Page 1 of 4 1234 LastLast
Results 1 to 10 of 37

Thread: Click.Gifltoad - HijackerC

  1. 2011-04-05, 23:34 #1
    noone
    noone is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    20

    Default Click.Gifltoad - HijackerC

    Hello,

    I am stucked with this Click.Giftload and do not find any easy way to get rid of it (do not want to risk any hazardous manipulation either).
    I found this forum 2 weeks ago and would be grateful if somebody could help me with this annoying thing...
    Here the story in case it might help :

    Previous config : Vista SP2 Pro - IE8.0
    2-3 weeks ago, my system began to slow down drastically and IE wouldn't load a few pages (I am normally using Opera). CPU usage was always above 60% even as no program was running and memory load had doubled...

    So, I ran Spybot S&D and it found this Hijacker. Removed it but nothing changed. Did a full scan with Avira which found iertutil.dll corrupted and placed it in quarantine.
    I tried to replace the file from original CD but it did not have the same version nr. (?) Tried from the net : nothing to do.
    I then downloaded IE9 and installed it but it was not better.
    Ran a scan with MBAM : found 1 adware only.
    Ran a scan with Spysweeper : found another adware (only).
    I finally tried a repair from Windows recovery CD and it crashed the system.

    So I took the opportunity to format the system partition and to downgrade Vista to XP Pro (had been thinking to do this for a few months anyway).
    Everything was OK during the 2-3 first start up but then again Click.Giftload reappeared...

    As I am using this laptop for business I can not stop working with it. So here is the way I am running it :
    Immediately after log on I terminate the "explorer.exe" process from the task manager => new task => C:\windows\explorer.exe
    And everything is running fine as long as I turn off the laptop in sleep mode except that IE7 is not starting any more (I do not use it anyway).
    I can check that the system is running "normally" by the memory load of the 8 "svchost.exe" processes : if only one of them is going above 12Mb the system does not slow down and there is no problem to browse the net...

    Can someone please help me to clean my system ? Thanks in advance.

    Here is the last DDS log :

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Etienne at 15:00:24,54 on mar. 05/04/2011
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3001.2139 [GMT 2:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    svchost.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\CounterPath\X-Lite 4\X-Lite4.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Documents and Settings\Etienne\Bureau\dds.scr
    C:\Program Files\Avira\AntiVir Desktop\checkt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
    mDefault_Page_URL = hxxp://global.acer.com/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
    TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
    EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
    EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Copernic Desktop Search 2] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
    uRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
    mRun: [preload] c:\windows\RUNXMLPL.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [PLFSetL] c:\windows\PLFSetL.exe
    mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
    mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
    mRun: [AzMixerSel] "c:\program files\realtek\audio\installshield\AzMixerSel.exe"
    mRun: [ePower_DMC] "c:\program files\acer\empowering technology\epower\ePower_DMC.exe"
    mRun: [Boot] "c:\program files\acer\empowering technology\epower\Boot.exe"
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Talk] "c:\program files\nch swift sound\talk\talk.exe" -logon
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
    Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: spba - c:\program files\fichiers communs\spba\homefus2.dll
    Notify: WRNotifier - WRLogonNTF.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-14 11608]
    R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-21 201288]
    R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-14 339624]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 269480]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-14 421032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
    R2 WebrootSpySweeperService;Moteur Webroot Spy Sweeper;c:\program files\spy sweeper\SpySweeper.exe [2006-1-25 3379264]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-14 108032]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
    R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
    S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-16 1691480]
    S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
    S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
    S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-21 35240]
    S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33800]
    S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-7-21 40488]
    .
    =============== Created Last 30 ================
    .
    2011-04-04 13:51:52 -------- d-----w- c:\program files\MSECache
    2011-03-31 16:43:40 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath Corporation
    2011-03-31 16:43:33 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath
    2011-03-31 16:43:00 -------- d-----w- c:\program files\CounterPath
    2011-03-31 16:40:32 14048 ------w- c:\windows\system32\spmsg2.dll
    2011-03-31 16:38:21 -------- d-----w- c:\windows\system32\XPSViewer
    2011-03-31 16:37:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-03-31 16:37:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-03-31 16:37:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-03-31 16:37:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-03-31 16:37:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-03-31 16:37:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-03-31 16:37:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-03-31 16:37:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-03-31 16:37:28 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-03-31 15:02:04 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
    2011-03-31 15:01:47 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA1.DLL
    2011-03-31 15:01:47 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA1.DLL
    2011-03-31 15:01:46 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
    2011-03-29 14:09:06 282624 ----a-w- c:\program files\fichiers communs\installshield\updateservice\agent.exe
    2011-03-29 14:06:22 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
    2011-03-29 14:06:22 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2011-03-29 14:06:22 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
    2011-03-29 14:06:22 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
    2011-03-29 14:06:21 696320 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
    2011-03-29 14:06:21 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
    2011-03-29 14:06:21 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
    2011-03-29 14:05:42 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
    2011-03-29 14:05:32 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
    2011-03-29 14:05:32 413696 ----a-w- c:\windows\system32\PICSDK.dll
    2011-03-29 14:05:32 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
    2011-03-29 14:05:27 724992 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iKernel.dll
    2011-03-29 14:05:27 69715 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\ctor.dll
    2011-03-29 14:05:27 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
    2011-03-29 14:05:27 266240 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iscript.dll
    2011-03-29 14:05:27 192512 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iuser.dll
    2011-03-29 14:05:26 311428 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\Setup.dll
    2011-03-29 14:05:26 184452 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iGdi.dll
    2011-03-29 14:04:04 -------- d-----w- c:\program files\epson
    2011-03-29 14:00:59 29696 ----a-w- c:\windows\system32\escwiab.dll
    2011-03-29 14:00:58 33280 ----a-w- c:\windows\system32\esccm.dll
    2011-03-29 14:00:58 27648 ----a-w- c:\windows\system32\escimg.dll
    2011-03-29 14:00:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-03-29 14:00:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-03-24 11:49:13 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2011-03-23 12:36:12 22080 ----a-w- c:\windows\system32\drivers\sshrmd.sys
    2011-03-23 12:36:12 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
    2011-03-23 12:36:12 20544 ----a-w- c:\windows\system32\drivers\SSFS0509.sys
    2011-03-23 12:36:12 144960 ----a-w- c:\windows\system32\drivers\ssidrv.sys
    2011-03-23 12:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
    2011-03-23 12:34:13 -------- d-----w- c:\docume~1\etienne\applic~1\Webroot
    2011-03-23 10:45:31 -------- d-----w- c:\program files\MSSOAP
    2011-03-23 10:24:12 1563008 ----a-w- c:\windows\WRSetup.dll
    2011-03-23 09:50:39 102912 ----a-w- c:\windows\system32\islzma.dll
    2011-03-23 09:50:29 -------- d-----w- c:\program files\Spy Sweeper
    2011-03-22 22:13:24 -------- d-----w- c:\docume~1\etienne\applic~1\Malwarebytes
    2011-03-22 10:15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-22 10:15:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-03-21 23:03:19 -------- d-----w- c:\windows\pss
    2011-03-21 17:02:58 -------- d-----w- c:\program files\GhostScript
    2011-03-21 16:19:45 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
    2011-03-19 12:17:56 -------- d-----w- c:\windows\system32\NtmsData
    2011-03-16 18:32:44 327168 ----a-w- c:\windows\IsUn040c.exe
    2011-03-16 12:06:25 359016 ----a-w- c:\windows\vncutil.exe
    2011-03-16 12:06:21 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-03-16 12:06:21 129640 ----a-w- c:\windows\RtkAudioService.exe
    2011-03-16 12:06:20 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
    2011-03-16 12:06:18 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
    2011-03-16 11:34:34 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
    2011-03-16 11:34:34 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
    2011-03-16 11:17:05 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
    2011-03-14 21:32:20 199176 ----a-w- c:\windows\GVUni.exe
    2011-03-14 21:32:19 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
    2011-03-14 21:32:19 207368 ----a-w- c:\windows\UNINST32.EXE
    2011-03-14 21:32:19 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
    2011-03-14 21:31:50 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
    2011-03-14 21:31:50 380928 ----a-w- c:\windows\AcerStore.exe
    2011-03-14 21:31:20 659456 ----a-w- c:\windows\system32\NETw5c32.dll
    2011-03-14 21:31:20 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
    2011-03-14 21:31:20 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
    2011-03-14 21:31:19 -------- d-----w- c:\windows\WLAN
    2011-03-14 21:30:32 -------- d-----w- c:\windows\VGA
    2011-03-14 21:30:24 147456 ----a-w- c:\windows\PLAUNCH.EXE
    2011-03-14 21:30:23 -------- d-----w- c:\windows\Lan
    2011-03-14 18:17:49 -------- d-----w- C:\TMP
    2011-03-14 18:16:40 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
    2011-03-14 18:16:32 -------- d-----w- c:\program files\Common Files
    2011-03-14 18:16:13 -------- d-----w- c:\program files\Data-Concept
    2011-03-14 18:15:56 304128 ----a-w- c:\windows\unin040c.exe
    2011-03-14 18:15:52 -------- d-----w- c:\documents and settings\etienne\WINDOWS
    2011-03-14 18:09:33 -------- d-----w- c:\program files\PowerArchiver
    2011-03-14 18:02:57 -------- d-----w- c:\docume~1\etienne\applic~1\XnView
    2011-03-14 18:02:32 -------- d-----w- c:\program files\XnView
    2011-03-14 18:00:06 -------- d-----w- c:\program files\VideoLAN
    2011-03-14 17:56:01 -------- d-----w- c:\program files\NK2View
    2011-03-14 17:52:49 -------- d-----w- c:\program files\Kyocera
    2011-03-14 17:51:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-03-14 17:51:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-03-14 17:47:59 100580 ------w- c:\windows\system32\KMPJLMN.DLL
    2011-03-14 17:47:52 46877 ------w- c:\windows\system32\KM-PMKN.DLL
    2011-03-14 17:37:22 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2011-03-14 17:37:19 -------- d-----w- c:\windows\PrimoPDF
    2011-03-14 17:37:19 -------- d-----w- c:\program files\PrimoPDF
    2011-03-14 17:36:40 -------- d-----w- c:\program files\Unlocker
    2011-03-14 16:21:42 -------- d-----w- c:\program files\NCH Swift Sound
    2011-03-14 16:14:19 -------- d-----r- c:\program files\Skype
    2011-03-14 15:47:20 -------- d-----w- c:\docume~1\etienne\applic~1\Avira
    2011-03-14 15:37:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2011-03-14 15:37:02 28040 ----a-w- c:\windows\system32\mdimon.dll
    2011-03-14 15:35:50 -------- d-----w- c:\windows\SHELLNEW
    2011-03-14 14:57:15 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Opera
    2011-03-14 14:49:05 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Copernic
    2011-03-14 14:48:49 -------- d-----w- c:\program files\Copernic Desktop Search 2
    2011-03-14 14:47:53 -------- d-----w- c:\program files\CCleaner
    2011-03-14 14:42:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-14 14:42:51 -------- d-----w- c:\program files\Avira
    2011-03-14 14:42:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-03-14 14:23:00 -------- d-----w- c:\program files\Acer Inc
    2011-03-14 14:09:33 -------- d-----w- c:\program files\Launch Manager
    2011-03-14 14:08:47 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
    2011-03-14 14:08:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
    2011-03-14 14:08:28 -------- d-----w- c:\program files\fichiers communs\InterVideo
    2011-03-14 14:08:27 -------- d-----w- c:\program files\fichiers communs\Protexis
    2011-03-14 14:06:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
    2011-03-14 14:06:51 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
    2011-03-14 14:06:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
    2011-03-14 14:06:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
    2011-03-14 14:06:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
    2011-03-14 14:05:56 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
    2011-03-14 14:05:56 53248 ----a-w- c:\windows\system32\acpimof.dll
    2011-03-14 14:05:56 45056 ----a-w- c:\windows\system32\Epm-Po.dll
    2011-03-14 14:05:56 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
    2011-03-14 14:05:16 69632 ----a-w- c:\windows\system32\eRecUtil.dll
    2011-03-14 14:05:16 24576 ----a-w- c:\windows\system32\SysMonitor.exe
    2011-03-14 14:05:14 1047552 ----a-w- c:\windows\system32\mfc71u.dll
    2011-03-14 13:58:54 24578845 ----a-w- c:\windows\system32\acer.exe
    2011-03-14 13:58:52 36909056 ----a-w- c:\windows\system32\acer.scr
    2011-03-14 13:58:47 -------- d-----w- c:\program files\Acer Incorporated
    2011-03-14 13:58:26 -------- d-----w- c:\windows\ACER
    2011-03-14 13:58:08 49152 ----a-w- c:\windows\system32\ChCfg.exe
    2011-03-14 13:56:54 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
    2011-03-14 13:56:54 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
    2011-03-14 13:56:41 23040 ----a-w- c:\windows\system32\ShlCmd.exe
    2011-03-14 13:56:40 5632 ----a-w- c:\windows\system32\biologon.dll
    2011-03-14 13:56:32 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
    2011-03-14 13:56:32 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
    2011-03-14 13:56:32 24048 ----a-w- c:\windows\system32\AlfaFF.dll
    2011-03-14 13:56:27 1468928 ----a-w- c:\windows\system32\bsapi.dll
    2011-03-14 13:56:26 -------- d-----w- c:\program files\Acer
    2011-03-14 13:56:16 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys
    2011-03-14 13:56:08 -------- d-----w- c:\program files\fichiers communs\SPBA
    2011-03-14 13:53:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
    2011-03-14 13:52:29 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
    2011-03-14 13:52:29 141056 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-03-14 13:52:29 108032 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
    2011-03-14 13:52:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2011-03-14 13:52:27 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2011-03-14 13:52:27 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
    2011-03-14 13:52:26 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
    2011-03-14 13:52:26 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
    2011-03-14 13:52:26 4096 ----a-w- c:\windows\system32\ksuser.dll
    2011-03-14 13:52:25 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
    2011-03-14 13:52:25 49408 ----a-w- c:\windows\system32\drivers\stream.sys
    2011-03-14 13:52:25 129536 ----a-w- c:\windows\system32\ksproxy.ax
    2011-03-14 12:37:41 -------- d-----w- c:\windows\system32\LogFiles
    2011-03-14 12:35:18 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-03-14 12:35:14 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
    2011-03-14 12:35:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
    2011-03-14 12:35:13 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
    2011-03-14 12:35:13 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
    2011-03-14 12:35:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
    2011-03-14 12:35:12 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
    2011-03-14 12:35:12 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2011-03-14 12:35:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
    2011-03-14 12:35:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-03-14 12:34:50 -------- d-----w- c:\program files\CONEXANT
    2011-03-14 12:34:29 -------- d-----w- c:\windows\system32\RTCOM
    .
    ==================== Find3M ====================
    .
    2011-02-17 13:02:04 20029032 ----a-w- c:\windows\RTHDCPL.EXE
    2011-02-09 14:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: Hitachi_ rev.FB2O -> Harddisk0\DR0 -> \Device\Ide\iaStor0
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A216439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a21c7d0]; MOV EAX, [0x8a21c84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF196] -> \Device\Harddisk0\DR0[0x8A23F030]
    3 CLASSPNP[0xBA1A8FD7] -> ntkrnlpa!IofCallDriver[0x804EF196] -> [0x8ABC8B80]
    \Driver\iaStor[0x8ABDC888] -> IRP_MJ_CREATE -> 0x8A216439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS543216L9A300_________________FB2OC40C#4&31843f9c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 15:01:43,03 ===============
  2. 2011-04-09, 16:07 #2
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post attach.txt part too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2011-04-09, 17:41 #3
    noone
    noone is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    20

    Default Click.Gifltoad - HijackerC

    Hi,

    Here is the file...
    Thanks a lot for your time..

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professionnel
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/03/2011 14:39:39
    System Uptime: 5/04/2011 11:15:48 (4 hours ago)
    .
    Motherboard: Acer | | Homa
    Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1995/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 70 GiB total, 44,483 GiB free.
    D: is FIXED (NTFS) - 70 GiB total, 52,89 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 14/03/2011 14:39:45 - Point de vérification système
    RP2: 14/03/2011 14:55:28 - Installé Acer Crystal Eye Webcam Video Class Camera
    RP3: 14/03/2011 14:55:49 - Installé Acer Crystal Eye Webcam 2.0.8.4
    RP4: 14/03/2011 14:57:36 - Installé Realtek High Definition Audio Driver
    RP5: 14/03/2011 14:58:25 - Installed Acer ScreenSaver
    RP6: 14/03/2011 15:02:37 - Removed 2007 Microsoft Office system
    RP7: 14/03/2011 15:05:08 - Installé Acer Empowering Technology
    RP8: 14/03/2011 15:05:56 - Installé Acer ePower Management
    RP9: 14/03/2011 15:06:28 - Installé eSobi v2
    RP10: 14/03/2011 15:42:51 - Avira AntiVir Premium - 14/03/2011 15:41
    RP11: 14/03/2011 16:14:06 - 2011.03.14 Après réinstall
    RP12: 14/03/2011 16:35:39 - Installé Microsoft Office Professional Edition 2003
    RP13: 14/03/2011 16:45:15 - Pilote d'imprimante Microsoft Office Document Image Wr installé
    RP14: 14/03/2011 16:53:55 - Installed Microsoft Outlook Personal Folders Backup
    RP15: 14/03/2011 18:29:26 - 20110314 Après install MSOFFICE 2003 SP3
    RP16: 14/03/2011 18:37:28 - Pilote d'imprimante PrimoPDF installé
    RP17: 14/03/2011 18:53:01 - Pilote d'imprimante Kyocera FS-920 KX installé
    RP18: 15/03/2011 20:00:38 - Point de vérification système
    RP19: 16/03/2011 13:06:17 - Installé Realtek High Definition Audio Driver
    RP20: 16/03/2011 14:32:02 - Installation finale av. Outlook OK
    RP21: 17/03/2011 21:15:47 - Point de vérification système
    RP22: 19/03/2011 14:28:49 - Point de vérification système
    RP23: 21/03/2011 14:26:40 - Point de vérification système
    RP24: 22/03/2011 20:59:23 - Point de vérification système
    RP25: 23/03/2011 23:06:54 - Point de vérification système
    RP26: 24/03/2011 0:53:54 - Supprimé Activation Assistant for the 2007 Microsoft Office suites
    RP27: 25/03/2011 19:21:00 - Point de vérification système
    RP28: 27/03/2011 15:26:38 - Point de vérification système
    RP29: 28/03/2011 20:50:20 - Point de vérification système
    RP30: 29/03/2011 16:05:32 - Installé EPSON EasyPrintModule
    RP31: 29/03/2011 16:05:40 - Installé ABBYY FineReader 5.0 Sprint Plus
    RP32: 29/03/2011 16:07:58 - Installed EPSON Attach To Email
    RP33: 29/03/2011 16:08:27 - Installed EPSON Send To Web
    RP34: 29/03/2011 16:09:05 - Installé EPSON Image Clip Palette
    RP35: 29/03/2011 16:09:43 - Installé EPSON Event Manager
    RP36: 29/03/2011 16:10:20 - Installé EPSON Scan Assistant
    RP37: 29/03/2011 16:10:53 - Installé EPSON File Manager
    RP38: 29/03/2011 16:10:57 - Installé EPSON File Manager
    RP39: 30/03/2011 20:12:01 - Point de vérification système
    RP40: 31/03/2011 18:37:36 - Installed Windows KB954550-v5.
    RP41: 31/03/2011 18:37:44 - Pilote d'imprimante Microsoft XPS Document Writer installé
    RP42: 31/03/2011 18:37:53 - Pilote d'imprimante Microsoft XPS Document Writer installé
    RP43: 31/03/2011 18:40:32 - Installed %1 %2.
    RP44: 31/03/2011 18:43:00 - Installed X-Lite 4
    RP45: 1/04/2011 21:18:50 - Point de vérification système
    RP46: 4/04/2011 14:00:30 - Point de vérification système
    RP47: 4/04/2011 15:52:01 - Installé Module de compatibilité pour Microsoft Office System 2007
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 5.0 Sprint Plus
    Acer Bio Protection
    Acer Crystal Eye Webcam 2.0.8.4
    Acer Crystal Eye Webcam Video Class Camera
    Acer Empowering Technology
    Acer ePower Management
    Acer GridVista
    Acer ScreenSaver
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Reader 8.1.0
    ALPS Touch Pad Driver
    Analyseur MSXML 6.0
    Avira AntiVir Premium
    Broadcom Gigabit Integrated Controller
    Canon iP4700 series Printer Driver
    CCleaner
    Copernic Desktop Search 2
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Event Manager
    EPSON File Manager
    EPSON Image Clip Palette
    EPSON Scan
    EPSON Scan Assistant
    EPSON Send To Web
    ERUNT 1.1j
    Express Talk
    Fastworks- Desktop
    Fastworks-Entreprise
    Fichiers de prise en charge de l'installation de Microsoft SQL*Server (Français)
    GPL Ghostscript 9.01
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    InterVideo WinDVD 8
    Kyocera Product Library
    Launch Manager
    LightScribe 1.4.142.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Professional Edition 2003
    Microsoft Office Small Business Connectivity Components
    Microsoft Outlook Personal Folders Backup
    Microsoft SQL Server Native Client
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    Mise à jour de sécurité pour Windows XP (KB950760)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951698)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour pour Windows XP (KB942763)
    Mise à jour pour Windows XP (KB951978)
    Module de compatibilité pour Microsoft Office System 2007
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NTI Shadow
    O2Micro Flash Memory Card Reader Driver (x86)
    Opera 11.01
    PERF4990P Guide de référence
    PowerArchiver
    PrimoPDF
    PrimoPDF Redistribution Package
    Realtek High Definition Audio Driver
    Skype™ 5.1
    SPBA 5.8
    Spy Sweeper
    Spybot - Search & Destroy
    Unlocker 1.8.8
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Internet Explorer 7
    X-Lite 4
    XML Paper Specification Shared Components Language Pack 1.0
    XnView 1.97.8
    .
    ==== End Of File ===========================
  4. 2011-04-09, 19:34 #4
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2011-04-10, 00:29 #5
    noone
    noone is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    20

    Question Scan done

    Hello again,
    Scan done. My laptop refused to reboot from the "reboot now" button of TDSS. I had to do it manually and it took a while...
    The computer is now running extremely slowly and Opera takes an eternity to load pages !
    Even switching between applications windows seems to freeze the OS...

    By the way, the scheduled scan task of Avira found 3 Trojans yesterday among which 1 in ntuser.dat
    I haven't done anything (nor quarantine, nor repair) waiting for your advice. I attach the Avira report for your information, just in case.

    Here is the TDSS log file.
    Thanks

    2011/04/09 20:25:59.0531 6252 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/09 20:26:00.0890 6252 ================================================================================
    2011/04/09 20:26:00.0890 6252 SystemInfo:
    2011/04/09 20:26:00.0890 6252
    2011/04/09 20:26:00.0890 6252 OS Version: 5.1.2600 ServicePack: 3.0
    2011/04/09 20:26:00.0890 6252 Product type: Workstation
    2011/04/09 20:26:00.0890 6252 ComputerName: ACER_TM5730
    2011/04/09 20:26:00.0890 6252 UserName: Etienne
    2011/04/09 20:26:00.0890 6252 Windows directory: C:\WINDOWS
    2011/04/09 20:26:00.0890 6252 System windows directory: C:\WINDOWS
    2011/04/09 20:26:00.0890 6252 Processor architecture: Intel x86
    2011/04/09 20:26:00.0890 6252 Number of processors: 2
    2011/04/09 20:26:00.0890 6252 Page size: 0x1000
    2011/04/09 20:26:00.0890 6252 Boot type: Normal boot
    2011/04/09 20:26:00.0890 6252 ================================================================================
    2011/04/09 20:26:02.0140 6252 Initialize success
    2011/04/09 20:26:12.0687 5868 ================================================================================
    2011/04/09 20:26:12.0687 5868 Scan started
    2011/04/09 20:26:12.0687 5868 Mode: Manual;
    2011/04/09 20:26:12.0687 5868 ================================================================================
    2011/04/09 20:26:13.0546 5868 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/04/09 20:26:13.0562 5868 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/04/09 20:26:13.0578 5868 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/04/09 20:26:13.0609 5868 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/04/09 20:26:13.0656 5868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/04/09 20:26:13.0843 5868 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys
    2011/04/09 20:26:13.0906 5868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/04/09 20:26:13.0921 5868 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/04/09 20:26:13.0937 5868 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/04/09 20:26:13.0953 5868 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/04/09 20:26:13.0968 5868 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/04/09 20:26:13.0984 5868 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/04/09 20:26:14.0000 5868 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/04/09 20:26:14.0093 5868 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/04/09 20:26:14.0343 5868 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/04/09 20:26:14.0359 5868 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/04/09 20:26:14.0406 5868 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/04/09 20:26:14.0437 5868 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/04/09 20:26:14.0453 5868 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/04/09 20:26:14.0468 5868 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/04/09 20:26:14.0515 5868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/04/09 20:26:14.0656 5868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/04/09 20:26:14.0703 5868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/04/09 20:26:14.0765 5868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/04/09 20:26:14.0859 5868 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/04/09 20:26:14.0953 5868 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/04/09 20:26:14.0968 5868 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/04/09 20:26:15.0078 5868 b57w2k (559ddda2c88459478056174247706deb) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    2011/04/09 20:26:15.0156 5868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/04/09 20:26:15.0218 5868 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2011/04/09 20:26:15.0296 5868 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    2011/04/09 20:26:15.0359 5868 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2011/04/09 20:26:15.0421 5868 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys
    2011/04/09 20:26:15.0531 5868 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2011/04/09 20:26:15.0593 5868 BTWUSB (57e91e9925976bbc98984eebaaf1d84c) C:\WINDOWS\system32\Drivers\btwusb.sys
    2011/04/09 20:26:15.0718 5868 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/04/09 20:26:15.0750 5868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/04/09 20:26:15.0781 5868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/04/09 20:26:15.0828 5868 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/04/09 20:26:15.0859 5868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/04/09 20:26:15.0968 5868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/04/09 20:26:16.0015 5868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/04/09 20:26:16.0078 5868 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/04/09 20:26:16.0109 5868 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/04/09 20:26:16.0125 5868 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/04/09 20:26:16.0156 5868 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/04/09 20:26:16.0171 5868 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/04/09 20:26:16.0187 5868 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/04/09 20:26:16.0218 5868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/04/09 20:26:16.0265 5868 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/04/09 20:26:16.0421 5868 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    2011/04/09 20:26:16.0437 5868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/04/09 20:26:16.0484 5868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/04/09 20:26:16.0531 5868 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/04/09 20:26:16.0546 5868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/04/09 20:26:16.0703 5868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/04/09 20:26:16.0781 5868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/04/09 20:26:16.0812 5868 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    2011/04/09 20:26:16.0968 5868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/04/09 20:26:17.0015 5868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/04/09 20:26:17.0062 5868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/04/09 20:26:17.0093 5868 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/04/09 20:26:17.0218 5868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/04/09 20:26:17.0296 5868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/04/09 20:26:17.0343 5868 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/04/09 20:26:17.0500 5868 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/04/09 20:26:17.0531 5868 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    2011/04/09 20:26:17.0609 5868 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    2011/04/09 20:26:17.0765 5868 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/04/09 20:26:17.0828 5868 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/04/09 20:26:17.0984 5868 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/04/09 20:26:18.0031 5868 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/04/09 20:26:18.0250 5868 ialm (b2768350bb50469aeb1afe694372b613) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/04/09 20:26:18.0578 5868 iaStor (80c633722da72e97f3f5b3b11325696d) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    2011/04/09 20:26:18.0609 5868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/04/09 20:26:18.0640 5868 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/04/09 20:26:18.0875 5868 IntcAzAudAddService (55920481a44fa7bdde5fc1b9e02c7c2a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/04/09 20:26:19.0031 5868 IntcHdmiAddService (331244286fa249f2456e6d78fda4a93e) C:\WINDOWS\system32\drivers\IntcHdmi.sys
    2011/04/09 20:26:19.0078 5868 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/04/09 20:26:19.0109 5868 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/04/09 20:26:19.0250 5868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/04/09 20:26:19.0312 5868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/04/09 20:26:19.0359 5868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/04/09 20:26:19.0500 5868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/04/09 20:26:19.0578 5868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/04/09 20:26:19.0640 5868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/04/09 20:26:19.0765 5868 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/04/09 20:26:19.0796 5868 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/04/09 20:26:19.0843 5868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/04/09 20:26:20.0015 5868 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/04/09 20:26:20.0109 5868 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    2011/04/09 20:26:20.0156 5868 mfeavfk (21dd45cae791d0cde10631b80f16f653) C:\WINDOWS\system32\drivers\mfeavfk.sys
    2011/04/09 20:26:20.0296 5868 mfebopk (decde1c615c256fa2893b5962b0b91e5) C:\WINDOWS\system32\drivers\mfebopk.sys
    2011/04/09 20:26:20.0359 5868 mfehidk (f85cd2b918202b7ee49757c361c7eac2) C:\WINDOWS\system32\drivers\mfehidk.sys
    2011/04/09 20:26:20.0406 5868 mferkdk (5f33a57f904b64d1c6a548eca47a8656) C:\WINDOWS\system32\drivers\mferkdk.sys
    2011/04/09 20:26:20.0531 5868 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\WINDOWS\system32\drivers\mfesmfk.sys
    2011/04/09 20:26:20.0578 5868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/04/09 20:26:20.0625 5868 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    2011/04/09 20:26:20.0718 5868 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/04/09 20:26:20.0890 5868 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/04/09 20:26:20.0937 5868 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/04/09 20:26:21.0000 5868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/04/09 20:26:21.0093 5868 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/04/09 20:26:21.0109 5868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/04/09 20:26:21.0140 5868 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/04/09 20:26:21.0171 5868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/04/09 20:26:21.0203 5868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/04/09 20:26:21.0250 5868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/04/09 20:26:21.0359 5868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/04/09 20:26:21.0406 5868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/04/09 20:26:21.0437 5868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/04/09 20:26:21.0500 5868 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/04/09 20:26:21.0609 5868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/04/09 20:26:21.0671 5868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/04/09 20:26:21.0687 5868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/04/09 20:26:21.0734 5868 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/04/09 20:26:21.0859 5868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/04/09 20:26:21.0890 5868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/04/09 20:26:21.0968 5868 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/04/09 20:26:22.0078 5868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/04/09 20:26:22.0109 5868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/04/09 20:26:22.0281 5868 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    2011/04/09 20:26:22.0562 5868 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/04/09 20:26:22.0625 5868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/04/09 20:26:22.0656 5868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/04/09 20:26:22.0781 5868 NTIDrvr (5535174933a08bb8f1cee26dffb930e4) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    2011/04/09 20:26:22.0843 5868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/04/09 20:26:22.0890 5868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/04/09 20:26:23.0046 5868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/04/09 20:26:23.0109 5868 O2MDRDR (f1072a203fb1e246be62d736a5b88dfd) C:\WINDOWS\system32\DRIVERS\o2media.sys
    2011/04/09 20:26:23.0125 5868 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
    2011/04/09 20:26:23.0171 5868 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/04/09 20:26:23.0250 5868 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
    2011/04/09 20:26:23.0281 5868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/04/09 20:26:23.0296 5868 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/04/09 20:26:23.0328 5868 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/04/09 20:26:23.0359 5868 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/04/09 20:26:23.0375 5868 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/04/09 20:26:23.0453 5868 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/04/09 20:26:23.0468 5868 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/04/09 20:26:23.0515 5868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/04/09 20:26:23.0656 5868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/04/09 20:26:23.0687 5868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/04/09 20:26:23.0750 5868 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/04/09 20:26:23.0765 5868 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/04/09 20:26:23.0781 5868 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/04/09 20:26:23.0796 5868 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/04/09 20:26:23.0812 5868 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/04/09 20:26:23.0843 5868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/04/09 20:26:24.0015 5868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/04/09 20:26:24.0062 5868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/04/09 20:26:24.0109 5868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/04/09 20:26:24.0250 5868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/04/09 20:26:24.0281 5868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/04/09 20:26:24.0343 5868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/04/09 20:26:24.0375 5868 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/04/09 20:26:24.0515 5868 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/04/09 20:26:24.0578 5868 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2011/04/09 20:26:24.0640 5868 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/04/09 20:26:24.0765 5868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/04/09 20:26:24.0828 5868 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
    2011/04/09 20:26:24.0890 5868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/04/09 20:26:25.0109 5868 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/04/09 20:26:25.0140 5868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/04/09 20:26:25.0171 5868 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/04/09 20:26:25.0203 5868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/04/09 20:26:25.0343 5868 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/04/09 20:26:25.0359 5868 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/04/09 20:26:25.0406 5868 SSFS0509 (e4c3b3a14fb2abf5ce1ff05418ba73c1) C:\WINDOWS\system32\Drivers\SSFS0509.SYS
    2011/04/09 20:26:25.0421 5868 SSHRMD (251141fd898c0ef76976f51d39ea881d) C:\WINDOWS\system32\Drivers\SSHRMD.SYS
    2011/04/09 20:26:25.0437 5868 SSIDRV (339e268e1f0df8868045977ccca6391f) C:\WINDOWS\system32\Drivers\SSIDRV.SYS
    2011/04/09 20:26:25.0468 5868 SSKBFD (ca85b64bc98ababdd858143933b6fd4e) C:\WINDOWS\system32\Drivers\sskbfd.sys
    2011/04/09 20:26:25.0531 5868 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/04/09 20:26:25.0656 5868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/04/09 20:26:25.0718 5868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/04/09 20:26:25.0765 5868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/04/09 20:26:25.0906 5868 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/04/09 20:26:25.0921 5868 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/04/09 20:26:25.0968 5868 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/04/09 20:26:25.0984 5868 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/04/09 20:26:26.0015 5868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/04/09 20:26:26.0125 5868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/04/09 20:26:26.0250 5868 TcUsb (72b9e77565da5fa564581976e000d29b) C:\WINDOWS\system32\Drivers\tcusb.sys
    2011/04/09 20:26:26.0328 5868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/04/09 20:26:26.0375 5868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/04/09 20:26:26.0468 5868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/04/09 20:26:26.0562 5868 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/04/09 20:26:26.0687 5868 TpChoice (3afff25eae28188fa4ecd292658be31b) C:\WINDOWS\system32\DRIVERS\TpChoice.sys
    2011/04/09 20:26:26.0734 5868 UBHelper (5e3966a0d9b57531264fc0c835021fa1) C:\WINDOWS\system32\drivers\UBHelper.sys
    2011/04/09 20:26:26.0765 5868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/04/09 20:26:26.0796 5868 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/04/09 20:26:26.0875 5868 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
    2011/04/09 20:26:27.0015 5868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/04/09 20:26:27.0109 5868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/04/09 20:26:27.0218 5868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/04/09 20:26:27.0296 5868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/04/09 20:26:27.0375 5868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/04/09 20:26:27.0500 5868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/04/09 20:26:27.0562 5868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/04/09 20:26:27.0640 5868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/04/09 20:26:27.0703 5868 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/04/09 20:26:27.0796 5868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/04/09 20:26:27.0875 5868 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/04/09 20:26:27.0921 5868 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/04/09 20:26:27.0937 5868 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/04/09 20:26:27.0968 5868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/04/09 20:26:28.0000 5868 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/04/09 20:26:28.0187 5868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/04/09 20:26:28.0250 5868 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    2011/04/09 20:26:28.0437 5868 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/04/09 20:26:28.0468 5868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/04/09 20:26:28.0531 5868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/04/09 20:26:28.0593 5868 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/04/09 20:26:28.0609 5868 ================================================================================
    2011/04/09 20:26:28.0609 5868 Scan finished
    2011/04/09 20:26:28.0609 5868 ================================================================================
    2011/04/09 20:26:28.0625 6160 Detected object count: 1
    2011/04/09 20:27:00.0046 6160 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/04/09 20:27:00.0046 6160 \HardDisk0 - ok
    2011/04/09 20:27:00.0046 6160 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/04/09 20:28:36.0359 0276 Deinitialize success
  6. 2011-04-10, 00:37 #6
    noone
    noone is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    20

    Question Attachments "not allowed"

    Sorry...
    Unable to attach anything to my previous reply (??)
    Here is a copy of the Avira scan report in case it would help...
    See "Recherche débutant dans 'C:\' <ACER>" (in French) near the end.
    Txs


    Avira AntiVir Premium
    Date de création du fichier de rapport : vendredi 8 avril 2011 13:00

    La recherche porte sur 2534339 souches de virus.

    Le programme fonctionne en version intégrale illimitée.
    Les services en ligne sont disponibles.

    Détenteur de la licence : Etienne *****
    Numéro de série : *******-PEPWE-0000001
    Plateforme : Windows XP
    Version de Windows : (Service Pack 3) [5.1.2600]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur : ACER_TM5730

    Informations de version :
    BUILD.DAT : 10.0.0.104 35932 Bytes 07/03/2011 14:25:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 14/03/2011 14:40:38
    AVSCAN.DLL : 10.0.3.0 56168 Bytes 14/03/2011 14:40:37
    LUKE.DLL : 10.0.3.2 104296 Bytes 14/03/2011 14:40:47
    LUKERES.DLL : 10.0.0.0 13672 Bytes 14/03/2011 14:40:47
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:40:12
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:40:24
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 14:40:25
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 11:16:37
    VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 11:16:37
    VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 11:16:37
    VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 11:16:37
    VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 11:16:37
    VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 11:16:37
    VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 11:16:37
    VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 11:16:37
    VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 11:16:37
    VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 11:16:37
    VBASE013.VDF : 7.11.5.235 2048 Bytes 07/04/2011 11:16:37
    VBASE014.VDF : 7.11.5.236 2048 Bytes 07/04/2011 11:16:37
    VBASE015.VDF : 7.11.5.237 2048 Bytes 07/04/2011 11:16:37
    VBASE016.VDF : 7.11.5.238 2048 Bytes 07/04/2011 11:16:37
    VBASE017.VDF : 7.11.5.239 2048 Bytes 07/04/2011 11:16:37
    VBASE018.VDF : 7.11.5.240 2048 Bytes 07/04/2011 11:16:37
    VBASE019.VDF : 7.11.5.241 2048 Bytes 07/04/2011 11:16:37
    VBASE020.VDF : 7.11.5.242 2048 Bytes 07/04/2011 11:16:37
    VBASE021.VDF : 7.11.5.243 2048 Bytes 07/04/2011 11:16:38
    VBASE022.VDF : 7.11.5.244 2048 Bytes 07/04/2011 11:16:38
    VBASE023.VDF : 7.11.5.245 2048 Bytes 07/04/2011 11:16:38
    VBASE024.VDF : 7.11.5.246 2048 Bytes 07/04/2011 11:16:38
    VBASE025.VDF : 7.11.5.247 2048 Bytes 07/04/2011 11:16:38
    VBASE026.VDF : 7.11.5.248 2048 Bytes 07/04/2011 11:16:38
    VBASE027.VDF : 7.11.5.249 2048 Bytes 07/04/2011 11:16:38
    VBASE028.VDF : 7.11.5.250 2048 Bytes 07/04/2011 11:16:38
    VBASE029.VDF : 7.11.5.251 2048 Bytes 07/04/2011 11:16:38
    VBASE030.VDF : 7.11.5.252 2048 Bytes 07/04/2011 11:16:38
    VBASE031.VDF : 7.11.6.10 49152 Bytes 08/04/2011 09:16:35
    Version du moteur : 8.2.4.206
    AEVDF.DLL : 8.1.2.1 106868 Bytes 14/03/2011 14:40:32
    AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 04/04/2011 08:40:44
    AESCN.DLL : 8.1.7.2 127349 Bytes 14/03/2011 14:40:31
    AESBX.DLL : 8.1.3.2 254324 Bytes 14/03/2011 14:40:32
    AERDL.DLL : 8.1.9.9 639347 Bytes 25/03/2011 17:44:40
    AEPACK.DLL : 8.2.6.0 549237 Bytes 07/04/2011 19:16:39
    AEOFFICE.DLL : 8.1.1.20 205177 Bytes 04/04/2011 08:40:43
    AEHEUR.DLL : 8.1.2.97 3428726 Bytes 07/04/2011 19:16:39
    AEHELP.DLL : 8.1.16.1 246134 Bytes 14/03/2011 14:40:29
    AEGEN.DLL : 8.1.5.4 397684 Bytes 04/04/2011 08:40:41
    AEEMU.DLL : 8.1.3.0 393589 Bytes 14/03/2011 14:40:29
    AECORE.DLL : 8.1.20.2 196982 Bytes 07/04/2011 19:16:37
    AEBB.DLL : 8.1.1.0 53618 Bytes 14/03/2011 14:40:29
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/03/2011 14:39:47
    AVPREF.DLL : 10.0.0.0 44904 Bytes 14/03/2011 14:40:37
    AVREP.DLL : 10.0.0.8 62209 Bytes 14/03/2011 14:40:37
    AVREG.DLL : 10.0.3.2 53096 Bytes 14/03/2011 14:40:37
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 14/03/2011 14:40:38
    AVARKT.DLL : 10.0.22.6 231784 Bytes 14/03/2011 14:40:33
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 14/03/2011 14:40:34
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 14/03/2011 14:40:50
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 14/03/2011 14:40:38
    NETNT.DLL : 10.0.0.0 11624 Bytes 14/03/2011 14:40:47
    RCIMAGE.DLL : 10.0.0.32 2631528 Bytes 14/03/2011 14:39:49
    RCTEXT.DLL : 10.0.58.0 99688 Bytes 14/03/2011 14:39:49

    Configuration pour la recherche actuelle :
    Nom de la tâche...............................: Disques durs locaux
    Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
    Documentation.................................: bas
    Action principale.............................: interactif
    Action secondaire.............................: renommer
    Recherche sur les secteurs d'amorçage maître..: marche
    Recherche sur les secteurs d'amorçage.........: marche
    Secteurs d'amorçage...........................: C:, D:,
    Recherche dans les programmes actifs..........: marche
    Recherche en cours sur l'enregistrement.......: marche
    Recherche de Rootkits.........................: marche
    Contrôle d'intégrité de fichiers système......: arrêt
    Fichier mode de recherche.....................: Sélection de fichiers intelligente
    Recherche sur les archives....................: marche
    Limiter la profondeur de récursivité..........: 20
    Archive Smart Extensions......................: marche
    Types d'archives divergents...................: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
    Heuristique de macrovirus.....................: marche
    Heuristique fichier...........................: moyen
    Fichiers à exclure............................: D:\DONNEES\Documents\EVMH\images, D:\DONNEES\Documents\EVMH\Photos, D:\DONNEES\Documents\Mes images, D:\DONNEES\Downloads Scanned,
    Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

    Début de la recherche : vendredi 8 avril 2011 13:00

    La recherche d'objets cachés commence.
    c:\windows\system32\shlcmd.exe
    c:\windows\system32\shlcmd.exe
    [REMARQUE] Le processus n'est pas visible.
    c:\windows\system32\shlcmd.exe
    c:\windows\system32\shlcmd.exe
    c:\windows\system32\shlcmd.exe
    c:\windows\system32\shlcmd.exe
    c:\windows\system32\shlcmd.exe
    c:\windows\system32\svchost.exe
    c:\windows\system32\svchost.exe
    [REMARQUE] Le processus n'est pas visible.
    c:\program files\internet explorer\iexplore.exe
    c:\program files\internet explorer\iexplore.exe
    [REMARQUE] Le processus n'est pas visible.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'rsmsink.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msdtc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'vssvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'xnview.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AcroRd32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'EXCEL.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'opera.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'OUTLOOK.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'X-Lite4.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'DESKTO~1.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'DESKTO~3.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PresentationFontCache.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AVWEBGRD.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'avmailc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SpySweeper.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'o2flash.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SchedulerSvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'BackupSvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés
    Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'IAANTMon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avshadow.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'Agentsvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'btwdins.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence :
    Le registre a été contrôlé ( '497' fichiers).


    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\' <ACER>
    C:\Documents and Settings\Etienne\Application Data\ntuser.dat
    [RESULTAT] Contient le cheval de Troie TR/Obfuscated.29996C
    C:\Documents and Settings\Etienne\Local Settings\Temp\65C.tmp
    [RESULTAT] Contient le cheval de Troie TR/Dldr.Carberp.C.90
    C:\Documents and Settings\Etienne\Local Settings\Temporary Internet Files\Content.IE5\S02ADJQI\063c0f0fd[1].exe
    [RESULTAT] Contient le cheval de Troie TR/Dldr.Dofoil.D.8
    Recherche débutant dans 'D:\' <Data>
    Le répertoire 'D:\DONNEES\Documents\EVMH\images\' a été exclu par la recherche !
    Le répertoire 'D:\DONNEES\Documents\EVMH\Photos\' a été exclu par la recherche !
    Le répertoire 'D:\DONNEES\Documents\Mes images\' a été exclu par la recherche !
    Le répertoire 'D:\DONNEES\Downloads Scanned\' a été exclu par la recherche !

    Début de la désinfection :
    C:\Documents and Settings\Etienne\Local Settings\Temporary Internet Files\Content.IE5\S02ADJQI\063c0f0fd[1].exe
    [RESULTAT] Contient le cheval de Troie TR/Dldr.Dofoil.D.8
    [AVERTISSEMENT] Fichier ignoré.
    C:\Documents and Settings\Etienne\Local Settings\Temp\65C.tmp
    [RESULTAT] Contient le cheval de Troie TR/Dldr.Carberp.C.90
    [AVERTISSEMENT] Fichier ignoré.
    C:\Documents and Settings\Etienne\Application Data\ntuser.dat
    [RESULTAT] Contient le cheval de Troie TR/Obfuscated.29996C
    [AVERTISSEMENT] Fichier ignoré.


    Fin de la recherche : vendredi 8 avril 2011 15:05
    Temps nécessaire: 38:20 Minute(s)

    La recherche a été effectuée intégralement

    5839 Les répertoires ont été contrôlés
    489614 Des fichiers ont été contrôlés
    3 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    0 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    0 Impossible de scanner des fichiers
    489611 Fichiers non infectés
    9188 Les archives ont été contrôlées
    3 Avertissements
    0 Consignes
    30881 Des objets ont été contrôlés lors du Rootkitscan
    8 Des objets cachés ont été trouvés
  7. 2011-04-10, 14:04 #7
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post fresh dds logs too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  8. 2011-04-11, 11:32 #8
    noone
    noone is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    20

    Default Fresh DDS - system slow

    Hi,
    Here are the last DDS report and Attach.txt
    I did a "normal" startup and ran the scan with Windows running also "normally" this time (without killing the explorer process at logon) in order to try to get an actual image of the system...
    But it is impossible for me to work, the system being terribly slow...
    I also checked the task manager and neither the processors, nor the memory seem to be overloaded (?) So, I am wondering if this Click.giftload is still active.
    Anyway there is still something corrupting the OS...
    Thanks

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Etienne at 10:31:30,64 on lun. 11/04/2011
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3001.2235 [GMT 2:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    svchost.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\PLFSetL.exe
    C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\NCH Swift Sound\Talk\talk.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Etienne\Application Data\FW-312826385.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\DOCUME~1\Etienne\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\Etienne\Bureau\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
    mDefault_Page_URL = hxxp://global.acer.com/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=0&o=xpp&d=0311&m=travelmate_5730
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
    TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
    EB: Copernic Desktop Search 2: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
    EB: Copernic Desktop Search 2: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand203000030.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Copernic Desktop Search 2] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
    uRun: [X-Lite 4] "c:\program files\counterpath\x-lite 4\X-Lite4.exe" -bootload
    uRun: [Microsoft Firewall 2.9] "c:\documents and settings\etienne\application data\FW-312826385.exe" /s
    mRun: [preload] c:\windows\RUNXMLPL.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [PLFSetL] c:\windows\PLFSetL.exe
    mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
    mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
    mRun: [AzMixerSel] "c:\program files\realtek\audio\installshield\AzMixerSel.exe"
    mRun: [ePower_DMC] "c:\program files\acer\empowering technology\epower\ePower_DMC.exe"
    mRun: [Boot] "c:\program files\acer\empowering technology\epower\Boot.exe"
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Talk] "c:\program files\nch swift sound\talk\talk.exe" -logon
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [EEventManager] "c:\program files\epson\creativity suite\event manager\EEventManager.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\fichiers communs\adobe\arm\1.0\AdobeARM.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Envoyer au périphérique &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    TCP: {D1339E03-3B20-4221-B23C-331EC7B923AE} = 192.74.208.65,194.119.228.67
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
    Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
    Notify: igfxcui - igfxdev.dll
    Notify: spba - c:\program files\fichiers communs\spba\homefus2.dll
    Notify: WRNotifier - WRLogonNTF.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-14 11608]
    R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-7-21 201288]
    R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-14 339624]
    R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2011-3-14 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-14 269480]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-14 421032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-14 61960]
    R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
    R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-6 50424]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
    R2 WebrootSpySweeperService;Moteur Webroot Spy Sweeper;c:\program files\spy sweeper\SpySweeper.exe [2006-1-25 3379264]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2011-3-14 108032]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-13 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
    R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\drivers\TpChoice.sys [2007-12-26 17968]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-3-16 1691480]
    S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-7-24 79304]
    S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-7-21 35240]
    S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2007-7-24 33800]
    S3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2007-7-21 40488]
    .
    =============== Created Last 30 ================
    .
    2011-04-09 22:36:13 -------- d-----w- c:\windows\system32\SoftwareDistribution
    2011-04-09 22:24:20 -------- d-----w- C:\Desktop
    2011-04-06 13:39:45 29996 ---h--w- c:\docume~1\etienne\applic~1\ntuser.dat
    2011-04-06 13:39:45 100352 ---h--w- c:\docume~1\etienne\applic~1\FW-312826385.exe
    2011-04-04 13:51:52 -------- d-----w- c:\program files\MSECache
    2011-03-31 16:43:40 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath Corporation
    2011-03-31 16:43:33 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\CounterPath
    2011-03-31 16:43:00 -------- d-----w- c:\program files\CounterPath
    2011-03-31 16:40:32 14048 ------w- c:\windows\system32\spmsg2.dll
    2011-03-31 16:38:21 -------- d-----w- c:\windows\system32\XPSViewer
    2011-03-31 16:37:49 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    2011-03-31 16:37:28 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2011-03-31 16:37:28 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2011-03-31 16:37:28 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
    2011-03-31 16:37:28 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
    2011-03-31 16:37:28 575488 ------w- c:\windows\system32\xpsshhdr.dll
    2011-03-31 16:37:28 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
    2011-03-31 16:37:28 1676288 ------w- c:\windows\system32\xpssvcs.dll
    2011-03-31 16:37:28 117760 ------w- c:\windows\system32\prntvpt.dll
    2011-03-31 15:02:04 178176 ----a-r- c:\windows\system32\CNMIUA1.DLL
    2011-03-31 15:01:47 70656 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPA1.DLL
    2011-03-31 15:01:47 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDA1.DLL
    2011-03-31 15:01:46 272384 ----a-w- c:\windows\system32\CNMLMA1.DLL
    2011-03-29 14:09:06 282624 ----a-w- c:\program files\fichiers communs\installshield\updateservice\agent.exe
    2011-03-29 14:06:22 57344 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\ctor.dll
    2011-03-29 14:06:22 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2011-03-29 14:06:22 237568 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iscript.dll
    2011-03-29 14:06:22 155648 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iuser.dll
    2011-03-29 14:06:21 696320 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iKernel.dll
    2011-03-29 14:06:21 282756 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\setup.dll
    2011-03-29 14:06:21 163972 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\0701\intel32\iGdi.dll
    2011-03-29 14:05:42 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
    2011-03-29 14:05:32 65536 ----a-w- c:\windows\system32\EPPicMgr.dll
    2011-03-29 14:05:32 413696 ----a-w- c:\windows\system32\PICSDK.dll
    2011-03-29 14:05:32 114688 ----a-w- c:\windows\system32\EpPicPrt.dll
    2011-03-29 14:05:27 724992 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iKernel.dll
    2011-03-29 14:05:27 69715 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\ctor.dll
    2011-03-29 14:05:27 5632 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\DotNetInstaller.exe
    2011-03-29 14:05:27 266240 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iscript.dll
    2011-03-29 14:05:27 192512 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iuser.dll
    2011-03-29 14:05:26 311428 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\Setup.dll
    2011-03-29 14:05:26 184452 ----a-w- c:\program files\fichiers communs\installshield\professional\runtime\09\00\intel32\iGdi.dll
    2011-03-29 14:04:04 -------- d-----w- c:\program files\epson
    2011-03-29 14:00:59 29696 ----a-w- c:\windows\system32\escwiab.dll
    2011-03-29 14:00:58 33280 ----a-w- c:\windows\system32\esccm.dll
    2011-03-29 14:00:58 27648 ----a-w- c:\windows\system32\escimg.dll
    2011-03-29 14:00:57 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2011-03-29 14:00:57 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2011-03-24 11:49:13 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2011-03-23 12:36:12 22080 ----a-w- c:\windows\system32\drivers\sshrmd.sys
    2011-03-23 12:36:12 21056 ----a-w- c:\windows\system32\drivers\sskbfd.sys
    2011-03-23 12:36:12 20544 ----a-w- c:\windows\system32\drivers\SSFS0509.sys
    2011-03-23 12:36:12 144960 ----a-w- c:\windows\system32\drivers\ssidrv.sys
    2011-03-23 12:36:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
    2011-03-23 12:34:13 -------- d-----w- c:\docume~1\etienne\applic~1\Webroot
    2011-03-23 10:45:31 -------- d-----w- c:\program files\MSSOAP
    2011-03-23 10:24:12 1563008 ----a-w- c:\windows\WRSetup.dll
    2011-03-23 09:50:39 102912 ----a-w- c:\windows\system32\islzma.dll
    2011-03-23 09:50:29 -------- d-----w- c:\program files\Spy Sweeper
    2011-03-22 22:13:24 -------- d-----w- c:\docume~1\etienne\applic~1\Malwarebytes
    2011-03-22 10:15:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-03-22 10:15:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-03-21 23:03:19 -------- d-----w- c:\windows\pss
    2011-03-21 17:02:58 -------- d-----w- c:\program files\GhostScript
    2011-03-21 16:19:45 73216 ----a-w- c:\windows\cadkasdeinst01f.exe
    2011-03-19 12:17:56 -------- d-----w- c:\windows\system32\NtmsData
    2011-03-16 18:32:44 327168 ----a-w- c:\windows\IsUn040c.exe
    2011-03-16 12:06:25 359016 ----a-w- c:\windows\vncutil.exe
    2011-03-16 12:06:21 55912 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2011-03-16 12:06:21 129640 ----a-w- c:\windows\RtkAudioService.exe
    2011-03-16 12:06:20 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
    2011-03-16 12:06:18 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
    2011-03-16 11:34:34 37888 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys
    2011-03-16 11:34:34 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
    2011-03-16 11:17:05 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
    2011-03-14 21:32:20 199176 ----a-w- c:\windows\GVUni.exe
    2011-03-14 21:32:19 5120 ----a-w- c:\windows\system32\FILTRCOI.DLL
    2011-03-14 21:32:19 207368 ----a-w- c:\windows\UNINST32.EXE
    2011-03-14 21:32:19 17408 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
    2011-03-14 21:31:50 49152 ----a-w- c:\windows\Interop.IWshRuntimeLibrary.dll
    2011-03-14 21:31:50 380928 ----a-w- c:\windows\AcerStore.exe
    2011-03-14 21:31:20 659456 ----a-w- c:\windows\system32\NETw5c32.dll
    2011-03-14 21:31:20 3626112 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
    2011-03-14 21:31:20 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
    2011-03-14 21:31:19 -------- d-----w- c:\windows\WLAN
    2011-03-14 21:30:32 -------- d-----w- c:\windows\VGA
    2011-03-14 21:30:24 147456 ----a-w- c:\windows\PLAUNCH.EXE
    2011-03-14 21:30:23 -------- d-----w- c:\windows\Lan
    2011-03-14 18:17:49 -------- d-----w- C:\TMP
    2011-03-14 18:16:40 184320 ----a-w- c:\windows\system32\BDEADMIN.CPL
    2011-03-14 18:16:32 -------- d-----w- c:\program files\Common Files
    2011-03-14 18:16:13 -------- d-----w- c:\program files\Data-Concept
    2011-03-14 18:15:56 304128 ----a-w- c:\windows\unin040c.exe
    2011-03-14 18:15:52 -------- d-----w- c:\documents and settings\etienne\WINDOWS
    2011-03-14 18:09:33 -------- d-----w- c:\program files\PowerArchiver
    2011-03-14 18:02:57 -------- d-----w- c:\docume~1\etienne\applic~1\XnView
    2011-03-14 18:02:32 -------- d-----w- c:\program files\XnView
    2011-03-14 18:00:06 -------- d-----w- c:\program files\VideoLAN
    2011-03-14 17:56:01 -------- d-----w- c:\program files\NK2View
    2011-03-14 17:52:49 -------- d-----w- c:\program files\Kyocera
    2011-03-14 17:51:13 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
    2011-03-14 17:51:13 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
    2011-03-14 17:47:59 100580 ------w- c:\windows\system32\KMPJLMN.DLL
    2011-03-14 17:47:52 46877 ------w- c:\windows\system32\KM-PMKN.DLL
    2011-03-14 17:37:22 176235 ----a-w- c:\windows\system32\Primomonnt.dll
    2011-03-14 17:37:19 -------- d-----w- c:\windows\PrimoPDF
    2011-03-14 17:37:19 -------- d-----w- c:\program files\PrimoPDF
    2011-03-14 17:36:40 -------- d-----w- c:\program files\Unlocker
    2011-03-14 16:21:42 -------- d-----w- c:\program files\NCH Swift Sound
    2011-03-14 16:14:19 -------- d-----r- c:\program files\Skype
    2011-03-14 15:47:20 -------- d-----w- c:\docume~1\etienne\applic~1\Avira
    2011-03-14 15:37:02 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
    2011-03-14 15:37:02 28040 ----a-w- c:\windows\system32\mdimon.dll
    2011-03-14 15:35:50 -------- d-----w- c:\windows\SHELLNEW
    2011-03-14 14:57:15 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Opera
    2011-03-14 14:49:05 -------- d-----w- c:\docume~1\etienne\locals~1\applic~1\Copernic
    2011-03-14 14:48:49 -------- d-----w- c:\program files\Copernic Desktop Search 2
    2011-03-14 14:47:53 -------- d-----w- c:\program files\CCleaner
    2011-03-14 14:42:52 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-03-14 14:42:51 -------- d-----w- c:\program files\Avira
    2011-03-14 14:42:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2011-03-14 14:23:00 -------- d-----w- c:\program files\Acer Inc
    2011-03-14 14:09:33 -------- d-----w- c:\program files\Launch Manager
    2011-03-14 14:08:47 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
    2011-03-14 14:08:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Corel
    2011-03-14 14:08:28 -------- d-----w- c:\program files\fichiers communs\InterVideo
    2011-03-14 14:08:27 -------- d-----w- c:\program files\fichiers communs\Protexis
    2011-03-14 14:06:51 321024 ----a-w- c:\windows\system32\ERUpdateHidden.EXE
    2011-03-14 14:06:51 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
    2011-03-14 14:06:50 258048 ----a-w- c:\windows\system32\CheckD2DSystem.exe
    2011-03-14 14:06:50 16384 ----a-w- c:\windows\system32\ClearEvent.exe
    2011-03-14 14:06:50 159744 ----a-w- c:\windows\system32\CloseProcessWindow.dll
    2011-03-14 14:05:56 78208 ----a-w- c:\windows\system32\drivers\epm-shd.sys
    2011-03-14 14:05:56 53248 ----a-w- c:\windows\system32\acpimof.dll
    2011-03-14 14:05:56 45056 ----a-w- c:\windows\system32\Epm-Po.dll
    2011-03-14 14:05:56 4096 ----a-w- c:\windows\system32\drivers\epm-psd.sys
    2011-03-14 14:05:16 69632 ----a-w- c:\windows\system32\eRecUtil.dll
    2011-03-14 14:05:16 24576 ----a-w- c:\windows\system32\SysMonitor.exe
    2011-03-14 14:05:14 1047552 ----a-w- c:\windows\system32\mfc71u.dll
    2011-03-14 13:58:54 24578845 ----a-w- c:\windows\system32\acer.exe
    2011-03-14 13:58:52 36909056 ----a-w- c:\windows\system32\acer.scr
    2011-03-14 13:58:47 -------- d-----w- c:\program files\Acer Incorporated
    2011-03-14 13:58:26 -------- d-----w- c:\windows\ACER
    2011-03-14 13:58:08 49152 ----a-w- c:\windows\system32\ChCfg.exe
    2011-03-14 13:56:54 118784 ----a-w- c:\windows\system32\VMC3KAPI.dll
    2011-03-14 13:56:54 114688 ----a-w- c:\windows\system32\VCryptAPI.dll
    2011-03-14 13:56:41 23040 ----a-w- c:\windows\system32\ShlCmd.exe
    2011-03-14 13:56:40 5632 ----a-w- c:\windows\system32\biologon.dll
    2011-03-14 13:56:32 42608 ----a-w- c:\windows\system32\drivers\AlfaFF.sys
    2011-03-14 13:56:32 338416 ----a-w- c:\windows\system32\DrvCrypt.dll
    2011-03-14 13:56:32 24048 ----a-w- c:\windows\system32\AlfaFF.dll
    2011-03-14 13:56:27 1468928 ----a-w- c:\windows\system32\bsapi.dll
    2011-03-14 13:56:26 -------- d-----w- c:\program files\Acer
    2011-03-14 13:56:16 50576 ----a-w- c:\windows\system32\drivers\tcusb.sys
    2011-03-14 13:56:08 -------- d-----w- c:\program files\fichiers communs\SPBA
    2011-03-14 13:53:21 101120 -c--a-w- c:\windows\system32\dllcache\bthpan.sys
    2011-03-14 13:52:29 141056 -c--a-w- c:\windows\system32\dllcache\ks.sys
    2011-03-14 13:52:29 141056 ----a-w- c:\windows\system32\drivers\ks.sys
    2011-03-14 13:52:29 108032 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
    2011-03-14 13:52:27 23552 ----a-w- c:\windows\system32\wdmaud.drv
    2011-03-14 13:52:27 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
    2011-03-14 13:52:27 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
    2011-03-14 13:52:26 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
    2011-03-14 13:52:26 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
    2011-03-14 13:52:26 4096 ----a-w- c:\windows\system32\ksuser.dll
    2011-03-14 13:52:25 49408 -c--a-w- c:\windows\system32\dllcache\stream.sys
    2011-03-14 13:52:25 49408 ----a-w- c:\windows\system32\drivers\stream.sys
    2011-03-14 13:52:25 129536 ----a-w- c:\windows\system32\ksproxy.ax
    2011-03-14 12:37:41 -------- d-----w- c:\windows\system32\LogFiles
    2011-03-14 12:35:18 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2011-03-14 12:35:14 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
    2011-03-14 12:35:14 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
    2011-03-14 12:35:13 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
    2011-03-14 12:35:13 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
    2011-03-14 12:35:12 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
    2011-03-14 12:35:12 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
    2011-03-14 12:35:12 142592 ----a-w- c:\windows\system32\drivers\aec.sys
    2011-03-14 12:35:11 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
    2011-03-14 12:35:10 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2011-03-14 12:34:50 -------- d-----w- c:\program files\CONEXANT
    2011-03-14 12:34:29 -------- d-----w- c:\windows\system32\RTCOM
    .
    ==================== Find3M ====================
    .
    2011-03-10 10:27:50 1377112 ----a-w- C:\TDSSKiller.exe
    2011-02-17 13:02:04 20029032 ----a-w- c:\windows\RTHDCPL.EXE
    2011-02-09 14:56:00 1284712 ----a-w- c:\windows\RtlExUpd.dll
    .
    ============= FINISH: 10:32:16,40 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professionnel
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/03/2011 14:39:39
    System Uptime: 11/04/2011 10:13:24 (0 hours ago)
    .
    Motherboard: Acer | | Homa
    Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 1995/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 70 GiB total, 44,18 GiB free.
    D: is FIXED (NTFS) - 70 GiB total, 52,883 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 14/03/2011 14:39:45 - Point de vérification système
    RP2: 14/03/2011 14:55:28 - Installé Acer Crystal Eye Webcam Video Class Camera
    RP3: 14/03/2011 14:55:49 - Installé Acer Crystal Eye Webcam 2.0.8.4
    RP4: 14/03/2011 14:57:36 - Installé Realtek High Definition Audio Driver
    RP5: 14/03/2011 14:58:25 - Installed Acer ScreenSaver
    RP6: 14/03/2011 15:02:37 - Removed 2007 Microsoft Office system
    RP7: 14/03/2011 15:05:08 - Installé Acer Empowering Technology
    RP8: 14/03/2011 15:05:56 - Installé Acer ePower Management
    RP9: 14/03/2011 15:06:28 - Installé eSobi v2
    RP10: 14/03/2011 15:42:51 - Avira AntiVir Premium - 14/03/2011 15:41
    RP11: 14/03/2011 16:14:06 - 2011.03.14 Après réinstall
    RP12: 14/03/2011 16:35:39 - Installé Microsoft Office Professional Edition 2003
    RP13: 14/03/2011 16:45:15 - Pilote d'imprimante Microsoft Office Document Image Wr installé
    RP14: 14/03/2011 16:53:55 - Installed Microsoft Outlook Personal Folders Backup
    RP15: 14/03/2011 18:29:26 - 20110314 Après install MSOFFICE 2003 SP3
    RP16: 14/03/2011 18:37:28 - Pilote d'imprimante PrimoPDF installé
    RP17: 14/03/2011 18:53:01 - Pilote d'imprimante Kyocera FS-920 KX installé
    RP18: 15/03/2011 20:00:38 - Point de vérification système
    RP19: 16/03/2011 13:06:17 - Installé Realtek High Definition Audio Driver
    RP20: 16/03/2011 14:32:02 - Installation finale av. Outlook OK
    RP21: 17/03/2011 21:15:47 - Point de vérification système
    RP22: 19/03/2011 14:28:49 - Point de vérification système
    RP23: 21/03/2011 14:26:40 - Point de vérification système
    RP24: 22/03/2011 20:59:23 - Point de vérification système
    RP25: 23/03/2011 23:06:54 - Point de vérification système
    RP26: 24/03/2011 0:53:54 - Supprimé Activation Assistant for the 2007 Microsoft Office suites
    RP27: 25/03/2011 19:21:00 - Point de vérification système
    RP28: 27/03/2011 15:26:38 - Point de vérification système
    RP29: 28/03/2011 20:50:20 - Point de vérification système
    RP30: 29/03/2011 16:05:32 - Installé EPSON EasyPrintModule
    RP31: 29/03/2011 16:05:40 - Installé ABBYY FineReader 5.0 Sprint Plus
    RP32: 29/03/2011 16:07:58 - Installed EPSON Attach To Email
    RP33: 29/03/2011 16:08:27 - Installed EPSON Send To Web
    RP34: 29/03/2011 16:09:05 - Installé EPSON Image Clip Palette
    RP35: 29/03/2011 16:09:43 - Installé EPSON Event Manager
    RP36: 29/03/2011 16:10:20 - Installé EPSON Scan Assistant
    RP37: 29/03/2011 16:10:53 - Installé EPSON File Manager
    RP38: 29/03/2011 16:10:57 - Installé EPSON File Manager
    RP39: 30/03/2011 20:12:01 - Point de vérification système
    RP40: 31/03/2011 18:37:36 - Installed Windows KB954550-v5.
    RP41: 31/03/2011 18:37:44 - Pilote d'imprimante Microsoft XPS Document Writer installé
    RP42: 31/03/2011 18:37:53 - Pilote d'imprimante Microsoft XPS Document Writer installé
    RP43: 31/03/2011 18:40:32 - Installed %1 %2.
    RP44: 31/03/2011 18:43:00 - Installed X-Lite 4
    RP45: 1/04/2011 21:18:50 - Point de vérification système
    RP46: 4/04/2011 14:00:30 - Point de vérification système
    RP47: 4/04/2011 15:52:01 - Installé Module de compatibilité pour Microsoft Office System 2007
    RP48: 5/04/2011 21:20:34 - Point de vérification système
    RP49: 7/04/2011 13:58:57 - Point de vérification système
    RP50: 8/04/2011 20:09:06 - Point de vérification système
    RP51: 9/04/2011 20:53:58 - Point de vérification système
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 5.0 Sprint Plus
    Acer Bio Protection
    Acer Crystal Eye Webcam 2.0.8.4
    Acer Crystal Eye Webcam Video Class Camera
    Acer Empowering Technology
    Acer ePower Management
    Acer GridVista
    Acer ScreenSaver
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Reader 8.2.6
    ALPS Touch Pad Driver
    Analyseur MSXML 6.0
    Avira AntiVir Premium
    Broadcom Gigabit Integrated Controller
    Canon iP4700 series Printer Driver
    CCleaner
    Copernic Desktop Search 2
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Event Manager
    EPSON File Manager
    EPSON Image Clip Palette
    EPSON Scan
    EPSON Scan Assistant
    EPSON Send To Web
    ERUNT 1.1j
    Express Talk
    Fastworks- Desktop
    Fastworks-Entreprise
    Fichiers de prise en charge de l'installation de Microsoft SQL*Server (Français)
    GPL Ghostscript 9.01
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    InterVideo WinDVD 8
    Kyocera Product Library
    Launch Manager
    LightScribe 1.4.142.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
    Microsoft .NET Framework 3.5 Language Pack SP1 - fra
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Professional Edition 2003
    Microsoft Office Small Business Connectivity Components
    Microsoft Outlook Personal Folders Backup
    Microsoft SQL Server Native Client
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    Mise à jour de sécurité pour Windows XP (KB950760)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951698)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour pour Windows XP (KB942763)
    Mise à jour pour Windows XP (KB951978)
    Module de compatibilité pour Microsoft Office System 2007
    Module linguistique Microsoft .NET Framework 3.5 SP1- fra
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NTI Shadow
    O2Micro Flash Memory Card Reader Driver (x86)
    Opera 11.01
    PERF4990P Guide de référence
    PowerArchiver
    PrimoPDF
    PrimoPDF Redistribution Package
    Realtek High Definition Audio Driver
    Skype™ 5.1
    SPBA 5.8
    Spy Sweeper
    Spybot - Search & Destroy
    Unlocker 1.8.8
    WebFldrs XP
    WIDCOMM Bluetooth Software
    Windows Internet Explorer 7
    X-Lite 4
    XML Paper Specification Shared Components Language Pack 1.0
    XnView 1.97.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/04/2011 11:17:10, error: Service Control Manager [7000] - Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur*: Le chemin d'accès spécifié est introuvable.
    5/04/2011 11:10:15, error: Service Control Manager [7000] - Le service McAfee Real-time Scanner n'a pas pu démarrer en raison de l'erreur*: Le chemin d'accès spécifié est introuvable.
    4/04/2011 12:54:49, error: Service Control Manager [7034] - Le service O2Micro Flash Memory Card Service s'est terminé de façon inattendue pour la 1ème fois.
    4/04/2011 12:54:35, error: Service Control Manager [7034] - Le service NTI Backup Now 5 Backup Service s'est terminé de façon inattendue pour la 1ème fois.
    .
    ==== End Of File ===========================
  9. 2011-04-11, 12:55 #9
    Blade81
    Blade81 is offline
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Please post contents of that file in your next reply.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  10. 2011-04-11, 14:07 #10
    noone
    noone is offline
    Junior Member
    Join Date
    Apr 2011
    Posts
    20

    Default MBAM report

    Here we go...
    Applications are apparently running normally after "normal" reboot, but Windows took a while to start up. I don't know if this is due to completion of MBAM cleaning ?


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6330

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/04/2011 13:55:11
    mbam-log-2011-04-11 (13-55-11).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 230281
    Temps écoulé: 45 minute(s), 20 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Value: Microsoft Firewall 2.9 -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\documents and settings\Etienne\application data\ntuser.dat (VirTool.Obfuscator) -> Quarantined and deleted successfully.
    c:\documents and settings\Etienne\application data\fw-312826385.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules