View Full Version : Click Giftload and Hello
Guy19550
2011-04-19, 13:05
I believe I have that problem from the site "vivlajeunesse" and give not the exact link because it can only create more problems for others (it's a download site).
At the same time I have a message when I go to "Keytrade.com" for the certificate who's not secur (but site is working good) - could be hacking or not !, and also at the same time I have no longer acces to the messages boards on "yahoo.finance".
Browser is Google Chrome but the problems with internet explorer are the same.
I read this and tried all night including a restoration of an older image partition after a reformat of C disk, it didn't help: "Click.GiftLoad and a System Restore -- Am I Clean?"
What is found in that threat did not help very much because I cannot remember my password of administrator (a quick search give nothing as detection but it wasn't do under administrator password and a complete detection give me one thing found, I removed it (CDburnerXP program, a freeware) but it was not the cause of malfunction, so partition is retored once again.
I also tried Ad-aware (found nothing, just an illegal program for printing under DOS, and could not be the cause of the problem).
I have no longer an idea for what's next.
In fact "Click... is removed when running Spybot but after next start he's there again" I removed also so much as possible programs as resident, deleted all the cookies ... and more.
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Download DDS from one of the links below to your desktop
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)
Information on A/V control Here (http://www.bleepingcomputer.com/forums/topic114351.html)
Guy19550
2011-04-20, 00:10
Thanks for helping, I remember I this this yesterday but I couldn't understand anythink with that and partition was restored after running this utility.
Here's the result of today with the other file in zip format :
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\Cinema 1\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\dg\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ulead Memory Card Detector] c:\program files\ulead systems\ulead photo explorer 7.0\Monitor.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dg\menudé~1\progra~1\démarr~1\dosprn.lnk - c:\program files\dosprn\DOSprn.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2002-12-24 3712]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-2-13 140664]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-5-17 14976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-2-13 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-2-13 345464]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2009-7-3 98432]
S2 DCamUSB20;TRUST USB2 AUDIO VIDEO EDITOR;c:\windows\system32\drivers\CsMini20.sys [2008-7-25 46216]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-12 605856]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2009-11-10 20:23:34 7100928 ----a-w- c:\program files\PocketDivXEncoder_0.3.96.exe
2008-12-01 04:09:48 305664 ----a-w- c:\program files\Xtremsplit1.2.exe
2008-02-10 14:33:58 253952 ----a-w- c:\program files\file_recovery.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: STM32503 rev.CC37 -> Harddisk0\DR0 -> \Device\Scsi\nvgts2
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x897BDB4C]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV ECX, [EBP+0x8]; MOV EAX, [0x897c4184]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; CMP ECX, [0x897c4108]; JNZ 0x22; MOV ECX, EAX; }
1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x89BC89C0]
3 CLASSPNP[0xB80E905B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\00000067[0x89BBB920]
5 ACPI[0xB7F7E620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> [0x89BBB030]
\Driver\nvgts[0x89B15880] -> IRP_MJ_CREATE -> 0x897BDB4C
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\nvgts2Port3Path0Target0Lun0 -> \??\SCSI#Disk&Ven_STM32503&Prod_18AS&Rev_CC37#4&1f6a1cbc&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:58:59,59 ===============
Hello Guy,
Your infected with a ROOTKIT :sad:
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Guy19550
2011-04-20, 00:54
I post this twice because first time I couldn't read my posting. And after a second running, program find nothing, but there's a new report.
2011/04/20 00:40:47.0156 2612 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 00:40:47.0453 2612 ================================================================================
2011/04/20 00:40:47.0453 2612 SystemInfo:
2011/04/20 00:40:47.0453 2612
2011/04/20 00:40:47.0453 2612 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/20 00:40:47.0453 2612 Product type: Workstation
2011/04/20 00:40:47.0453 2612 ComputerName: DG-D23ECBE18879
2011/04/20 00:40:47.0453 2612 UserName: DG
2011/04/20 00:40:47.0453 2612 Windows directory: C:\WINDOWS
2011/04/20 00:40:47.0453 2612 System windows directory: C:\WINDOWS
2011/04/20 00:40:47.0453 2612 Processor architecture: Intel x86
2011/04/20 00:40:47.0453 2612 Number of processors: 1
2011/04/20 00:40:47.0453 2612 Page size: 0x1000
2011/04/20 00:40:47.0453 2612 Boot type: Normal boot
2011/04/20 00:40:47.0453 2612 ================================================================================
2011/04/20 00:40:47.0609 2612 Initialize success
2011/04/20 00:40:58.0390 2152 ================================================================================
2011/04/20 00:40:58.0390 2152 Scan started
2011/04/20 00:40:58.0390 2152 Mode: Manual;
2011/04/20 00:40:58.0390 2152 ================================================================================
2011/04/20 00:40:58.0640 2152 Aavmker4 (d301f57713a0f6f8a3295ae6ebb69617) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/20 00:40:58.0937 2152 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/20 00:40:58.0968 2152 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/20 00:40:59.0171 2152 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/04/20 00:40:59.0281 2152 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/20 00:40:59.0343 2152 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/20 00:40:59.0875 2152 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/04/20 00:41:00.0406 2152 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/04/20 00:41:00.0484 2152 aswMon2 (71785f529c7b251b188245843bbf85db) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/20 00:41:00.0578 2152 aswRdr (7bab4923cabb4404bf05fd111e75e49b) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/20 00:41:00.0671 2152 aswTdi (e8a2678eab78c2060d5eb26803667dc2) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/20 00:41:00.0734 2152 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/20 00:41:00.0781 2152 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/20 00:41:00.0953 2152 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/20 00:41:01.0031 2152 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/20 00:41:01.0062 2152 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/20 00:41:01.0187 2152 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/20 00:41:01.0296 2152 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/20 00:41:01.0390 2152 BTHPORT (0dd9ff2c44bb2561fa5d9b8e6c4bca81) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/20 00:41:01.0515 2152 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/20 00:41:01.0640 2152 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
2011/04/20 00:41:01.0671 2152 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/20 00:41:01.0750 2152 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/20 00:41:01.0890 2152 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/20 00:41:01.0953 2152 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/20 00:41:01.0984 2152 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/20 00:41:02.0093 2152 cfadisk (b9f8223f5edbdcb089969aec5406d95a) C:\WINDOWS\system32\DRIVERS\cfadisk.sys
2011/04/20 00:41:02.0531 2152 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/04/20 00:41:02.0609 2152 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/04/20 00:41:03.0015 2152 DCamUSB20 (ee8cc06a207bbe317168e2a0af5d6745) C:\WINDOWS\system32\Drivers\CsMini20.sys
2011/04/20 00:41:03.0125 2152 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/20 00:41:03.0203 2152 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/20 00:41:03.0250 2152 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/20 00:41:03.0281 2152 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/20 00:41:03.0375 2152 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/20 00:41:03.0562 2152 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/20 00:41:03.0687 2152 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/04/20 00:41:03.0750 2152 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/20 00:41:03.0796 2152 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/20 00:41:03.0828 2152 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/20 00:41:03.0890 2152 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/20 00:41:03.0968 2152 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/20 00:41:03.0984 2152 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/20 00:41:04.0000 2152 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/20 00:41:04.0078 2152 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/04/20 00:41:04.0171 2152 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/20 00:41:04.0218 2152 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/20 00:41:04.0328 2152 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/04/20 00:41:04.0453 2152 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/20 00:41:04.0625 2152 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/20 00:41:04.0906 2152 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/20 00:41:04.0953 2152 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/20 00:41:05.0234 2152 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/20 00:41:05.0265 2152 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/20 00:41:05.0328 2152 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/20 00:41:05.0390 2152 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/20 00:41:05.0437 2152 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/20 00:41:05.0531 2152 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/20 00:41:05.0578 2152 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/20 00:41:05.0671 2152 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/20 00:41:05.0781 2152 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/20 00:41:05.0859 2152 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/20 00:41:05.0906 2152 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/20 00:41:06.0078 2152 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/20 00:41:06.0125 2152 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/20 00:41:06.0203 2152 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/20 00:41:06.0250 2152 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/20 00:41:06.0390 2152 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/20 00:41:06.0437 2152 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/20 00:41:06.0500 2152 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/20 00:41:06.0593 2152 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/20 00:41:06.0671 2152 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/20 00:41:06.0750 2152 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/20 00:41:06.0812 2152 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/20 00:41:06.0906 2152 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/20 00:41:06.0953 2152 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/20 00:41:07.0046 2152 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/20 00:41:07.0093 2152 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/20 00:41:07.0187 2152 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/20 00:41:07.0218 2152 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/20 00:41:07.0281 2152 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/20 00:41:07.0328 2152 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/20 00:41:07.0359 2152 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/20 00:41:07.0390 2152 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/20 00:41:07.0453 2152 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/20 00:41:07.0515 2152 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/20 00:41:07.0593 2152 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/20 00:41:07.0640 2152 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/20 00:41:07.0843 2152 nv (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/20 00:41:08.0015 2152 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/20 00:41:08.0109 2152 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/04/20 00:41:08.0203 2152 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/20 00:41:08.0250 2152 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/20 00:41:08.0281 2152 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/20 00:41:08.0359 2152 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/04/20 00:41:08.0484 2152 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/04/20 00:41:08.0546 2152 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/20 00:41:08.0562 2152 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/20 00:41:08.0593 2152 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/20 00:41:08.0671 2152 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/20 00:41:08.0812 2152 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/20 00:41:08.0875 2152 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/20 00:41:08.0968 2152 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/20 00:41:10.0468 2152 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys
2011/04/20 00:41:10.0531 2152 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/20 00:41:10.0578 2152 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/20 00:41:10.0640 2152 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/20 00:41:10.0656 2152 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/20 00:41:11.0187 2152 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/20 00:41:11.0250 2152 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/20 00:41:11.0296 2152 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/20 00:41:11.0312 2152 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/20 00:41:11.0359 2152 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/20 00:41:11.0390 2152 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/20 00:41:11.0484 2152 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/20 00:41:11.0562 2152 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/20 00:41:11.0640 2152 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/20 00:41:11.0750 2152 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/20 00:41:11.0875 2152 RTL8192su (37a78c0c71be572f15fc534fdd3782de) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/04/20 00:41:12.0000 2152 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
2011/04/20 00:41:12.0109 2152 sbpci (51e16b053ee28fd309beac5722bcc735) C:\WINDOWS\system32\drivers\sbpci.sys
2011/04/20 00:41:12.0187 2152 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/20 00:41:12.0250 2152 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/20 00:41:12.0296 2152 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/20 00:41:12.0359 2152 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/20 00:41:12.0546 2152 SiSGbeXP (37daa9f59a3ff30a314fd98ee8f47000) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
2011/04/20 00:41:12.0640 2152 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/20 00:41:12.0843 2152 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/20 00:41:12.0921 2152 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/20 00:41:13.0000 2152 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/20 00:41:13.0203 2152 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/20 00:41:13.0250 2152 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/20 00:41:13.0343 2152 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/20 00:41:13.0859 2152 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/20 00:41:13.0937 2152 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/20 00:41:14.0015 2152 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/20 00:41:14.0093 2152 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/20 00:41:14.0171 2152 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/20 00:41:14.0375 2152 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/20 00:41:14.0578 2152 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/20 00:41:14.0687 2152 Usb20Scan (1823b0ed702146e171a9033ed2c09d74) C:\WINDOWS\system32\Drivers\CresScan.sys
2011/04/20 00:41:14.0781 2152 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/20 00:41:14.0875 2152 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/20 00:41:14.0953 2152 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/20 00:41:15.0031 2152 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/20 00:41:15.0093 2152 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/20 00:41:15.0203 2152 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/20 00:41:15.0296 2152 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/20 00:41:15.0375 2152 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/20 00:41:15.0437 2152 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/20 00:41:15.0593 2152 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/20 00:41:15.0671 2152 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/20 00:41:15.0875 2152 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/20 00:41:16.0015 2152 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/20 00:41:16.0062 2152 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/20 00:41:16.0062 2152 ================================================================================
2011/04/20 00:41:16.0062 2152 Scan finished
2011/04/20 00:41:16.0062 2152 ================================================================================
2011/04/20 00:41:16.0078 3092 Detected object count: 1
2011/04/20 00:41:47.0343 3092 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/20 00:41:47.0343 3092 \HardDisk0 - ok
2011/04/20 00:41:47.0343 3092 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/20 00:42:26.0093 0872 Deinitialize success
Guy19550
2011-04-20, 00:55
2011/04/20 00:49:32.0781 0436 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/20 00:49:33.0078 0436 ================================================================================
2011/04/20 00:49:33.0078 0436 SystemInfo:
2011/04/20 00:49:33.0078 0436
2011/04/20 00:49:33.0078 0436 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/20 00:49:33.0078 0436 Product type: Workstation
2011/04/20 00:49:33.0078 0436 ComputerName: DG-D23ECBE18879
2011/04/20 00:49:33.0078 0436 UserName: DG
2011/04/20 00:49:33.0078 0436 Windows directory: C:\WINDOWS
2011/04/20 00:49:33.0078 0436 System windows directory: C:\WINDOWS
2011/04/20 00:49:33.0078 0436 Processor architecture: Intel x86
2011/04/20 00:49:33.0078 0436 Number of processors: 1
2011/04/20 00:49:33.0078 0436 Page size: 0x1000
2011/04/20 00:49:33.0078 0436 Boot type: Normal boot
2011/04/20 00:49:33.0078 0436 ================================================================================
2011/04/20 00:49:33.0218 0436 Initialize success
2011/04/20 00:49:35.0437 0484 ================================================================================
2011/04/20 00:49:35.0437 0484 Scan started
2011/04/20 00:49:35.0437 0484 Mode: Manual;
2011/04/20 00:49:35.0437 0484 ================================================================================
2011/04/20 00:49:35.0656 0484 Aavmker4 (d301f57713a0f6f8a3295ae6ebb69617) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/04/20 00:49:35.0937 0484 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/20 00:49:35.0968 0484 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/20 00:49:36.0171 0484 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/04/20 00:49:36.0281 0484 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/20 00:49:36.0328 0484 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/04/20 00:49:36.0812 0484 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/04/20 00:49:37.0312 0484 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/04/20 00:49:37.0390 0484 aswMon2 (71785f529c7b251b188245843bbf85db) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/04/20 00:49:37.0468 0484 aswRdr (7bab4923cabb4404bf05fd111e75e49b) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/04/20 00:49:37.0562 0484 aswTdi (e8a2678eab78c2060d5eb26803667dc2) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/04/20 00:49:37.0625 0484 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/20 00:49:37.0656 0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/20 00:49:37.0828 0484 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/20 00:49:37.0906 0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/20 00:49:37.0937 0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/20 00:49:38.0046 0484 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/20 00:49:38.0156 0484 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/20 00:49:38.0265 0484 BTHPORT (0dd9ff2c44bb2561fa5d9b8e6c4bca81) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/20 00:49:38.0375 0484 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/20 00:49:38.0484 0484 camfilt2 (5bc2e26075304e762fe442c78168b8ab) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
2011/04/20 00:49:38.0500 0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/20 00:49:38.0593 0484 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/20 00:49:38.0703 0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/20 00:49:38.0765 0484 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/20 00:49:38.0812 0484 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/20 00:49:38.0921 0484 cfadisk (b9f8223f5edbdcb089969aec5406d95a) C:\WINDOWS\system32\DRIVERS\cfadisk.sys
2011/04/20 00:49:39.0312 0484 ctaud2k (3576ec792347ed15699f6d830e0f5437) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/04/20 00:49:39.0406 0484 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2011/04/20 00:49:39.0687 0484 DCamUSB20 (ee8cc06a207bbe317168e2a0af5d6745) C:\WINDOWS\system32\Drivers\CsMini20.sys
2011/04/20 00:49:39.0796 0484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/20 00:49:39.0875 0484 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/20 00:49:39.0921 0484 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/20 00:49:39.0953 0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/20 00:49:40.0046 0484 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/20 00:49:40.0234 0484 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/20 00:49:40.0328 0484 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
2011/04/20 00:49:40.0390 0484 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/20 00:49:40.0437 0484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/20 00:49:40.0468 0484 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/20 00:49:40.0531 0484 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/20 00:49:40.0609 0484 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/20 00:49:40.0625 0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/20 00:49:40.0640 0484 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/20 00:49:40.0718 0484 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/04/20 00:49:40.0796 0484 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/04/20 00:49:40.0843 0484 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/20 00:49:40.0937 0484 ha10kx2k (dc9847cdc43665ed4cc780947516209c) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/04/20 00:49:41.0078 0484 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/20 00:49:41.0234 0484 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/20 00:49:41.0500 0484 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/20 00:49:41.0546 0484 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/20 00:49:41.0812 0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/20 00:49:41.0843 0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/20 00:49:41.0906 0484 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/20 00:49:41.0968 0484 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/20 00:49:42.0015 0484 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/20 00:49:42.0093 0484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/20 00:49:42.0140 0484 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/20 00:49:42.0218 0484 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/20 00:49:42.0328 0484 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/20 00:49:42.0406 0484 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/20 00:49:42.0453 0484 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/20 00:49:42.0609 0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/20 00:49:42.0656 0484 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/20 00:49:42.0734 0484 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/20 00:49:42.0765 0484 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/20 00:49:42.0906 0484 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/20 00:49:42.0953 0484 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/20 00:49:43.0000 0484 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/20 00:49:43.0093 0484 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/20 00:49:43.0156 0484 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/20 00:49:43.0234 0484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/20 00:49:43.0296 0484 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/20 00:49:43.0390 0484 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/20 00:49:43.0421 0484 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/20 00:49:43.0515 0484 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/20 00:49:43.0562 0484 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/20 00:49:43.0656 0484 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/20 00:49:43.0671 0484 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/20 00:49:43.0718 0484 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/20 00:49:43.0781 0484 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/20 00:49:43.0796 0484 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/20 00:49:43.0843 0484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/20 00:49:43.0906 0484 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/20 00:49:43.0968 0484 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/20 00:49:44.0046 0484 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/20 00:49:44.0078 0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/20 00:49:44.0265 0484 nv (02e3a5cf6de77dba144550fd1c4a4cd9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/20 00:49:44.0437 0484 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/04/20 00:49:44.0531 0484 nvgts (ea98bfe4931bd13d747d647c1859796e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/04/20 00:49:44.0625 0484 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/04/20 00:49:44.0656 0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/20 00:49:44.0687 0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/20 00:49:44.0765 0484 ossrv (f29184bdc81c398b6027a67ff6a19895) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/04/20 00:49:44.0890 0484 PAC7302 (81a0921e2a3fdcf840e43af64bf96ea2) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS
2011/04/20 00:49:44.0937 0484 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/20 00:49:44.0968 0484 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/20 00:49:45.0000 0484 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/20 00:49:45.0062 0484 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/20 00:49:45.0203 0484 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/20 00:49:45.0265 0484 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/20 00:49:45.0359 0484 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/20 00:49:46.0734 0484 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\system32\PfModNT.sys
2011/04/20 00:49:46.0796 0484 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/20 00:49:46.0859 0484 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/20 00:49:46.0906 0484 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/20 00:49:46.0921 0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/20 00:49:47.0437 0484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/20 00:49:47.0500 0484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/20 00:49:47.0546 0484 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/20 00:49:47.0562 0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/20 00:49:47.0609 0484 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/20 00:49:47.0625 0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/20 00:49:47.0703 0484 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/20 00:49:47.0796 0484 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/20 00:49:47.0875 0484 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/20 00:49:47.0984 0484 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/20 00:49:48.0109 0484 RTL8192su (37a78c0c71be572f15fc534fdd3782de) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
2011/04/20 00:49:48.0234 0484 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
2011/04/20 00:49:48.0343 0484 sbpci (51e16b053ee28fd309beac5722bcc735) C:\WINDOWS\system32\drivers\sbpci.sys
2011/04/20 00:49:48.0437 0484 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/20 00:49:48.0484 0484 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/20 00:49:48.0531 0484 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/20 00:49:48.0578 0484 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/20 00:49:48.0750 0484 SiSGbeXP (37daa9f59a3ff30a314fd98ee8f47000) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
2011/04/20 00:49:48.0843 0484 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/20 00:49:49.0031 0484 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/20 00:49:49.0109 0484 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/20 00:49:49.0171 0484 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/20 00:49:49.0359 0484 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/20 00:49:49.0421 0484 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/20 00:49:49.0500 0484 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/20 00:49:49.0984 0484 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/20 00:49:50.0046 0484 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/20 00:49:50.0140 0484 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/20 00:49:50.0203 0484 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/20 00:49:50.0281 0484 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/20 00:49:50.0484 0484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/20 00:49:50.0640 0484 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/20 00:49:50.0734 0484 Usb20Scan (1823b0ed702146e171a9033ed2c09d74) C:\WINDOWS\system32\Drivers\CresScan.sys
2011/04/20 00:49:50.0828 0484 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/20 00:49:50.0906 0484 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/20 00:49:50.0968 0484 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/20 00:49:51.0046 0484 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/20 00:49:51.0109 0484 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/20 00:49:51.0218 0484 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/20 00:49:51.0312 0484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/20 00:49:51.0390 0484 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/20 00:49:51.0437 0484 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/20 00:49:51.0578 0484 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/20 00:49:51.0640 0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/20 00:49:51.0828 0484 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/20 00:49:51.0953 0484 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/20 00:49:52.0078 0484 ================================================================================
2011/04/20 00:49:52.0078 0484 Scan finished
2011/04/20 00:49:52.0078 0484 ================================================================================
2011/04/20 00:50:14.0718 0236 Deinitialize success
Reboot your computer and do this
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Guy19550
2011-04-20, 01:40
I did a new scan with spybot before (nothing detected) and I tried my banking site Keytrade too (I have acces to a secur https now), I tried the message board of google.finance too (no acces, but could me a yahoo problem).
Afther that I did what you said just before and nothing was detected. Here's the result :
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6400
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
20/04/2011 1:29:11
mbam-log-2011-04-20 (01-29-11).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 146434
Temps écoulé: 1 minute(s), 16 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
I'm rebooting, but I believe I'm clean now. I have a question : if I understand what happened the root was infected and all my older partitions has the same problem, because I has just reformating de C drive and a new partionning of hard disk was more appropriate (after bacup of D and E drives). I'm I right ?
Guy19550
2011-04-20, 02:02
You won a new donation and was talking with an old teacher in electronics (outdated) and no longer have the ability to work (Schizofrenic and uncurable).
Thanks a lot for helping me :thanks:
I am not sure I am understanding you, can you be a bit more clearer on your posts
Let me see the OTL log and we can tell if your clean or not
Guy19550
2011-04-20, 02:54
I'm clean now, i'm sure. I did a new image of C, restored it, and run spybot again. Nothing was found (only a double click, without consequences).
Donation is done. :thanks:
Hi,
I'm clean now, i'm sure.
If you want to be sure run OTL and post the log please
Guy19550
2011-04-22, 10:05
Sorry for my bad english. I don't know qhat OTL is, but maybe it is this, what you want :
.
DDS (Ver_11-03-05.01) - FAT32x86
Run by DG at 9:59:58,10 on ven. 22/04/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1791.1333 [GMT 2:00]
.
AV: avast! antivirus 4.7.1098 [VPS 110419-1] *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\DOSPRN\DOSprn.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DG\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\Cinema 1\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.1\pdfforgeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\dg\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ulead Memory Card Detector] c:\program files\ulead systems\ulead photo explorer 7.0\Monitor.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\dg\menudé~1\progra~1\démarr~1\dosprn.lnk - c:\program files\dosprn\DOSprn.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\realte~1.lnk - c:\program files\realtek\11n usb wireless lan utility\RtWLan.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/maconfig/MaConfig_4_0_1_3.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [2002-12-24 3712]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-10-22 386560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-2-13 140664]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2010-5-17 14976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-2-13 247160]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-2-13 345464]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [2009-7-3 98432]
S2 DCamUSB20;TRUST USB2 AUDIO VIDEO EDITOR;c:\windows\system32\drivers\CsMini20.sys [2008-7-25 46216]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-8-12 605856]
.
=============== Created Last 30 ================
.
2011-04-19 23:25:53 -------- d-----w- c:\docume~1\dg\applic~1\Malwarebytes
2011-04-19 23:25:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
.
==================== Find3M ====================
.
2009-11-10 20:23:34 7100928 ----a-w- c:\program files\PocketDivXEncoder_0.3.96.exe
2008-12-01 04:09:48 305664 ----a-w- c:\program files\Xtremsplit1.2.exe
2008-02-10 14:33:58 253952 ----a-w- c:\program files\file_recovery.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 10:00:15,78 ===============
Yes thats what I wanted DDS and the log looks fine . How is your system running now ?
Guy19550
2011-04-22, 20:38
He's fine again, tank you once more :thanks:
Your very welcome
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken