Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many virus, Google redirects, slow computer


  • Please log in to reply
20 replies to this topic

#1 l_aurence

l_aurence

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 28 August 2011 - 02:00 PM

Hi!
I had a dell netbook and caught a virus, or probably more than one a while ago. I have stopped using my computer because it's very slow has pop ups all the time and won't shut down unless I force it to.
I caught a virus on a tv show webpage. A fake antivirus page showed and I could close it unless I clicked on it, since then it's been really bad.

In the first minutes I can use my computer but after a little bit of time, it gets really slow I can't use more than one application. There is a sound that keeps coming, like an error sound when you close a document that you didn't save. I have installed Avira and it keeps telling me it's infected and I stop the viruses from coming all the time.

When I open a webpage the home page changes and brings me to a ''win an ipad contest'' or other webpages of that type.

I don't know if I should reboot my computer, and I don't know how to do it either. I have a backup of all that's on my computer so I don't mind. I just want to make sure I still have all the original programs afterwards. I have all the installations CDs that came with the computer, but since it's a netbook, I can't use CD on my computer.

Thank you very much for all your help with saving my computer!

Laurence

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 28 August 2011 - 06:14 PM

Welcome aboard Posted Image

Restart computer in safe mode and let me know if you can operate it better.
We'll go from there.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 05 September 2011 - 02:32 PM

Hi Broni!
Thanks for your fast answer, I am new to this site and didn't see you answer up until now.
I was able to access the boot menu (I hit the f12 button when I opened my computer)
Thanks so much!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 05 September 2011 - 02:46 PM

I was able to access the boot menu

...and?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 05 September 2011 - 05:14 PM

I was able to open it in safe mode.. My computer is set up in french so that was a little bit harder to find....
What's the next step?

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 05 September 2011 - 05:32 PM

Restart in Safe Mode with Networking.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 05 September 2011 - 10:25 PM

Hi!
Here are the results of the different scans some of the text from the mini tool box is in french...

Security check up:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Professional
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9 - FranÁais
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.18)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````




Mini tool box:

MiniToolBox by Farbar
Ran by Laurence (administrator) on 05-09-2011 at 19:27:04
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


184.95.59.211 www.google.com
184.95.59.212 search.yahoo.com
184.95.59.212 www.bing.com


========================= IP Configuration: ================================

# ----------------------------------
# Configuration IP de l'interface
# ----------------------------------
pushd interface ip


# Configuration IP de l'interface pour "Connexion rÇseau sans fil"

set address name="Connexion rÇseau sans fil" source=dhcp
set dns name="Connexion rÇseau sans fil" source=dhcp register=PRIMARY
set wins name="Connexion rÇseau sans fil" source=dhcp


popd
# Fin de la configuration IP de l'interface




Configuration IP de Windows



Nom de l'hÙte . . . . . . . . . . : Mimosa

Suffixe DNS principal . . . . . . :

Type de núud . . . . . . . . . . : Hybride

Routage IP activÈ . . . . . . . . : Non

Proxy WINS activÈ . . . . . . . . : Non



Carte Ethernet Connexion rÈseau sans fil:



Suffixe DNS propre ‡ la connexion :

Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter

Adresse physique . . . . . . . . .: 00-26-4D-82-52-C9

DHCP activÈ. . . . . . . . . . . : Oui

Configuration automatique activÈe . . . . : Oui

Adresse IP. . . . . . . . .†. . . : 10.0.1.7

Masque de sous-rÈseau . . .†. . . : 255.255.255.0

Passerelle par dÈfaut . . .†. . . : 10.0.1.1

Serveur DHCP. . . . . . . . . . . : 10.0.1.1

Serveurs DNS . . . . . . . . . . : 10.0.1.1

Bail obtenu . . . . . . . .†. . . : 5 septembre 2011 19:16:50

Bail expirant . . . . . . .†. . . : 5 septembre 2011 23:16:50

Serveur : UnKnown
Address: 10.0.1.1

Nom : google.com
Addresses: 74.125.113.106, 74.125.113.104, 74.125.113.147, 74.125.113.103
74.125.113.105, 74.125.113.99



Envoi d'une requàte 'ping' sur google.com [74.125.113.106] avec 32 octets de donnÇesˇ:



RÇponse de 74.125.113.106ˇ: octets=32 temps=179 ms TTL=52

RÇponse de 74.125.113.106ˇ: octets=32 temps=35 ms TTL=52



Statistiques Ping pour 74.125.113.106:

Paquetsˇ: envoyÇs = 2, reáus = 2, perdus = 0 (perte 0%),

DurÇe approximative des boucles en millisecondes :

Minimum = 35ms, Maximum = 179ms, Moyenne = 107ms

Serveur : UnKnown
Address: 10.0.1.1

Nom : yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Envoi d'une requàte 'ping' sur yahoo.com [67.195.160.76] avec 32 octets de donnÇesˇ:



RÇponse de 67.195.160.76ˇ: octets=32 temps=38 ms TTL=54

RÇponse de 67.195.160.76ˇ: octets=32 temps=22 ms TTL=54



Statistiques Ping pour 67.195.160.76:

Paquetsˇ: envoyÇs = 2, reáus = 2, perdus = 0 (perte 0%),

DurÇe approximative des boucles en millisecondes :

Minimum = 22ms, Maximum = 38ms, Moyenne = 30ms



Envoi d'une requàte 'ping' sur 127.0.0.1 avec 32 octets de donnÇesˇ:



RÇponse de 127.0.0.1ˇ: octets=32 temps<1ms TTL=128

RÇponse de 127.0.0.1ˇ: octets=32 temps<1ms TTL=128



Statistiques Ping pour 127.0.0.1:

Paquetsˇ: envoyÇs = 2, reáus = 2, perdus = 0 (perte 0%),

DurÇe approximative des boucles en millisecondes :

Minimum = 0ms, Maximum = 0ms, Moyenne = 0ms

===========================================================================
Liste d'Interfaces
0x1 ........................... MS TCP Loopback interface
0x2 ...00 26 4d 82 52 c9 ...... Atheros AR9285 802.11b/g/n WiFi Adapter - Miniport d'ordonnancement de paquets
===========================================================================
===========================================================================
ItinÇraires actifsˇ:
Destination rÇseau Masque rÇseau Adr. passerelle Adr. interface MÇtrique
0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.7 25
10.0.1.0 255.255.255.0 10.0.1.7 10.0.1.7 25
10.0.1.7 255.255.255.255 127.0.0.1 127.0.0.1 25
10.255.255.255 255.255.255.255 10.0.1.7 10.0.1.7 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.0.1.7 10.0.1.7 20
224.0.0.0 240.0.0.0 10.0.1.7 10.0.1.7 25
255.255.255.255 255.255.255.255 10.0.1.7 10.0.1.7 1
Passerelle par dÇfautˇ: 10.0.1.1
===========================================================================
ItinÇraires persistantsˇ:
Aucun

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/05/2011 07:24:30 PM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: La mise ‡ jour de MIMOSA (10.0.1.7) a ÈchouÈ.
Annulation par l'utilisateur .
Aucun nouveau fichier n'a ÈtÈ chargÈ.

Error: (09/05/2011 07:20:58 PM) (Source: Avira AntiVir) (User: SYSTEM)SYSTEM
Description: La mise ‡ jour de MIMOSA (10.0.1.7) a ÈchouÈ.
Annulation par l'utilisateur .
Aucun nouveau fichier n'a ÈtÈ chargÈ.

Error: (07/30/2011 11:41:52 AM) (Source: Application Error) (User: )
Description: Application dÈfaillante skype.exe, version 5.0.0.152, module dÈfaillant skype.exe, version 5.0.0.152, adresse de dÈfaillance 0x004eacbe.
Traitement de l'ÈvÈnement propre au support pour [skype.exe!ws!]

Error: (07/28/2011 07:55:10 AM) (Source: ESENT) (User: )
Description: svchost (1028) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" pour accËs en lecture/Ècriture a ÈchouÈ en indiquant l'erreur systËme 32 (0x00000020) : "Le processus ne peut pas accÈder au fichier car ce fichier est utilisÈ par un autre processus. ". L'opÈration d'ouverture de fichier Èchouera en indiquant l'erreur -1032 (0xfffffbf8).

Error: (07/27/2011 10:48:06 PM) (Source: crypt32) (User: )
Description: …chec de la rÈcupÈration de la mise ‡ jour automatique du numÈro de sÈquence de la liste racine tierce partie ‡ partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion rÈseau n'existe pas.

Error: (07/27/2011 10:48:06 PM) (Source: crypt32) (User: )
Description: …chec de la rÈcupÈration de la mise ‡ jour automatique du numÈro de sÈquence de la liste racine tierce partie ‡ partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : The connection with the server was terminated abnormally

Error: (07/27/2011 08:33:04 PM) (Source: ESENT) (User: )
Description: svchost (1184) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" pour accËs en lecture/Ècriture a ÈchouÈ en indiquant l'erreur systËme 32 (0x00000020) : "Le processus ne peut pas accÈder au fichier car ce fichier est utilisÈ par un autre processus. ". L'opÈration d'ouverture de fichier Èchouera en indiquant l'erreur -1032 (0xfffffbf8).

Error: (07/27/2011 07:32:29 PM) (Source: crypt32) (User: )
Description: …chec de la rÈcupÈration de la mise ‡ jour automatique du numÈro de sÈquence de la liste racine tierce partie ‡ partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : Cette connexion rÈseau n'existe pas.

Error: (07/27/2011 07:32:28 PM) (Source: crypt32) (User: )
Description: …chec de la rÈcupÈration de la mise ‡ jour automatique du numÈro de sÈquence de la liste racine tierce partie ‡ partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : The connection with the server was terminated abnormally

Error: (07/27/2011 06:26:52 PM) (Source: ESENT) (User: )
Description: svchost (1004) Une tentative d'ouverture du fichier "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" pour accËs en lecture/Ècriture a ÈchouÈ en indiquant l'erreur systËme 32 (0x00000020) : "Le processus ne peut pas accÈder au fichier car ce fichier est utilisÈ par un autre processus. ". L'opÈration d'ouverture de fichier Èchouera en indiquant l'erreur -1032 (0xfffffbf8).


System errors:
=============
Error: (09/05/2011 06:37:18 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM a reÁu l'erreur "%%1084" lors de la mise en route du service EventSystem avec les arguments ""
pour dÈmarrer le serveur†:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/05/2011 06:37:12 PM) (Source: DCOM) (User: Laurence)
Description: DCOM a reÁu l'erreur "%%1084" lors de la mise en route du service netman avec les arguments ""
pour dÈmarrer le serveur†:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/05/2011 06:14:05 PM) (Source: DCOM) (User: Laurence)
Description: DCOM a reÁu l'erreur "%%1084" lors de la mise en route du service netman avec les arguments ""
pour dÈmarrer le serveur†:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le pilote de dÈmarrage systËme ou d'amorÁage suivant n'a pas pu se charger†:
AFD
avgio
avipbb
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
ssmdrv
Tcpip
WS2IFSL

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le service Services IPSEC dÈpend du service Pilote IPSEC qui n'a pas pu dÈmarrer en raison de l'erreur†:
%%31

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le service Service Bonjour dÈpend du service Pilote du protocole TCP/IP qui n'a pas pu dÈmarrer en raison de l'erreur†:
%%31

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le service Apple Mobile Device dÈpend du service Pilote du protocole TCP/IP qui n'a pas pu dÈmarrer en raison de l'erreur†:
%%31

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le service Assistance TCP/IP NetBIOS dÈpend du service AFD qui n'a pas pu dÈmarrer en raison de l'erreur†:
%%31

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le service Client DNS dÈpend du service Pilote du protocole TCP/IP qui n'a pas pu dÈmarrer en raison de l'erreur†:
%%31

Error: (09/05/2011 06:14:04 PM) (Source: Service Control Manager) (User: )
Description: Le service Client DHCP dÈpend du service NetBIOS sur TCP/IP qui n'a pas pu dÈmarrer en raison de l'erreur†:
%%31


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

3ivx MPEG-4 5.0.3 (remove only) (Version: 5.0.3)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Reader 9 - FranÁais (Version: 9.0.0)
Advanced Audio FX Engine (Version: 1.12.05)
Antidote HD (Version: 7.5.7006)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Assistant de connexion Windows Live (Version: 5.000.818.5)
Avira AntiVir Professional (Version: 10.0.0.101)
Battery Meter (Version: 0.0.1.4C)
Bonjour (Version: 2.0.3.0)
CapsLKNotify (Version: 0.1.0.5)
Client Windows Rights Management avec Service Pack 2 (Version: 5.2.95)
Correctif pour Windows XP (KB2158563) (Version: 1)
Correctif pour Windows XP (KB2443685) (Version: 1)
Correctif pour Windows XP (KB952287) (Version: 1)
Correctif pour Windows XP (KB953955) (Version: 1)
Correctif pour Windows XP (KB954434) (Version: 1)
Correctif pour Windows XP (KB959252) (Version: 1)
Correctif pour Windows XP (KB961118) (Version: 1)
Correctif pour Windows XP (KB968764) (Version: 1)
Correctif pour Windows XP (KB969084) (Version: 3)
Correctif pour Windows XP (KB979306) (Version: 1)
Correctif pour Windows XP (KB981793) (Version: 1)
Dell Support Center (Logiciel de support) (Version: 2.2.09085)
Dell System Restore (Version: 2.00.0000)
Dell Touchpad (Version: 15.0.7.0)
Dell Webcam Central (Version: 1.03.04)
EMSC (Version: 0.0.0.20C)
FlipShare (Version: 5.0.5.52727)
Function Keys (Version: 0.1.0.7)
Galerie de photos Windows Live (Version: 14.0.8081.709)
Installation Windows Live (Version: 14.0.8089.0726)
Installation Windows Live (Version: 14.0.8089.726)
Intel® Graphics Media Accelerator Driver (Version: 0.0.0.0000)
iTunes (Version: 10.0.1.22)
Jauge de batterie (Version: 0.0.1.4C)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 14.0.8089.726)
Live! Cam Avatar Creator (Version: 4.6.2919.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack SP1 - fra (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (French) (Version: 12.0.4518.1014)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 9.7.0621)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB2378111)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB952069)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB954155)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB968816)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB973540)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB975558)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB978695)
Mise ‡ jour de sÈcuritÈ pour Lecteur Windows Media (KB979402)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB2183461) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB2360131) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB2416400) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB2482017) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB2497640) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB2510531) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB976325) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB981332) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows Internet Explorer 8 (KB982381) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2079403) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2115168) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2121546) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2160329) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2229593) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2259922) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2279986) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2286198) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2296011) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2296199) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2347290) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2360937) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2387149) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2393802) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2412687) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2419632) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2423089) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2436673) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2440591) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2443105) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2476687) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2478960) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2478971) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2479628) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2479943) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2483185) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2483614) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2485376) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2485663) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2491683) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2503658) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2506212) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2506223) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2507618) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2508272) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2508429) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2509553) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2511455) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB2524375) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB923561) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB938464-v2) (Version: 2)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB941569)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB946648) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB950762) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB950974) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951066) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951376-v2) (Version: 2)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB951748) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB952004) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB952954) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB954459) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB954600) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB955069) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956572) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956744) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956802) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956803) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB956844) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB957097) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958644) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958687) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958690) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB958869) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB959426) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960225) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960803) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB960859) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB961371-v2) (Version: 2)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB961373) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB961501) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB963027) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB968537) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB969059) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB969897) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB969898) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB969947) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB970238) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB970430) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971468) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971557) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971633) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971657) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB971961) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB972260) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB972270) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973346) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973354) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973507) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973869) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB973904) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB974112) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB974318) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB974392) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB974571) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB975025) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB975467) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB975560) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB975561) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB975562) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB975713) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB977165) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB977816) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB977914) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978037) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978251) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978262) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978338) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978542) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978601) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB978706) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB979309) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB979482) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB979559) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB979683) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB979687) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB980195) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB980218) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB980232) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB980436) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB981322) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB981852) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB981957) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB981997) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB982132) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB982214) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB982665) (Version: 1)
Mise ‡ jour de sÈcuritÈ pour Windows XP (KB982802) (Version: 1)
Mise ‡ jour pour Windows Internet Explorer 8 (KB976662) (Version: 1)
Mise ‡ jour pour Windows Internet Explorer 8 (KB978506) (Version: 1)
Mise ‡ jour pour Windows XP (KB2141007) (Version: 1)
Mise ‡ jour pour Windows XP (KB2345886) (Version: 1)
Mise ‡ jour pour Windows XP (KB2467659) (Version: 1)
Mise ‡ jour pour Windows XP (KB898461) (Version: 1)
Mise ‡ jour pour Windows XP (KB951618-v2) (Version: 2)
Mise ‡ jour pour Windows XP (KB951978) (Version: 1)
Mise ‡ jour pour Windows XP (KB955759) (Version: 1)
Mise ‡ jour pour Windows XP (KB961503) (Version: 1)
Mise ‡ jour pour Windows XP (KB967715) (Version: 1)
Mise ‡ jour pour Windows XP (KB968389) (Version: 1)
Mise ‡ jour pour Windows XP (KB971029) (Version: 1)
Mise ‡ jour pour Windows XP (KB971737) (Version: 1)
Mise ‡ jour pour Windows XP (KB973687) (Version: 1)
Mise ‡ jour pour Windows XP (KB973815) (Version: 1)
MobileMe Control Panel (Version: 3.1.4.0)
Module de compatibilitÈ pour Microsoft Office System 2007 (Version: 12.0.4518.1014)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra
Mozilla Firefox (3.6.18) (Version: 3.6.18 (fr))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
Outil de tÈlÈchargement Windows Live (Version: 14.0.8014.1029)
QuickTime (Version: 7.69.80.9)
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0 (Version: 1.0.0)
Safari (Version: 5.33.19.4)
Segoe UI (Version: 14.0.4327.805)
Skype Toolbars (Version: 5.0.4126)
Skypeô 5.0 (Version: 5.0.152)
SP2 de compatibilitÈ descendante du client Windows Rights Management (Version: 5.2.95)
syncables desktop (Version: 5.5.525.8403)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live FolderShare (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Management Framework Core
Windows Media Format Runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
WSED (Version: 0.1.0.15)
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 1013.27 MB
Available physical RAM: 401.57 MB
Total Pagefile: 2439.86 MB
Available Pagefile: 1868 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.57 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:139.24 GB) (Free:109.54 GB) NTFS
2 Drive d: (KINGSTON) (Removable) (Total:7.45 GB) (Free:3.54 GB) FAT32

========================= Users: ========================================

comptes d'utilisateurs de \\MIMOSA

Administrateur HelpAssistant InvitÇ
Laurence SUPPORT_388945a0
La commande s'est terminÇe correctement.


**** End of log ****



MBAM Results:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7660

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2011-09-05 20:02:12
mbam-log-2011-09-05 (20-02-12).txt

Scan type: Quick scan
Objects scanned: 190989
Time elapsed: 12 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 25

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6655B5B-3926-4251-B191-E4F632438879} (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6655B5B-3926-4251-B191-E4F632438879} (Trojan.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XMZH42I4GI (Trojan.FraudPack.Gen) -> Value: XMZH42I4GI -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleanddm (Trojan.Qhost.CD) -> Value: cleanddm -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Laurence\Local Settings\Application Data\mgt.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Laurence\Local Settings\Application Data\mgt.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Laurence\Local Settings\Application Data\mgt.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antimalware doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\Temp\Ork.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\Orn.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ddio\setup.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nsikls\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\application data\jbcltqh.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\local settings\application data\tuahz.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\Sun\mnj.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\Sun\mxd1.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\Sun\uuoo.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\menu dÈmarrer\programmes\security shield.lnk (Rogue.SecurityShield) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\microsoft\internet explorer\quick launch\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\antimalware doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antimalware doctor\antimalware doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antimalware doctor\uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\antivirus antispyware 2011\antivirus antispyware .exe (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\antivirus antispyware 2011\icoactivate.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\antivirus antispyware 2011\IcoHelp.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\application data\antivirus antispyware 2011\icouninstall.ico (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antivirus antispyware 2011\activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antivirus antispyware 2011\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antivirus antispyware 2011\help antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\Laurence\menu dÈmarrer\programmes\antivirus antispyware 2011\how to activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.



And finally the Gmer log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-05 23:10:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD16 rev.01.0
Running: ib7gdvm5.exe; Driver: C:\DOCUME~1\Laurence\LOCALS~1\Temp\fwtdypog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00AB000A
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00EA000A
.text C:\WINDOWS\system32\svchost.exe[872] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00AA000C
.text C:\WINDOWS\Explorer.EXE[1328] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[1328] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1328] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00C1000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Thanks again!!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 05 September 2011 - 10:47 PM

We have quite a few issues there.

Let's start with a rootkit.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 06 September 2011 - 05:25 PM

2011/09/06 18:13:38.0828 2568 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56
2011/09/06 18:13:39.0109 2568 ================================================================================
2011/09/06 18:13:39.0109 2568 SystemInfo:
2011/09/06 18:13:39.0109 2568
2011/09/06 18:13:39.0109 2568 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/06 18:13:39.0109 2568 Product type: Workstation
2011/09/06 18:13:39.0109 2568 ComputerName: MIMOSA
2011/09/06 18:13:39.0109 2568 UserName: Laurence
2011/09/06 18:13:39.0109 2568 Windows directory: C:\WINDOWS
2011/09/06 18:13:39.0109 2568 System windows directory: C:\WINDOWS
2011/09/06 18:13:39.0109 2568 Processor architecture: Intel x86
2011/09/06 18:13:39.0109 2568 Number of processors: 2
2011/09/06 18:13:39.0109 2568 Page size: 0x1000
2011/09/06 18:13:39.0109 2568 Boot type: Normal boot
2011/09/06 18:13:39.0109 2568 ================================================================================
2011/09/06 18:13:39.0703 2568 Initialize success
2011/09/06 18:13:44.0250 2312 ================================================================================
2011/09/06 18:13:44.0250 2312 Scan started
2011/09/06 18:13:44.0250 2312 Mode: Manual;
2011/09/06 18:13:44.0250 2312 ================================================================================
2011/09/06 18:13:45.0656 2312 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/06 18:13:45.0828 2312 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/06 18:13:46.0156 2312 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/06 18:13:46.0296 2312 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/06 18:13:46.0421 2312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/06 18:13:46.0515 2312 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/09/06 18:13:46.0640 2312 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/06 18:13:46.0703 2312 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/06 18:13:46.0828 2312 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/06 18:13:46.0921 2312 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/06 18:13:46.0968 2312 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/06 18:13:47.0093 2312 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/06 18:13:47.0125 2312 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/06 18:13:47.0234 2312 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/06 18:13:47.0578 2312 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/06 18:13:47.0609 2312 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/06 18:13:47.0765 2312 AR5416 (bedbe05a8d40afdb7a3410a1e9d3bfa9) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/09/06 18:13:47.0859 2312 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/06 18:13:47.0921 2312 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/06 18:13:47.0968 2312 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/06 18:13:48.0062 2312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/06 18:13:48.0109 2312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/06 18:13:48.0171 2312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/06 18:13:48.0218 2312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/06 18:13:48.0359 2312 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/09/06 18:13:48.0437 2312 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/09/06 18:13:48.0500 2312 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/09/06 18:13:48.0593 2312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/06 18:13:48.0656 2312 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/06 18:13:48.0687 2312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/06 18:13:48.0765 2312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/06 18:13:48.0796 2312 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/06 18:13:48.0859 2312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/06 18:13:48.0906 2312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/06 18:13:48.0953 2312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/06 18:13:49.0078 2312 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/06 18:13:49.0140 2312 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/06 18:13:49.0187 2312 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/06 18:13:49.0265 2312 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/06 18:13:49.0375 2312 CtClsFlt (b27d15c551a6678137c6b751b160756d) C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys
2011/09/06 18:13:49.0500 2312 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/06 18:13:49.0546 2312 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/06 18:13:49.0609 2312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/06 18:13:49.0937 2312 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/06 18:13:50.0343 2312 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/06 18:13:50.0437 2312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/06 18:13:50.0515 2312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/06 18:13:50.0578 2312 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/06 18:13:50.0687 2312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/06 18:13:50.0765 2312 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
2011/09/06 18:13:50.0984 2312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/06 18:13:51.0359 2312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/06 18:13:51.0500 2312 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/06 18:13:51.0546 2312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/06 18:13:51.0625 2312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/06 18:13:51.0703 2312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/06 18:13:51.0734 2312 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/06 18:13:51.0796 2312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/06 18:13:51.0859 2312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/06 18:13:51.0906 2312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/06 18:13:51.0953 2312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/06 18:13:52.0015 2312 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/06 18:13:52.0093 2312 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/06 18:13:52.0156 2312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/06 18:13:52.0203 2312 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/06 18:13:52.0250 2312 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/06 18:13:52.0312 2312 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/06 18:13:52.0656 2312 ialm (970cbce15d48ed19ca760e46a2538ec1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/06 18:13:53.0046 2312 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys
2011/09/06 18:13:53.0156 2312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/06 18:13:53.0218 2312 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/06 18:13:53.0562 2312 IntcAzAudAddService (740c8ad85974193cf41e92289312a2f5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/06 18:13:54.0000 2312 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/06 18:13:54.0046 2312 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/06 18:13:54.0125 2312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/06 18:13:54.0187 2312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/06 18:13:54.0234 2312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/06 18:13:54.0281 2312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/06 18:13:54.0375 2312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/06 18:13:54.0406 2312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/06 18:13:54.0500 2312 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/06 18:13:54.0562 2312 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/06 18:13:54.0609 2312 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/06 18:13:54.0687 2312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/06 18:13:54.0718 2312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/06 18:13:54.0843 2312 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/06 18:13:54.0906 2312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/06 18:13:54.0984 2312 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/06 18:13:55.0078 2312 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/06 18:13:55.0328 2312 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/06 18:13:55.0406 2312 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/06 18:13:55.0484 2312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/06 18:13:55.0546 2312 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/06 18:13:55.0578 2312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/06 18:13:55.0687 2312 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/06 18:13:55.0828 2312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/06 18:13:55.0906 2312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/06 18:13:56.0000 2312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/06 18:13:56.0031 2312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/06 18:13:56.0078 2312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/06 18:13:56.0109 2312 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/06 18:13:56.0140 2312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/06 18:13:56.0218 2312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/06 18:13:56.0296 2312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/06 18:13:56.0359 2312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/06 18:13:56.0421 2312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/06 18:13:56.0484 2312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/06 18:13:56.0515 2312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/06 18:13:56.0593 2312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/06 18:13:56.0671 2312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/06 18:13:56.0718 2312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/06 18:13:56.0828 2312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/06 18:13:56.0890 2312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/06 18:13:56.0984 2312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/06 18:13:57.0031 2312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/06 18:13:57.0093 2312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/06 18:13:57.0171 2312 OAO17Afx (0f538df1673e5216f3baacb6911d9d0f) C:\WINDOWS\system32\DRIVERS\OAO17Afx.sys
2011/09/06 18:13:57.0250 2312 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/06 18:13:57.0312 2312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/06 18:13:57.0359 2312 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/06 18:13:57.0390 2312 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/06 18:13:57.0468 2312 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/06 18:13:57.0531 2312 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/06 18:13:57.0718 2312 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/06 18:13:57.0765 2312 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/06 18:13:57.0843 2312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/06 18:13:57.0890 2312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/06 18:13:57.0937 2312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/06 18:13:57.0968 2312 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/06 18:13:58.0015 2312 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/06 18:13:58.0062 2312 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/06 18:13:58.0093 2312 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/06 18:13:58.0140 2312 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/06 18:13:58.0203 2312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/06 18:13:58.0250 2312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/06 18:13:58.0328 2312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/06 18:13:58.0375 2312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/06 18:13:58.0421 2312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/06 18:13:58.0500 2312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/06 18:13:58.0562 2312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/06 18:13:58.0640 2312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/06 18:13:58.0718 2312 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/06 18:13:58.0828 2312 RSUSBSTOR (83f7a29b659771e60cd71999ef57aa0c) C:\WINDOWS\system32\Drivers\RtsUStor.sys
2011/09/06 18:13:58.0921 2312 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/06 18:13:59.0031 2312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/06 18:13:59.0109 2312 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/06 18:13:59.0203 2312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/06 18:13:59.0312 2312 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/06 18:13:59.0421 2312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/06 18:13:59.0546 2312 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/06 18:13:59.0625 2312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/06 18:13:59.0703 2312 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/06 18:13:59.0796 2312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/06 18:13:59.0906 2312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/09/06 18:13:59.0984 2312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/06 18:14:00.0046 2312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/06 18:14:00.0125 2312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/06 18:14:00.0171 2312 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/06 18:14:00.0218 2312 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/06 18:14:00.0250 2312 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/06 18:14:00.0312 2312 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/06 18:14:00.0390 2312 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/06 18:14:00.0562 2312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/06 18:14:00.0671 2312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/06 18:14:00.0765 2312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/06 18:14:00.0796 2312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/06 18:14:00.0859 2312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/06 18:14:00.0953 2312 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/06 18:14:01.0046 2312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/06 18:14:01.0125 2312 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/06 18:14:01.0203 2312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/06 18:14:01.0343 2312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/06 18:14:01.0437 2312 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/06 18:14:01.0515 2312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/06 18:14:01.0593 2312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/06 18:14:01.0687 2312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/06 18:14:01.0765 2312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/06 18:14:01.0843 2312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/06 18:14:01.0906 2312 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/06 18:14:02.0015 2312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/06 18:14:02.0109 2312 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/06 18:14:02.0156 2312 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/06 18:14:02.0234 2312 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/06 18:14:02.0343 2312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/06 18:14:02.0437 2312 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/09/06 18:14:02.0671 2312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/06 18:14:02.0843 2312 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/06 18:14:02.0906 2312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/09/06 18:14:03.0000 2312 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/06 18:14:03.0078 2312 MBR (0x1B8) (e25e39353bb88de7a3045eca679ba177) \Device\Harddisk0\DR0
2011/09/06 18:14:03.0078 2312 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/06 18:14:03.0093 2312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
2011/09/06 18:14:05.0109 2312 Boot (0x1200) (38f150baa78882df042454942114560c) \Device\Harddisk0\DR0\Partition0
2011/09/06 18:14:05.0125 2312 Boot (0x1200) (0ce32d3bcef9d22d3ccecfd74b74c16f) \Device\Harddisk1\DR4\Partition0
2011/09/06 18:14:05.0140 2312 ================================================================================
2011/09/06 18:14:05.0140 2312 Scan finished
2011/09/06 18:14:05.0140 2312 ================================================================================
2011/09/06 18:14:05.0171 1800 Detected object count: 1
2011/09/06 18:14:05.0171 1800 Actual detected object count: 1
2011/09/06 18:14:37.0156 1800 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/06 18:14:37.0156 1800 \Device\Harddisk0\DR0 - ok
2011/09/06 18:14:37.0156 1800 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/06 18:14:52.0765 1336 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 06 September 2011 - 06:53 PM

Good :)

Let's double check...

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 06 September 2011 - 07:48 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF551D000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6303744 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA1A5000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 6139904 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF2E9000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xBF059000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Noyau et système NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1867776 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1867776 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0xF5339000 C:\WINDOWS\system32\DRIVERS\athw.sys 1593344 bytes (Atheros Communications, Inc., Driver for Atheros Wireless Network Adapter)
0x9ADBA000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 892928 bytes
0xF73B8000 iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xF72E2000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5B20000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA52CE000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5232000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA53DB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9AAB3000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF692000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9A3AA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF52DB000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 237568 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 217088 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xF74C2000 ACPI.sys 192512 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x9AD50000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72B5000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x99E56000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA533E000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF54E1000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA538B000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA159000 C:\WINDOWS\system32\DRIVERS\OAO17Afx.sys 163840 bytes (Creative Technology Ltd., Advanced Audio FX Driver)
0x99E98000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 159744 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xA3663000 C:\WINDOWS\system32\DRIVERS\CtClsFlt.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x9AE94000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA181000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5315000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5290000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA5369000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134528 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134528 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7398000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7492000 ftdisk.sys 126976 bytes (Microsoft Corporation, Pilote de disque à FT)
0xA3687000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xF729B000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x99E81000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 94208 bytes (Avira GmbH, Avira Minifilter Driver)
0xF736F000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF52C4000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9ACEB000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5509000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA5434000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7386000 sr.sys 73728 bytes (Microsoft Corporation, Pilote de filtre de système de fichiers pour la restauration du système)
0xF74B1000 pci.sys 69632 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0xF52B3000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77D2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA3CD4000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77C2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7692000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Pilote de port i8042)
0xF7612000 VolSnap.sys 57344 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0xF7682000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF7632000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76A2000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76C2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA995F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Pilote de cryptographie FIPS)
0xF7602000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76B2000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7672000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Pilote de périphérique processeur)
0xF75F2000 isapnp.sys 40960 bytes (Microsoft Corporation, Pilote de bus PNP ISA)
0xF5BF1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76E2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x99ECF000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7622000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76D2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA998F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xAA06A000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF41BC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA96B8000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF790A000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF41D4000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7912000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0x9B9BC000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF791A000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xF41B4000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF7902000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF41CC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF41C4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7872000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF792A000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7932000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7922000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9B9C4000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A0A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF6C3B000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7AC2000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF3ECC000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A0E000 ACPIEC.sys 12288 bytes (Microsoft Corporation, Pilote de contrôleur intégré ACPI)
0xF7A02000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A06000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x9CF09000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6C3F000 C:\WINDOWS\system32\DRIVERS\EMSC.SYS 12288 bytes (Windows ® Codename Longhorn DDK provider, Embedded System Control)
0xAA151000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF6C37000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAA149000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAA135000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B8C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B8A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7AF2000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B8E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B90000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B38000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B36000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AF4000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C00000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C83000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA9857000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BBA000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 06 September 2011 - 07:51 PM

How is computer doing ?

Now we need to take care of your "hosts" file.

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.

Then....

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

...and....

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 25 September 2011 - 06:02 PM

Hi Sorry for the delay, I was on vacation without acess to my computer.
I have used it for a day and it's already faster and no virus pops up. Some website still redirect to a wrong adress...
Here it he information:
Systemlook:
SystemLook 30.07.11 by jpshortstuff
Log created at 19:00 on 07/09/2011 by Laurence
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.old -rah--- 916 bytes [23:37 23/06/2011] [20:51 23/06/2011]
lmhosts.sam --a---- 4251 bytes [17:50 29/04/2008] [12:00 14/04/2008]
networks --a---- 457 bytes [17:50 29/04/2008] [12:00 14/04/2008]
protocol --a---- 904 bytes [17:50 29/04/2008] [12:00 14/04/2008]
services --a---- 7445 bytes [17:50 29/04/2008] [12:00 14/04/2008]

---Folders---
None found.

-= EOF =-



Scan log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/25/2011 at 06:56 PM

Application Version : 5.0.1118

Core Rules Database Version : 7656
Trace Rules Database Version: 5468

Scan type : Quick Scan
Total Scan Time : 00:12:45

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 308
Memory threats detected : 0
Registry items scanned : 31660
Registry threats detected : 3
File items scanned : 18276
File threats detected : 1

Malware.Trace
HKU\.DEFAULT\Software\NtWqIVLZEWZU
HKU\S-1-5-18\Software\NtWqIVLZEWZU

Rogue.AntiMalwareDoctor
C:\Documents and Settings\Laurence\Application Data\4B074B03A29F42C0762992A49446685F

System.BrokenFileAssociation
HKCR\.exe

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:24 AM

Posted 25 September 2011 - 06:09 PM

We need to rebuild your "hosts" file.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. Make sure the file is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image


Post new System Look log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 l_aurence

l_aurence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 27 September 2011 - 07:03 PM

Hi!
Here it is!
SystemLook 30.07.11 by jpshortstuff
Log created at 20:03 on 27/09/2011 by Laurence
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 711 bytes [23:39 27/09/2011] [23:39 27/09/2011]
hosts.old -rah--- 916 bytes [23:37 23/06/2011] [20:51 23/06/2011]
lmhosts.sam --a---- 4251 bytes [17:50 29/04/2008] [12:00 14/04/2008]
networks --a---- 457 bytes [17:50 29/04/2008] [12:00 14/04/2008]
protocol --a---- 904 bytes [17:50 29/04/2008] [12:00 14/04/2008]
services --a---- 7445 bytes [17:50 29/04/2008] [12:00 14/04/2008]

---Folders---
None found.

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users