 29/03/2011 16:10:53 - Installé EPSON File Manager
RP38: 29/03/2011 16:10:57 - Installé EPSON File Manager
RP39: 30/03/2011 20:12:01 - Point de vérification système
RP40: 31/03/2011 18:37:36 - Installed Windows KB954550-v5.
RP41: 31/03/2011 18:37:44 - Pilote d'imprimante Microsoft XPS Document Writer installé
RP42: 31/03/2011 18:37:53 - Pilote d'imprimante Microsoft XPS Document Writer installé
RP43: 31/03/2011 18:40:32 - Installed %1 %2.
RP44: 31/03/2011 18:43:00 - Installed X-Lite 4
RP45: 1/04/2011 21:18:50 - Point de vérification système
RP46: 4/04/2011 14:00:30 - Point de vérification système
RP47: 4/04/2011 15:52:01 - Installé Module de compatibilité pour Microsoft Office System 2007
RP48: 5/04/2011 21:20:34 - Point de vérification système
RP49: 7/04/2011 13:58:57 - Point de vérification système
RP50: 8/04/2011 20:09:06 - Point de vérification système
RP51: 9/04/2011 20:53:58 - Point de vérification système
RP52: 11/04/2011 14:30:29 - Point de vérification système
.
==== Installed Programs ======================
.
ABBYY FineReader 5.0 Sprint Plus
Acer Bio Protection
Acer Crystal Eye Webcam 2.0.8.4
Acer Crystal Eye Webcam Video Class Camera
Acer Empowering Technology
Acer ePower Management
Acer GridVista
Acer ScreenSaver
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.2.6
ALPS Touch Pad Driver
Analyseur MSXML 6.0
Avira AntiVir Premium
Broadcom Gigabit Integrated Controller
Canon iP4700 series Printer Driver
CCleaner
Copernic Desktop Search 2
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON File Manager
EPSON Image Clip Palette
EPSON Scan
EPSON Scan Assistant
EPSON Send To Web
ERUNT 1.1j
Express Talk
Fastworks- Desktop
Fastworks-Entreprise
Fichiers de prise en charge de l'installation de Microsoft SQL*Server (Français)
GPL Ghostscript 9.01
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
InterVideo WinDVD 8
Kyocera Product Library
Launch Manager
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
Microsoft .NET Framework 3.5 Language Pack SP1 - fra
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft Outlook Personal Folders Backup
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951978)
Module de compatibilité pour Microsoft Office System 2007
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Shadow
O2Micro Flash Memory Card Reader Driver (x86)
Opera 11.01
PERF4990P Guide de référence
PowerArchiver
PrimoPDF
PrimoPDF Redistribution Package
Realtek High Definition Audio Driver
Skype™ 5.1
SPBA 5.8
Spy Sweeper
Spybot - Search & Destroy
Unlocker 1.8.8
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 7
X-Lite 4
XML Paper Specification Shared Components Language Pack 1.0
XnView 1.97.8
.
==== Event Viewer Messages From Past Week ========
.
5/04/2011 11:17:10, error: Service Control Manager [7000] - Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur*: Le chemin d'accès spécifié est introuvable.
5/04/2011 11:10:15, error: Service Control Manager [7000] - Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur*: Le chemin d'accès spécifié est introuvable.
11/04/2011 13:59:03, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger*: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
11/04/2011 13:58:48, error: sr [1] - Le filtre de restauration du système à rencontré l'erreur inattendue '0xC0000001' pendant le traitement du fichier '' sur le volume 'HarddiskVolume2'. Ceci a entraîné l'arrêt de la surveillance du
volume.
.
==== End Of File ===========================
Hi,
Did Antivir remove that finding MBAM missed? That Antivir finding in your last post was in system restore (we'll clean system restore as one of the final steps).
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Hi,
OK, uninstalled Flash / reinstalled last version.
Avira proposed to quarantine the finding but I did not take any action thinking it might interfere with your cleaning process...
Furthermore, if I quarantine the "ntuser.dat" I am afraid not to be able to run the computer properly. Am I wrong ?
I already had to reformat and reinstall Windows after having quarantined the "iertutil.dll" when being infected. So, I prefer to get your advice on this kind of action first...
By the way, I still have to start Windows with my custom trick (terminating explorer.exe) if I want to be able to use the laptop in a comfortable way.
Txs.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi again,
OK, followed the instructions carefully.
Here are the logs...
The annoying thing is that after re-enabling Antivir Guard it keeps popping up with a warning for positive result with C:\ComboFix\cmd.cfxxe and whatever option I choose, it continues asking me what to do :confused:
ComboFix 11-04-12.01 - Etienne 12/04/2011 21:41:04.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3001.2378 [GMT 2:00]
Lancé depuis: c:\documents and settings\Etienne\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Etienne\Application Data\desktop.ini
c:\documents and settings\Etienne\WINDOWS
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-03-12 au 2011-04-12 ))))))))))))))))))))))))))))))))))))
.
.
2011-04-11 11:02 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 11:02 . 2011-04-11 11:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-11 11:02 . 2011-04-11 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-11 11:02 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 22:24 . 2011-04-09 22:24 -------- d-----w- C:\Desktop
2011-04-04 13:51 . 2011-04-04 13:51 -------- d-----w- c:\program files\MSECache
2011-03-31 16:43 . 2011-03-31 16:43 -------- d-----w- c:\program files\CounterPath
2011-03-31 16:40 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-31 16:38 . 2011-03-31 16:40 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-31 16:38 . 2011-03-31 16:38 -------- d-----w- c:\program files\MSBuild
2011-03-31 16:38 . 2011-03-31 16:38 -------- d-----w- c:\program files\Reference Assemblies
2011-03-31 16:37 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-31 16:37 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-31 16:37 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-31 16:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-31 16:37 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-31 16:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-31 16:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-31 16:37 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-31 16:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-31 15:02 . 2011-03-31 15:02 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-03-31 15:02 . 2011-03-31 15:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2011-03-31 15:02 . 2009-03-18 09:09 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
2011-03-31 15:01 . 2009-03-24 03:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA1.DLL
2011-03-31 15:01 . 2009-03-24 03:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA1.DLL
2011-03-31 15:01 . 2009-03-24 03:00 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-03-31 10:07 . 2011-03-31 10:07 -------- d-----w- c:\documents and settings\LocalService\Menu Démarrer
2011-03-29 14:05 . 2011-03-29 14:05 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-03-29 14:05 . 2004-01-31 23:00 413696 ----a-w- c:\windows\system32\PICSDK.dll
2011-03-29 14:05 . 2002-11-14 22:00 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-03-29 14:05 . 2002-11-14 22:00 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-03-29 14:04 . 2011-03-29 14:06 -------- d-----w- c:\program files\epson
2011-03-29 14:00 . 2003-12-14 22:00 29696 ----a-w- c:\windows\system32\escwiab.dll
2011-03-29 14:00 . 2003-12-14 22:00 33280 ----a-w- c:\windows\system32\esccm.dll
2011-03-29 14:00 . 2003-12-14 22:00 27648 ----a-w- c:\windows\system32\escimg.dll
2011-03-29 14:00 . 2008-04-13 09:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-29 14:00 . 2008-04-13 09:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-29 12:49 . 2011-03-29 12:50 -------- d-----w- c:\program files\ERUNT
2011-03-24 11:49 . 2008-04-13 10:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-23 12:36 . 2007-03-01 18:54 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
2011-03-22 10:15 . 2011-03-29 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-22 10:15 . 2011-03-22 10:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-21 17:02 . 2011-03-21 17:03 -------- d-----w- c:\program files\GhostScript
2011-03-21 16:19 . 2011-03-21 16:19 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2011-03-19 12:17 . 2011-04-11 22:06 -------- d-----w- c:\windows\system32\NtmsData
2011-03-16 18:32 . 1998-10-07 12:08 327168 ----a-w- c:\windows\IsUn040c.exe
2011-03-16 12:06 . 2010-11-03 17:15 359016 ----a-w- c:\windows\vncutil.exe
2011-03-16 12:06 . 2011-01-04 18:25 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-16 12:06 . 2010-11-03 17:14 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-03-16 12:06 . 2009-11-18 06:17 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-03-16 12:06 . 2009-11-18 06:16 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-03-16 11:34 . 2008-04-13 10:46 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2011-03-16 11:34 . 2008-04-13 10:46 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2011-03-16 11:17 . 2007-03-23 09:50 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-03-14 21:32 . 2008-01-10 18:44 199176 ----a-w- c:\windows\GVUni.exe
2011-03-14 21:32 . 2007-12-03 22:11 207368 ----a-w- c:\windows\UNINST32.EXE
2011-03-14 21:32 . 2006-01-20 21:42 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-03-14 21:32 . 2004-12-09 19:04 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2011-03-14 21:31 . 2008-07-17 19:27 380928 ----a-w- c:\windows\AcerStore.exe
2011-03-14 21:31 . 2008-05-09 12:58 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-03-14 21:31 . 2008-04-28 13:14 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-03-14 21:31 . 2008-04-18 23:09 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-03-14 21:31 . 2008-04-18 23:08 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2011-03-14 21:31 . 2011-03-14 12:34 -------- d-----w- c:\windows\WLAN
2011-03-14 21:30 . 2011-03-14 12:34 -------- d-----w- c:\windows\VGA
2011-03-14 21:30 . 2008-04-15 17:46 147456 ----a-w- c:\windows\PLAUNCH.EXE
2011-03-14 21:30 . 2011-03-14 12:34 -------- d-----w- c:\windows\Lan
2011-03-14 18:17 . 2011-04-04 12:37 -------- d-----w- C:\TMP
2011-03-14 18:16 . 2003-09-16 21:57 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
2011-03-14 18:16 . 2011-03-14 18:16 -------- d-----w- c:\program files\Common Files
2011-03-14 18:16 . 2011-03-14 18:22 -------- d-----w- c:\program files\Data-Concept
2011-03-14 18:15 . 1999-03-23 08:12 304128 ----a-w- c:\windows\unin040c.exe
2011-03-14 18:09 . 2011-03-14 18:09 -------- d-----w- c:\program files\PowerArchiver
2011-03-14 18:02 . 2011-03-16 14:25 -------- d-----w- c:\program files\XnView
2011-03-14 18:00 . 2011-03-14 18:00 -------- d-----w- c:\program files\VideoLAN
2011-03-14 17:56 . 2011-03-14 17:56 -------- d-----w- c:\program files\NK2View
2011-03-14 17:52 . 2011-03-14 17:54 -------- d-----w- c:\program files\Kyocera
2011-03-14 17:51 . 2008-04-13 10:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-14 17:51 . 2008-04-13 10:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-14 17:47 . 2008-07-25 05:56 100580 ------w- c:\windows\system32\KMPJLMN.DLL
2011-03-14 17:47 . 2008-05-15 12:58 46877 ------w- c:\windows\system32\KM-PMKN.DLL
2011-03-14 17:37 . 2006-08-31 17:46 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-14 17:37 . 2011-04-11 15:12 -------- d-----w- c:\program files\PrimoPDF
2011-03-14 17:37 . 2011-03-14 17:37 -------- d-----w- c:\windows\PrimoPDF
2011-03-14 17:36 . 2011-03-21 09:34 -------- d-----w- c:\program files\Unlocker
2011-03-14 17:08 . 2011-03-14 17:08 -------- d-----w- c:\program files\Fichiers communs\Skype
2011-03-14 17:08 . 2011-03-14 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-03-14 16:21 . 2011-03-14 16:21 -------- d-----w- c:\program files\NCH Swift Sound
2011-03-14 16:21 . 2011-03-14 16:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2011-03-14 16:14 . 2011-03-14 17:08 -------- d-----r- c:\program files\Skype
2011-03-14 15:37 . 2007-04-09 12:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-03-14 15:37 . 2007-04-09 12:23 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-03-14 15:36 . 2011-03-14 15:44 -------- d-----w- c:\program files\Microsoft Works
2011-03-14 15:35 . 2011-03-14 15:36 -------- d-----w- c:\windows\SHELLNEW
2011-03-14 15:33 . 2011-03-14 15:33 -------- d-----r- C:\MSOCache
2011-03-14 14:57 . 2011-03-30 10:49 -------- d-----w- c:\program files\Opera
2011-03-14 14:48 . 2011-03-14 14:48 -------- d-----w- c:\program files\Copernic Desktop Search 2
2011-03-14 14:47 . 2011-04-05 22:39 -------- d-----w- c:\program files\CCleaner
2011-03-14 14:42 . 2011-03-31 10:06 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-14 14:42 . 2011-03-14 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-14 14:42 . 2011-03-14 14:40 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-03-14 14:42 . 2011-03-14 14:40 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-03-14 14:42 . 2011-03-14 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-03-14 14:42 . 2011-03-14 14:42 -------- d-----w- c:\program files\Avira
2011-03-14 14:23 . 2011-03-14 14:23 -------- d-----w- c:\program files\Acer Inc
2011-03-14 14:09 . 2011-03-14 14:09 -------- d-----w- c:\program files\Launch Manager
2011-03-14 14:08 . 2005-09-21 00:27 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2011-03-14 14:08 . 2011-03-14 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2011-03-14 14:08 . 2011-03-14 14:08 -------- d-----w- c:\program files\Fichiers communs\InterVideo
2011-03-14 14:08 . 2011-03-14 14:08 -------- d-----w- c:\program files\Fichiers communs\Protexis
2011-03-14 14:06 . 2007-04-13 10:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-03-14 14:06 . 2006-03-23 11:02 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-03-14 14:06 . 2006-03-30 12:06 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-14 14:06 . 2005-12-09 08:12 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-14 14:06 . 2004-11-03 08:06 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2011-03-14 14:05 . 2007-11-30 12:00 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-03-14 14:05 . 2006-02-16 14:39 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-03-14 14:05 . 2005-04-07 17:08 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-03-14 14:05 . 2004-07-19 12:10 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-03-14 14:05 . 2008-06-06 10:09 69632 ----a-w- c:\windows\system32\eRecUtil.dll
2011-03-14 14:05 . 2007-12-25 13:21 24576 ----a-w- c:\windows\system32\SysMonitor.exe
2011-03-14 14:05 . 2008-06-06 10:09 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-03-14 13:58 . 2008-04-17 09:26 24578845 ----a-w- c:\windows\system32\acer.exe
2011-03-14 13:58 . 2007-04-18 21:02 36909056 ----a-w- c:\windows\system32\acer.scr
2011-03-14 13:58 . 2011-03-14 13:58 -------- d-----w- c:\windows\ACER
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 10:27 . 2011-03-10 10:27 1377112 ----a-w- C:\TDSSKiller.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search 2"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-04-10 1583624]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"X-Lite 4"="c:\program files\CounterPath\X-Lite 4\X-Lite4.exe" [2010-08-11 2863616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2011-03-14 3724800]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-24 159744]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-18 53248]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-07-08 466944]
"Boot"="c:\program files\Acer\Empowering Technology\ePower\Boot.exe" [2007-12-25 579584]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-09 870920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-14 281768]
"Talk"="c:\program files\NCH Swift Sound\Talk\talk.exe" [2011-03-14 1103876]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"RTHDCPL"="RTHDCPL.EXE" [2011-02-17 20029032]
"EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2004-08-05 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-16 110592]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-03-14 13:56 3167744 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 14:24 567560 ----a-w- c:\program files\Fichiers communs\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 20:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2007-07-11 13:07 421888 ----a-w- c:\program files\Acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe /idle
"PHIME2002ASync"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
"PHIME2002A"=c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
"MSPY2002"=c:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\CounterPath\\X-Lite 4\\X-Lite4.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58009:UDP"= 58009:UDP:Express Talk RTP Incoming Audio (UDP)
"58008:UDP"= 58008:UDP:Express Talk RTP Incoming Audio (UDP)
"58007:UDP"= 58007:UDP:Express Talk RTP Incoming Audio (UDP)
"58006:UDP"= 58006:UDP:Express Talk RTP Incoming Audio (UDP)
"58005:UDP"= 58005:UDP:Express Talk RTP Incoming Audio (UDP)
"58004:UDP"= 58004:UDP:Express Talk RTP Incoming Audio (UDP)
"58003:UDP"= 58003:UDP:Express Talk RTP Incoming Audio (UDP)
"58002:UDP"= 58002:UDP:Express Talk RTP Incoming Audio (UDP)
"58001:UDP"= 58001:UDP:Express Talk RTP Incoming Audio (UDP)
"58000:UDP"= 58000:UDP:Express Talk RTP Incoming Audio (UDP)
"55070:UDP"= 55070:UDP:Express Talk Sip Incoming Calls (UDP)
.
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [14/03/2011 16:42 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [14/03/2011 16:42 135336]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [14/03/2011 16:42 421032]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/03/2008 13:11 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [6/04/2008 22:42 50424]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [14/03/2011 15:52 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [13/05/2008 21:49 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [12/06/2008 18:30 43608]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [26/12/2007 7:23 17968]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/04/2008 3:03 131072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [16/03/2011 14:06 1691480]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - UBHELPER
.
Contenu du dossier 'Tâches planifiées'
.
2011-04-12 c:\windows\Tasks\talkShakeIcon.job
- c:\program files\NCH Swift Sound\Talk\talk.exe [2011-03-14 16:58]
.
2011-04-07 c:\windows\Tasks\wrSpySweeperTrialSweep.job
- c:\program files\Spy Sweeper\SpySweeperUI.exe [2011-03-23 18:57]
.
2011-04-07 c:\windows\Tasks\wrSpySweeperTrialSweep.job
- c:\program files\Spy Sweeper\SpySweeperUI.exe [2011-03-23 18:57]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-svcWRSSSDK
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 21:48
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\program files\Acer\Acer Bio Protection\CompPtc.dll
c:\program files\Fichiers communs\SPBA\vtapip.dll
c:\program files\Fichiers communs\SPBA\infql2.dll
c:\program files\Acer\Acer Bio Protection\CustomRes.dll
c:\windows\system32\bsapi.dll
c:\program files\Acer\Acer Bio Protection\WinNotify.dll
c:\program files\Fichiers communs\SPBA\homefus2.dll
c:\program files\Fichiers communs\SPBA\homepass.dll
c:\program files\Fichiers communs\SPBA\bio.dll
c:\program files\Fichiers communs\SPBA\qlbase.dll
c:\windows\system32\WRLogonNTF.dll
.
- - - - - - - > 'lsass.exe'(1028)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Heure de fin: 2011-04-12 21:49:49
ComboFix-quarantined-files.txt 2011-04-12 19:49
.
Avant-CF: 47.176.134.656 octets libres
Après-CF: 47.137.165.312 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - D1F5955860CA93880647924AA5BD1C2A
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Etienne at 22:02:34,98 on mar. 12/04/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3001.2318 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Spy Sweeper\SpySweeper.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Etienne\Bureau\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
uRun: [Copernic Desktop Search 2] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
mRun: [preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [AzMixerSel] "c:\program files\realtek\audio\installshield\AzMixerSel.exe"
mRun: [ePower_DMC] "c:\program files\acer\empowering technology\epower\ePower_DMC.exe"
mRun: [Boot] "c:\program files\acer\empowering technology\epower\Boot.exe"
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Talk] "c:\program files\nch swift sound\talk\talk.exe" -logon
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\avira\antivir desktop\avsda.dll
TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: spba - c:\program files\fichiers communs\spba\homefus2.dll
Notify: WRNotifier - WRLogonNTF.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-14 11608]
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-21 201288]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-14 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 269480]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-14 421032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
R2 WebrootSpySweeperService;Moteur Webroot Spy Sweeper;c:\program files\spy sweeper\SpySweeper.exe [2006-1-25 3379264]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-14 108032]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-16 1691480]
S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-21 35240]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33800]
S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-7-21 40488]
.
=============== Created Last 30 ================
.
2011-04-12 19:40:16 -------- d-sha-r- C:\cmdcons
2011-04-12 19:35:08 98816 ----a-w- c:\windows\sed.exe
2011-04-12 19:35:08 89088 ----a-w- c:\windows\MBR.exe
2011-04-12 19:35:08 256512 ----a-w- c:\windows\PEV.exe
2011-04-12 19:35:08 161792 ----a-w- c:\windows\SWREG.exe
2011-04-11 11:02:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 11:02:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-11 11:02:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-11 11:02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 22:36:13 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-04-09 22:24:20 -------- d-----w- C:\Desktop
2011-04-04 13:51:52 -------- d-----w- c:\program files\MSECache
2011-03-31 16:43:40 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath Corporation
2011-03-31 16:43:33 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath
2011-03-31 16:43:00 -------- d-----w- c:\program files\CounterPath
2011-03-31 16:40:32 14048 ------w- c:\windows\system32\spmsg2.dll
2011-03-31 16:38:21 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-31 16:37:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-03-31 16:37:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-03-31 16:37:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-03-31 16:37:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-03-31 16:37:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-03-31 16:37:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-03-31 16:37:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-03-31 16:37:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-03-31 16:37:28 117760 ------w- c:\windows\system32\prntvpt.dll
2011-03-31 15:02:04 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
2011-03-31 15:01:47 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA1.DLL
2011-03-31 15:01:47 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA1.DLL
2011-03-31 15:01:46 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
2011-03-29 14:09:06 282624 ----a-w- c:\program files\fichiers communs\installshield\updateservice\agent.exe
2011-03-29 14:06:22 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
2011-03-29 14:06:22 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-03-29 14:06:22 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
2011-03-29 14:06:22 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
2011-03-29 14:06:21 696320 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-03-29 14:06:21 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
2011-03-29 14:06:21 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-03-29 14:05:42 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2011-03-29 14:05:32 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-03-29 14:05:32 413696 ----a-w- c:\windows\system32\PICSDK.dll
2011-03-29 14:05:32 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-03-29 14:05:27 724992 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iKernel.dll
2011-03-29 14:05:27 69715 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\ctor.dll
2011-03-29 14:05:27 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
2011-03-29 14:05:27 266240 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iscript.dll
2011-03-29 14:05:27 192512 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iuser.dll
2011-03-29 14:05:26 311428 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\Setup.dll
2011-03-29 14:05:26 184452 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iGdi.dll
2011-03-29 14:04:04 -------- d-----w- c:\program files\epson
2011-03-29 14:00:59 29696 ----a-w- c:\windows\system32\escwiab.dll
2011-03-29 14:00:58 33280 ----a-w- c:\windows\system32\esccm.dll
2011-03-29 14:00:58 27648 ----a-w- c:\windows\system32\escimg.dll
2011-03-29 14:00:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-03-29 14:00:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-03-24 11:49:13 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-03-23 12:36:12 22080 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-03-23 12:36:12 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
2011-03-23 12:36:12 20544 ----a-w- c:\windows\system32\drivers\SSFS0509.sys
2011-03-23 12:36:12 144960 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-03-23 12:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-03-23 12:34:13 -------- d-----w- c:\docume~1\etienne\applic~1\Webroot
2011-03-23 10:45:31 -------- d-----w- c:\program files\MSSOAP
2011-03-23 10:24:12 1563008 ----a-w- c:\windows\WRSetup.dll
2011-03-23 09:50:39 102912 ----a-w- c:\windows\system32\islzma.dll
2011-03-23 09:50:29 -------- d-----w- c:\program files\Spy Sweeper
2011-03-22 22:13:24 -------- d-----w- c:\docume~1\etienne\applic~1\Malwarebytes
2011-03-22 10:15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-22 10:15:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-21 23:03:19 -------- d-----w- c:\windows\pss
2011-03-21 17:02:58 -------- d-----w- c:\program files\GhostScript
2011-03-21 16:19:45 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
2011-03-19 12:17:56 -------- d-----w- c:\windows\system32\NtmsData
2011-03-16 18:32:44 327168 ----a-w- c:\windows\IsUn040c.exe
2011-03-16 12:06:25 359016 ----a-w- c:\windows\vncutil.exe
2011-03-16 12:06:21 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2011-03-16 12:06:21 129640 ----a-w- c:\windows\RtkAudioService.exe
2011-03-16 12:06:20 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2011-03-16 12:06:18 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2011-03-16 11:34:34 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
2011-03-16 11:34:34 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
2011-03-16 11:17:05 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2011-03-14 21:32:20 199176 ----a-w- c:\windows\GVUni.exe
2011-03-14 21:32:19 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
2011-03-14 21:32:19 207368 ----a-w- c:\windows\UNINST32.EXE
2011-03-14 21:32:19 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2011-03-14 21:31:50 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
2011-03-14 21:31:50 380928 ----a-w- c:\windows\AcerStore.exe
2011-03-14 21:31:20 659456 ----a-w- c:\windows\system32\NETw5c32.dll
2011-03-14 21:31:20 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2011-03-14 21:31:20 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2011-03-14 21:31:19 -------- d-----w- c:\windows\WLAN
2011-03-14 21:30:32 -------- d-----w- c:\windows\VGA
2011-03-14 21:30:24 147456 ----a-w- c:\windows\PLAUNCH.EXE
2011-03-14 21:30:23 -------- d-----w- c:\windows\Lan
2011-03-14 18:17:49 -------- d-----w- C:\TMP
2011-03-14 18:16:40 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
2011-03-14 18:16:32 -------- d-----w- c:\program files\Common Files
2011-03-14 18:16:13 -------- d-----w- c:\program files\Data-Concept
2011-03-14 18:15:56 304128 ----a-w- c:\windows\unin040c.exe
2011-03-14 18:09:33 -------- d-----w- c:\program files\PowerArchiver
2011-03-14 18:02:57 -------- d-----w- c:\docume~1\etienne\applic~1\XnView
2011-03-14 18:02:32 -------- d-----w- c:\program files\XnView
2011-03-14 18:00:06 -------- d-----w- c:\program files\VideoLAN
2011-03-14 17:56:01 -------- d-----w- c:\program files\NK2View
2011-03-14 17:52:49 -------- d-----w- c:\program files\Kyocera
2011-03-14 17:51:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2011-03-14 17:51:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2011-03-14 17:47:59 100580 ------w- c:\windows\system32\KMPJLMN.DLL
2011-03-14 17:47:52 46877 ------w- c:\windows\system32\KM-PMKN.DLL
2011-03-14 17:37:22 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-14 17:37:19 -------- d-----w- c:\windows\PrimoPDF
2011-03-14 17:37:19 -------- d-----w- c:\program files\PrimoPDF
2011-03-14 17:36:40 -------- d-----w- c:\program files\Unlocker
2011-03-14 16:21:42 -------- d-----w- c:\program files\NCH Swift Sound
2011-03-14 16:14:19 -------- d-----r- c:\program files\Skype
2011-03-14 15:47:20 -------- d-----w- c:\docume~1\etienne\applic~1\Avira
2011-03-14 15:37:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2011-03-14 15:37:02 28040 ----a-w- c:\windows\system32\mdimon.dll
2011-03-14 15:35:50 -------- d-----w- c:\windows\SHELLNEW
2011-03-14 14:57:15 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Opera
2011-03-14 14:49:05 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Copernic
2011-03-14 14:48:49 -------- d-----w- c:\program files\Copernic Desktop Search 2
2011-03-14 14:47:53 -------- d-----w- c:\program files\CCleaner
2011-03-14 14:42:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-14 14:42:51 -------- d-----w- c:\program files\Avira
2011-03-14 14:42:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2011-03-14 14:23:00 -------- d-----w- c:\program files\Acer Inc
2011-03-14 14:09:33 -------- d-----w- c:\program files\Launch Manager
2011-03-14 14:08:47 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2011-03-14 14:08:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
2011-03-14 14:08:28 -------- d-----w- c:\program files\fichiers communs\InterVideo
2011-03-14 14:08:27 -------- d-----w- c:\program files\fichiers communs\Protexis
2011-03-14 14:06:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
2011-03-14 14:06:51 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2011-03-14 14:06:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
2011-03-14 14:06:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
2011-03-14 14:06:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
2011-03-14 14:05:56 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
2011-03-14 14:05:56 53248 ----a-w- c:\windows\system32\acpimof.dll
2011-03-14 14:05:56 45056 ----a-w- c:\windows\system32\Epm-Po.dll
2011-03-14 14:05:56 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
2011-03-14 14:05:16 69632 ----a-w- c:\windows\system32\eRecUtil.dll
2011-03-14 14:05:16 24576 ----a-w- c:\windows\system32\SysMonitor.exe
2011-03-14 14:05:14 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2011-03-14 13:58:54 24578845 ----a-w- c:\windows\system32\acer.exe
2011-03-14 13:58:52 36909056 ----a-w- c:\windows\system32\acer.scr
2011-03-14 13:58:47 -------- d-----w- c:\program files\Acer Incorporated
2011-03-14 13:58:26 -------- d-----w- c:\windows\ACER
2011-03-14 13:58:08 49152 ----a-w- c:\windows\system32\ChCfg.exe
2011-03-14 13:56:54 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
2011-03-14 13:56:54 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
2011-03-14 13:56:41 23040 ----a-w- c:\windows\system32\ShlCmd.exe
2011-03-14 13:56:40 5632 ----a-w- c:\windows\system32\biologon.dll
2011-03-14 13:56:32 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
2011-03-14 13:56:32 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
2011-03-14 13:56:32 24048 ----a-w- c:\windows\system32\AlfaFF.dll
2011-03-14 13:56:27 1468928 ----a-w- c:\windows\system32\bsapi.dll
2011-03-14 13:56:26 -------- d-----w- c:\program files\Acer
2011-03-14 13:56:16 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys
2011-03-14 13:56:08 -------- d-----w- c:\program files\fichiers communs\SPBA
2011-03-14 13:53:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
2011-03-14 13:52:29 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
2011-03-14 13:52:29 141056 ----a-w- c:\windows\system32\drivers\ks.sys
2011-03-14 13:52:29 108032 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
2011-03-14 13:52:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
2011-03-14 13:52:27 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2011-03-14 13:52:27 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2011-03-14 13:52:26 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2011-03-14 13:52:26 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-03-14 13:52:26 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-03-14 13:52:25 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
2011-03-14 13:52:25 49408 ----a-w- c:\windows\system32\drivers\stream.sys
2011-03-14 13:52:25 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-03-14 12:37:41 -------- d-----w- c:\windows\system32\LogFiles
2011-03-14 12:35:18 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-03-14 12:35:14 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-03-14 12:35:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-03-14 12:35:13 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-03-14 12:35:13 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-03-14 12:35:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-03-14 12:35:12 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-03-14 12:35:12 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-03-14 12:35:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-03-14 12:35:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-03-14 12:34:50 -------- d-----w- c:\program files\CONEXANT
2011-03-14 12:34:29 -------- d-----w- c:\windows\system32\RTCOM
.
==================== Find3M ====================
.
2011-03-10 10:27:50 1377112 ----a-w- C:\TDSSKiller.exe
2011-02-17 13:02:04 20029032 ----a-w- c:\windows\RTHDCPL.EXE
2011-02-09 14:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
.
============= FINISH: 22:03:05,28 ===============
Hi,
How strict have you set Antivir heuristics settings?
Hi,
Heuristics settings "medium" (default).
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checked.
Click Scan
Wait for the scan to finish. Copy-paste results back here.
Here is the result :
C:\System Volume Information\_restore{252295B3-C40E-48B4-9091-1C42FC8617DF}\RP17\A0007549.lnk Win32/Adware.ADON application
C:\System Volume Information\_restore{252295B3-C40E-48B4-9091-1C42FC8617DF}\RP18\A0008972.lnk Win32/Adware.ADON application
C:\System Volume Information\_restore{252295B3-C40E-48B4-9091-1C42FC8617DF}\RP18\A0008975.lnk Win32/Adware.ADON application
C:\System Volume Information\_restore{252295B3-C40E-48B4-9091-1C42FC8617DF}\RP23\A0010774.lnk Win32/Adware.ADON application
D:\DONNEES\Downloads\unlocker1.8.7.exe a variant of Win32/Adware.ADON application
D:\DONNEES\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application
D:\DONNEES\Downloads\Unlocker1.9.0.exe Win32/Adware.ADON application
D:\DONNEES\Downloads Scanned\Nero-7.7.5.1_fra_trial.exe Win32/Toolbar.AskSBar application
D:\DONNEES\Downloads Scanned\unlocker1.8.6.exe Win32/Adware.ADON application
Hi,
Delete those ESET findings on D: drive. Like I said earlier, system restore items will be swept off by a system restore reset.
Are you familiar with both these IP addresses: 192.74.208.65 & 194.119.228.67?
Update Antivir and run a full scan with again. Let's see what it finds.
Hi again,
OK, ESET cleaned the found adwares on drive D:\. Report hereunder.
Avira Antivir full scan performed... Here is the report.
But I am curious : Avira found nothing but 2 "hidden objects" as stated in the last line of the log but did not give any warning, nor did it ask for actions to take (??)
So, I do not even know what are these objects and where they are located...
Regarding the 2 IP adresses you pointed out : I did noticed these ones in the previous logs but did not check carefully... I recognized the 2nd one being one of my internet provider's DNS addresses, but the 1st one is unknown !
After checking with whois, it appears to be located in Australia.
Remark :
Comment: This IP address range is not registered in the ARIN database.
Comment: This range was transferred to the APNIC Whois Database as
Comment: part of the ERX (Early Registration Transfer) project.
Thanks again for your time.
ESET cleaning result :
D:\DONNEES\Downloads\unlocker1.8.7.exe a variant of Win32/Adware.ADON application deleted - quarantined
D:\DONNEES\Downloads\unlocker1.8.8.exe Win32/Adware.ADON application deleted - quarantined
D:\DONNEES\Downloads\Unlocker1.9.0.exe Win32/Adware.ADON application deleted - quarantined
D:\DONNEES\Downloads Scanned\Nero-7.7.5.1_fra_trial.exe Win32/Toolbar.AskSBar application deleted - quarantined
D:\DONNEES\Downloads Scanned\unlocker1.8.6.exe Win32/Adware.ADON application deleted - quarantined
Avira AntiVir Premium
Date de création du fichier de rapport : mercredi 13 avril 2011 22:13
La recherche porte sur 2553189 souches de virus.
Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.
Détenteur de la licence : xx
Numéro de série : xx
Plateforme : Windows XP
Version de Windows : (Service Pack 3) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : ACER_TM5730
Informations de version :
BUILD.DAT : 10.0.0.104 35932 Bytes 7/03/2011 14:25:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 14/03/2011 14:40:38
AVSCAN.DLL : 10.0.3.0 56168 Bytes 14/03/2011 14:40:37
LUKE.DLL : 10.0.3.2 104296 Bytes 14/03/2011 14:40:47
LUKERES.DLL : 10.0.0.0 13672 Bytes 14/03/2011 14:40:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 14:40:12
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:40:24
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 14:40:25
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7/04/2011 11:16:37
VBASE004.VDF : 7.11.5.226 2048 Bytes 7/04/2011 11:16:37
VBASE005.VDF : 7.11.5.227 2048 Bytes 7/04/2011 11:16:37
VBASE006.VDF : 7.11.5.228 2048 Bytes 7/04/2011 11:16:37
VBASE007.VDF : 7.11.5.229 2048 Bytes 7/04/2011 11:16:37
VBASE008.VDF : 7.11.5.230 2048 Bytes 7/04/2011 11:16:37
VBASE009.VDF : 7.11.5.231 2048 Bytes 7/04/2011 11:16:37
VBASE010.VDF : 7.11.5.232 2048 Bytes 7/04/2011 11:16:37
VBASE011.VDF : 7.11.5.233 2048 Bytes 7/04/2011 11:16:37
VBASE012.VDF : 7.11.5.234 2048 Bytes 7/04/2011 11:16:37
VBASE013.VDF : 7.11.6.28 158208 Bytes 11/04/2011 11:43:47
VBASE014.VDF : 7.11.6.74 116224 Bytes 13/04/2011 10:06:48
VBASE015.VDF : 7.11.6.75 2048 Bytes 13/04/2011 10:06:48
VBASE016.VDF : 7.11.6.76 2048 Bytes 13/04/2011 10:06:48
VBASE017.VDF : 7.11.6.77 2048 Bytes 13/04/2011 10:06:48
VBASE018.VDF : 7.11.6.78 2048 Bytes 13/04/2011 10:06:48
VBASE019.VDF : 7.11.6.79 2048 Bytes 13/04/2011 10:06:48
VBASE020.VDF : 7.11.6.80 2048 Bytes 13/04/2011 10:06:48
VBASE021.VDF : 7.11.6.81 2048 Bytes 13/04/2011 10:06:48
VBASE022.VDF : 7.11.6.82 2048 Bytes 13/04/2011 10:06:48
VBASE023.VDF : 7.11.6.83 2048 Bytes 13/04/2011 10:06:48
VBASE024.VDF : 7.11.6.84 2048 Bytes 13/04/2011 10:06:48
VBASE025.VDF : 7.11.6.85 2048 Bytes 13/04/2011 10:06:48
VBASE026.VDF : 7.11.6.86 2048 Bytes 13/04/2011 10:06:48
VBASE027.VDF : 7.11.6.87 2048 Bytes 13/04/2011 10:06:48
VBASE028.VDF : 7.11.6.88 2048 Bytes 13/04/2011 10:06:48
VBASE029.VDF : 7.11.6.89 2048 Bytes 13/04/2011 10:06:48
VBASE030.VDF : 7.11.6.90 2048 Bytes 13/04/2011 10:06:48
VBASE031.VDF : 7.11.6.99 33280 Bytes 13/04/2011 16:39:33
Version du moteur : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 14/03/2011 14:40:32
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/04/2011 08:40:44
AESCN.DLL : 8.1.7.2 127349 Bytes 14/03/2011 14:40:31
AESBX.DLL : 8.1.3.2 254324 Bytes 14/03/2011 14:40:32
AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 17:44:40
AEPACK.DLL : 8.2.6.0 549237 Bytes 7/04/2011 19:16:39
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/04/2011 08:40:43
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 7/04/2011 19:16:39
AEHELP.DLL : 8.1.16.1 246134 Bytes 14/03/2011 14:40:29
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/04/2011 08:40:41
AEEMU.DLL : 8.1.3.0 393589 Bytes 14/03/2011 14:40:29
AECORE.DLL : 8.1.20.2 196982 Bytes 7/04/2011 19:16:37
AEBB.DLL : 8.1.1.0 53618 Bytes 14/03/2011 14:40:29
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/03/2011 14:39:47
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/03/2011 14:40:37
AVREP.DLL : 10.0.0.8 62209 Bytes 14/03/2011 14:40:37
AVREG.DLL : 10.0.3.2 53096 Bytes 14/03/2011 14:40:37
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 14/03/2011 14:40:38
AVARKT.DLL : 10.0.22.6 231784 Bytes 14/03/2011 14:40:33
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 14/03/2011 14:40:34
SQLITE3.DLL : 3.6.19.0 355688 Bytes 14/03/2011 14:40:50
AVSMTP.DLL : 10.0.0.17 63848 Bytes 14/03/2011 14:40:38
NETNT.DLL : 10.0.0.0 11624 Bytes 14/03/2011 14:40:47
RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 14/03/2011 14:39:49
RCTEXT.DLL : 10.0.58.0 99688 Bytes 14/03/2011 14:39:49
Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Documentation.................................: bas
Action principale.............................: interactif
Action secondaire.............................: renommer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Programmes en cours étendus...................: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: moyen
Fichiers à exclure............................: D:\DONNEES\Documents\EVMH\images, D:\DONNEES\Documents\EVMH\Photos, D:\DONNEES\Documents\Mes images,
Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Début de la recherche : mercredi 13 avril 2011 22:13
La recherche d'objets cachés commence.
c:\windows\system32\shlcmd.exe
c:\windows\system32\shlcmd.exe
[REMARQUE] Le processus n'est pas visible.
c:\windows\system32\shlcmd.exe
La recherche sur les processus démarrés commence :
Processus de recherche 'rsmsink.exe' - '31' module(s) sont contrôlés
Processus de recherche 'WINWORD.EXE' - '86' module(s) sont contrôlés
Processus de recherche 'msdtc.exe' - '42' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '63' module(s) sont contrôlés
Processus de recherche 'dllhost.exe' - '47' module(s) sont contrôlés
Processus de recherche 'vssvc.exe' - '50' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '73' module(s) sont contrôlés
Processus de recherche 'GUARDGUI.EXE' - '44' module(s) sont contrôlés
Processus de recherche 'DESKTO~1.EXE' - '95' module(s) sont contrôlés
Processus de recherche 'DESKTO~3.EXE' - '66' module(s) sont contrôlés
Processus de recherche 'opera.exe' - '97' module(s) sont contrôlés
Processus de recherche 'OUTLOOK.EXE' - '157' module(s) sont contrôlés
Processus de recherche 'wmiapsrv.exe' - '47' module(s) sont contrôlés
Processus de recherche 'wmiprvse.exe' - '49' module(s) sont contrôlés
Processus de recherche 'X-Lite4.exe' - '152' module(s) sont contrôlés
Processus de recherche 'Skype.exe' - '157' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '132' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '36' module(s) sont contrôlés
Processus de recherche 'PresentationFontCache.exe' - '31' module(s) sont contrôlés
Processus de recherche 'ctfmon.exe' - '31' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '36' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '37' module(s) sont contrôlés
Processus de recherche 'AVWEBGRD.EXE' - '39' module(s) sont contrôlés
Processus de recherche 'avmailc.exe' - '33' module(s) sont contrôlés
Processus de recherche 'SpySweeper.exe' - '83' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés
Processus de recherche 'o2flash.exe' - '17' module(s) sont contrôlés
Processus de recherche 'BackupSvc.exe' - '48' module(s) sont contrôlés
Processus de recherche 'MDM.EXE' - '24' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '21' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '39' module(s) sont contrôlés
Processus de recherche 'avshadow.exe' - '32' module(s) sont contrôlés
Processus de recherche 'PLFSetL.exe' - '20' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '29' module(s) sont contrôlés
Processus de recherche 'igfxsrvc.exe' - '25' module(s) sont contrôlés
Processus de recherche 'Agentsvc.exe' - '33' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '32' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '35' module(s) sont contrôlés
Processus de recherche 'igfxtray.exe' - '33' module(s) sont contrôlés
Processus de recherche 'iaanotif.exe' - '43' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '97' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '49' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '91' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '75' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés
Processus de recherche 'btwdins.exe' - '24' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '177' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '44' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '53' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '61' module(s) sont contrôlés
Processus de recherche 'services.exe' - '41' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '94' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '16' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés
La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '496' fichiers).
La recherche sur les fichiers sélectionnés commence :
Recherche débutant dans 'C:\' <ACER>
Recherche débutant dans 'D:\' <Data>
Le répertoire 'D:\DONNEES\Documents\EVMH\images\' a été exclu par la recherche !
Le répertoire 'D:\DONNEES\Documents\EVMH\Photos\' a été exclu par la recherche !
Le répertoire 'D:\DONNEES\Documents\Mes images\' a été exclu par la recherche !
Fin de la recherche : mercredi 13 avril 2011 23:04
Temps nécessaire: 50:02 Minute(s)
La recherche a été effectuée intégralement
6003 Les répertoires ont été contrôlés
531221 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
531221 Fichiers non infectés
10873 Les archives ont été contrôlées
0 Avertissements
0 Consignes
510659 Des objets ont été contrôlés lors du Rootkitscan
2 Des objets cachés ont été trouvés
Hi,
You may ignore those 2 hidden objects thing Antivir noticed.
Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the quote box into a new file:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
ping -n 2 google.com
route print
)
start Log1.txt
del %0
Go to the File menu at the top of the Notepad and select Save as.
Select save in: desktop
Fill in File name: test.bat
Save as type: All file types (*.*)
Click save.
Close the Notepad.
Locate and double-click test.bat on the desktop.
A notepad opens, copy and paste the content it (log1.txt) to your reply.
Hi,
Here is the log.
I checked myself the Connection Properties and I noticed that this IP address we are concerned about is (apparently) an old DNS address from my Internet Provider...
The today correct address is the same BUT beginning with 193.... instead of 192...
And to be honest it might as well be a mistake from my side when entering the "preferred DNS servers"... :red:
Configuration IP de Windows
Nom de l'hôte . . . . . . . . . . : ACER_TM5730
Suffixe DNS principal . . . . . . :
Type de nœud . . . . . . . . . . : Inconnu
Routage IP activé . . . . . . . . : Non
Proxy WINS activé . . . . . . . . : Non
Carte Ethernet Connexion réseau sans fil:
Statut du média . . . . . . . . . : Média déconnecté
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
Adresse physique . . . . . . . . .: 00-21-5D-3E-E8-68
Carte Ethernet Connexion au réseau local:
Suffixe DNS propre à la connexion :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Adresse physique . . . . . . . . .: 00-1D-72-D4-5F-B0
DHCP activé. . . . . . . . . . . : Non
Adresse IP. . . . . . . . .*. . . : 192.168.1.11
Masque de sous-réseau . . .*. . . : 255.255.255.0
Passerelle par défaut . . .*. . . : 192.168.1.1
Serveurs DNS . . . . . . . . . . : 192.74.208.65
194.119.228.67
DNS request timed out.
timeout was 2 seconds.
Serveur : dnsv.scarlet.be
Address: 194.119.228.67
Nom : google.com
Addresses: 74.125.79.99, 74.125.79.104, 74.125.79.147
Envoi d'une requˆte 'ping' sur google.com [74.125.79.99] avec 32 octets de donn‚esÿ:
R‚ponse de 74.125.79.99ÿ: octets=32 temps=38 ms TTL=54
R‚ponse de 74.125.79.99ÿ: octets=32 temps=38 ms TTL=54
Statistiques Ping pour 74.125.79.99:
Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
Minimum = 38ms, Maximum = 38ms, Moyenne = 38ms
===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 5d 3e e8 68 ...... Intel(R) Wireless WiFi Link 5100 - Miniport d'ordonnancement de paquets
0x3 ...00 1d 72 d4 5f b0 ...... Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement de paquets
===========================================================================
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.11 2 1
Passerelle par d‚fautÿ: 192.168.1.1
===========================================================================
Itin‚raires persistantsÿ:
Aucun
Configuration IP de Windows
Nom de l'hôte . . . . . . . . . . : ACER_TM5730
Suffixe DNS principal . . . . . . :
Type de nœud . . . . . . . . . . : Inconnu
Routage IP activé . . . . . . . . : Non
Proxy WINS activé . . . . . . . . : Non
Carte Ethernet Connexion réseau sans fil:
Statut du média . . . . . . . . . : Média déconnecté
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 5100
Adresse physique . . . . . . . . .: 00-21-5D-3E-E8-68
Carte Ethernet Connexion au réseau local:
Suffixe DNS propre à la connexion :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Adresse physique . . . . . . . . .: 00-1D-72-D4-5F-B0
DHCP activé. . . . . . . . . . . : Non
Adresse IP. . . . . . . . .*. . . : 192.168.1.11
Masque de sous-réseau . . .*. . . : 255.255.255.0
Passerelle par défaut . . .*. . . : 192.168.1.1
Serveurs DNS . . . . . . . . . . : 192.74.208.65
194.119.228.67
DNS request timed out.
timeout was 2 seconds.
Serveur : dnsv.scarlet.be
Address: 194.119.228.67
Nom : google.com
Addresses: 74.125.79.99, 74.125.79.104, 74.125.79.147
Envoi d'une requˆte 'ping' sur google.com [74.125.79.99] avec 32 octets de donn‚esÿ:
R‚ponse de 74.125.79.99ÿ: octets=32 temps=38 ms TTL=54
R‚ponse de 74.125.79.99ÿ: octets=32 temps=38 ms TTL=54
Statistiques Ping pour 74.125.79.99:
Paquetsÿ: envoy‚s = 2, re‡us = 2, perdus = 0 (perte 0%),
Dur‚e approximative des boucles en millisecondes :
Minimum = 38ms, Maximum = 38ms, Moyenne = 38ms
===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 5d 3e e8 68 ...... Intel(R) Wireless WiFi Link 5100 - Miniport d'ordonnancement de paquets
0x3 ...00 1d 72 d4 5f b0 ...... Broadcom NetXtreme Gigabit Ethernet - Miniport d'ordonnancement de paquets
===========================================================================
===========================================================================
Itin‚raires actifsÿ:
Destination r‚seau Masque r‚seau Adr. passerelle Adr. interface M‚trique
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.11 192.168.1.11 20
192.168.1.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.11 192.168.1.11 20
224.0.0.0 240.0.0.0 192.168.1.11 192.168.1.11 20
255.255.255.255 255.255.255.255 192.168.1.11 192.168.1.11 1
255.255.255.255 255.255.255.255 192.168.1.11 2 1
Passerelle par d‚fautÿ: 192.168.1.1
===========================================================================
Itin‚raires persistantsÿ:
Aucun
Ok, so nothing malicious on those DNS servers then :)
Are there any other issues left or shall we see a list of the final steps?
Nope, I don't think there are any other issues.
I rebooted the laptop once again in "normal mode" and everything seems to be running smoothly :
Number of processes
Memory load
CPU usage
Connection time
Loading of more than 10pages at Opera startup...
No more pop up of Antivir regarding ComboFix...
The only thing I noticed is a much longer time to shut down and a terrible longer time to start up the computer. Do you think this has any relation to what we've done ?
Oh yes, one more question : can you pls remind me what plugins should I update once we finish...
Up to you for the final steps...
Thanks
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Hi,
I followed yr instructions carefully, updated everything, did a defrag, cleaned the empty space, ran MBAM & Spybot...
Everything is apparently clean and running correctly.
I'll be doing a full scan with Antivir in about an hour.
I still have 2 minor problems :
a. I now get a security warning immediately after each logon stating that "I am to view pages on a secure connection...etc......."
I thought this one was from IE but when switching between applications (Alt+tab) it shows the icon of Skype ????? I am running the last version of Skype.
I can not get rid of this. Any idea ?
b. I see that my laptop has remnants of MS Office 2007 & McAffee AV which I uninstalled at the very beginning of the setup of the computer.
The problem is that Seconia & Windows Update keep asking me to download all the updates for these programs... They do not appear in CCleaner however, nor in Windows "Add/Remove programs".
Can you recommend a tool to wipe this off or can you help me clean the registry ?
A huge thank you for your help and your time in following me up ! :)
Hi,
a. This (http://forum.skype.com/index.php?showtopic=792645) may be helpful.
b. Revo Uninstaller (http://www.revouninstaller.com/) could be tried.
Hi again,
OK. The last full scan with Antivir did not report any problem !
Would you consider that my laptop is now "safe" again ?
Regarding the 2 points I mentioned :
a. Great !! Could get rid of this annoying pop up. you're an encyclopedia yourself !
b. Revo could not retrieve any traces but I think I could locate and delete myself the last remnants as Windows Update is now silent about this...
Is there any further action to take (uninstall/delete/...) before you close this topic ? As far as I am concerned, everything seems OK. :bigthumb:
A terrific thanks to you for your help and advice ! I can hardly imagine there are still guys like you spending their time helping people like me !
All the best.
:thanks: :bow:
:lip:
Sorry, I might have been a little bit too enthusiast...
I get now an error message stating that "in order to protect your computer, this program has been closed : Windows Explorer" !!
Here are the path of the files enclosed in the report msg to MS :
C:\DOCUME~1\Etienne\LOCALS~1\Temp\WER160b.dir00\explorer.exe.mdmp
C:\DOCUME~1\Etienne\LOCALS~1\Temp\WER160b.dir00\appcompat.txt
And immediately after sending the report, I get memory address read errors. :sad:
Windows Explorer restarts, but...
Hi,
Has that re-occured? If so does it happen after some specific action?
It did not happen during the past last hour, but I was not in front of the computer which was idle.
This happened when opening XnView which gives twice the error msg " "This application failed to start because msvcp71.dll was not found. Re-installing the application may fix this problem."
I uninstalled the application with CCleaner and reinstalled a fresh download. But still get the same msg when trying to open.
Until now, the error msg from Win Explorer did not re-occur but I was not working on the laptop, so I don't know if this was a "spot" error or if this is to happen again...
Any clue ?
Txs
Hi,
That problem is likely with XnView. If you need the program then you may ask about possible solution on their forum (http://newsgroup.xnview.com/index.php). It's possible that their version isn't compatible with latest patched Windows component.
You were right once again : I found the fix for this problem.
It came from a badly supported plugin included in the software package. The bug is known by the developer.
As I did not get any other security warning, you can close this topic. I took enough of your time...
And once again :thanks: :thanks: :thanks:
All the best :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.