Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_SPNR.0CL111


  • This topic is locked This topic is locked
21 replies to this topic

#1 nandorenator

nandorenator

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 25 January 2012 - 11:02 AM

Hello,

I had some trojan problem and ran combofix.

Everything seemed back OK so I deleted the combofix related files (including the report ;)), but it seems it wasn't completely cleaned. And since I ran combofix, I keep having my search results (Google) redirected to other sites.

Since then I've run SDFix in safe mode, then malwarebytes (which came with a clean report), but the problem didn't seem to get any better.

So I ran GMER to see if it found something. While running GMER, I got a blue screen about some problem related to iaStor.sys. When I restarted the PC, the error report said:
BCCode : 100000d1 BCP1 : 00650049 BCP2 : 00000002 BCP3 : 00000000
BCP4 : B9E9AC69 OSVer : 5_1_2600 SP : 3_0 Product : 256_1
GMER didn't seem to have found anything wrong till the crash, but as it crashed I don't have any report yet.
Here is my Hijack report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:37:49, on 25/01/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\sygate\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TsService.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\PrintKey2000.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\EasyPHP1-8\EasyPHP.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\TEMP\RZB3CD.EXE
C:\Program Files\EASYPH~2\MySql\bin\mysqld.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\EASYPH~2\Apache\apache.exe
C:\Program Files\EASYPH~2\Apache\apache.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla\firefox.exe
C:\Program Files\Mozilla\plugin-container.exe
C:\Program Files\hijackthis\HijackThis.exe


O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PrintKey2000] C:\WINDOWS\PrintKey2000.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EasyPHP] "C:\Program Files\EasyPHP1-8\EasyPHP.exe"
O4 - HKLM\..\Run: [SmcService] C:\Program Files\sygate\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {29BC57E0-018D-46D2-B233-338B779C169C} (WebShell Control) - http://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223913321641
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://www.ocsinventory-ng.org - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\sygate\smc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: TsService - Teruten Inc. - C:\WINDOWS\system32\TsService.exe

--
End of file - 8396 bytes



Could anyone please advise me on what I should do now ? ...

Edited by nandorenator, 25 January 2012 - 12:05 PM.


BC AdBot (Login to Remove)

 


#2 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 27 January 2012 - 04:16 AM

Hi,
seems the blue screen wasn't related.
Here's the GMER log.

Could anyone help me, please?

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-27 09:50:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST380815 rev.4.AD
Running: rb7isvcz.exe; Driver: C:\DOCUME~1\NANDOR\LOCALS~1\Temp\axtdypod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xA5A3CB30]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xA5A3C6F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xA5A3C470]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xA5A3CC50]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xA5A3C990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xA5A3C8D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xA5A3CD60]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA1D36A00]
.text tcpip.sys!IPTransmit + 10FC A1C55D3A 6 Bytes CALL B9CFCE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 A1C57690 6 Bytes CALL B9CFCE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 A1C6D454 6 Bytes CALL B9CFCE50 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys A5A4F3FD 7 Bytes CALL B9CFCFA0 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla\plugin-container.exe[1860] USER32.dll!SetWindowLongA 7E3AC29D 5 Bytes JMP 106C3A89 C:\Program Files\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla\plugin-container.exe[1860] USER32.dll!SetWindowLongW 7E3AC2BB 5 Bytes JMP 106C3A1B C:\Program Files\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla\plugin-container.exe[1860] USER32.dll!GetWindowInfo 7E3AC49C 5 Bytes JMP 1046C909 C:\Program Files\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla\plugin-container.exe[1860] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla\plugin-container.exe[2936] USER32.dll!TrackPopupMenu 7E3E531E 5 Bytes JMP 1046CEBD C:\Program Files\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla\firefox.exe[3328] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0194B750 C:\Program Files\Mozilla\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla\firefox.exe[3328] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 0092C0A2
.text C:\Program Files\Mozilla\firefox.exe[3328] USER32.dll!DrawTextExW 7E3AB415 5 Bytes JMP 0092D1AF
.text C:\Program Files\Mozilla\firefox.exe[3328] USER32.dll!DrawTextW 7E3AD7E2 5 Bytes JMP 0092CFED
.text C:\Program Files\Mozilla\firefox.exe[3328] USER32.dll!SetClipboardData 7E3B0F9E 5 Bytes JMP 0092CC63
.text C:\Program Files\Mozilla\firefox.exe[3328] USER32.dll!DrawTextA 7E3BC702 5 Bytes JMP 0092CF12
.text C:\Program Files\Mozilla\firefox.exe[3328] USER32.dll!DrawTextExA 7E3BC739 5 Bytes JMP 0092D0C8
.text C:\Program Files\Mozilla\firefox.exe[3328] GDI32.dll!TextOutW 77EF7EAC 5 Bytes JMP 0092CE46
.text C:\Program Files\Mozilla\firefox.exe[3328] GDI32.dll!ExtTextOutW 77EF8086 5 Bytes JMP 0092D37A
.text C:\Program Files\Mozilla\firefox.exe[3328] GDI32.dll!TextOutA 77EFBA4F 5 Bytes JMP 0092CD7A
.text C:\Program Files\Mozilla\firefox.exe[3328] GDI32.dll!ExtTextOutA 77EFD3FA 5 Bytes JMP 0092D296
.text C:\Program Files\Mozilla\firefox.exe[3328] GDI32.dll!GetGlyphIndicesA 77F1DFE3 5 Bytes JMP 0092D73A
.text C:\Program Files\Mozilla\firefox.exe[3328] GDI32.dll!GetGlyphIndicesW 77F32604 5 Bytes JMP 0092D807
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!getaddrinfo 719F2A6F 5 Bytes JMP 0092BBFA
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!closesocket 719F3E2B 5 Bytes JMP 0092CBBC
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!send 719F4C27 5 Bytes JMP 0092C731
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!WSARecv 719F4CB5 5 Bytes JMP 0092C958
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!gethostbyname 719F5355 5 Bytes JMP 0092BB39
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!recv 719F676F 5 Bytes JMP 0092C7D6
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!WSASend 719F68FA 5 Bytes JMP 0092C884
.text C:\Program Files\Mozilla\firefox.exe[3328] WS2_32.dll!WSAAsyncGetHostByName 719FE99D 5 Bytes JMP 0092BFC3
.text C:\Program Files\Mozilla\firefox.exe[3328] WININET.dll!InternetCrackUrlW 404A40C0 5 Bytes JMP 0092DC16
.text C:\Program Files\Mozilla\firefox.exe[3328] WININET.dll!InternetCrackUrlA 404C4938 5 Bytes JMP 0092DACD

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CFDB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CFDB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CFDB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9CFDB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CFDB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9CFD8E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9CFDB10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9CFDC70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9CFDBD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \FileSystem\Fastfat \Fat 9B164D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Macromedia\Dreamweaver 8\Configuration\Behaviors\Events\4.0 et ultÃ\x2026Â\xbdrieurs.htm 1

---- EOF - GMER 1.0.15 ----

#3 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 27 January 2012 - 11:32 AM

Hello again...

- Catchme comes clean :

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-27 14:50:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts]
"$ÿ&ÿs^\20b\x00b40\x00b70Ã0\x00af0SOW?3? ?&? ?$ÿ&ÿ0ÿs^\20b\x00b40\x00b70Ã0\x00af0SOW?3? ?(?T?r?u?e?T?y?p?e?)?"="DFHSGW3.TTC"
"ðlwiL? ?(?T?r?u?e?T?y?p?e?)?"="æÎ\xd7\xa6L.TTF"
"ðlL\x2c6L? ?(?T?r?u?e?T?y?p?e?)?"="æÎìsL.TTF"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0



- MBR comes clean too :

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380815 rev.4.AD -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Please, could anyone help me? I keep having my search results redirected... Quite annoying... ;)

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 AM

Posted 29 January 2012 - 02:56 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 30 January 2012 - 05:17 AM

Hi, Gringo,

Thank you so much for helping me !

Here are my reports :


/******************************************/
/********** defogger_disable.log **********/
/******************************************/

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:08 on 30/01/2012 (nandor)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


/*****************************/
/********** dds.txt **********/
/*****************************/

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by nandor at 10:08:27 on 2012-01-30
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2005.1380 [GMT 1:00]
.
AV: Trend Micro OfficeScan Client *Enabled/Updated* {4C5B0CD4-189A-4F19-86F6-EF9A9EF694ED}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\sygate\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TsService.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\OD8831.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\PrintKey2000.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\EasyPHP1-8\EasyPHP.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\mt\MT_PRG~3\EASYPH~2\Apache\apache.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\mt\MT_PRG~3\EASYPH~2\MySql\bin\mysqld.exe
C:\mt\MT_PRG~3\EASYPH~2\Apache\apache.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cmc.fr/telephones
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No File
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [PrintKey2000] c:\windows\PrintKey2000.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EasyPHP] "c:\Program Files\easyphp1-8\EasyPHP.exe"
mRun: [SmcService] c:\mt\mt_prg~3\sygate\smc.exe -startgui
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\Program Files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\nandor\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\nandor\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Free YouTube Download - c:\documents and settings\nandor\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\nandor\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Sothink SWF Catcher - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {29BC57E0-018D-46D2-B233-338B779C169C} - hxxp://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223913321641
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.199.203.5 10.199.202.2
TCP: Interfaces\{81837CBE-B108-4B4B-ABB4-3F763502F02E} : DhcpNameServer = 10.199.203.5 10.199.202.2
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nandor\application data\mozilla\firefox\profiles\zahmmcml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://127.0.0.1/toto/date.php|http://www.google.fr/|http://fr.yahoo.com/?p=us|http://www.yahoo.co.jp/index.html|http://laposte.net/|http://mail.alta6.net/|http://elmundo.es/|http://aptc.supermercadoelcorteingles.es/elmundo/recetas|http://www.elmundo.es/elmundo/opinion.html|http://elmundo.orbyt.es|http://www.veo.es/|http://www.amazon.co.jp|file:///C:/Documents%20and%20Settings/nandor/Bureau/toto.html|http://www.eonet.ne.jp/~building-pc/oosaka/oo-174kontena-c.htm|http://www.or-change-numismatique.com/devises-courantes.php|http://www.thepja.co.uk/champ_flat.aspx|http://www.hr/hrvatska/language/pozdrav.en.htm|http://browse.guardian.co.uk/search?search=kieren+fallon&sitesearch-radio=guardian&go-guardian=Search|http://www.travelzoo.com/jp/|http://www.travelzoo.com/fr/|http://www.travelzoo.com/de/|http://www.travelzoo.com/es/|http://www.travelzoo.com/de/hotels/|http://www.travelzoo.com/es/ofertas-locales/Otros-paises/ofertas|http://www.mitsukoshi.co.jp/store/world.html|http://www.mitsukoshi.co.jp/store/eclip/roma.html|http://www.mitsukoshi.co.jp/store/eclip/london.html|http://boardingarea.com/blogs/loyaltytraveler/|http://www.priorityclubinsider.com/all-current-points-offers/|http://www.fr.jal.com/er/ja/jalmile/camp_info/#campaign|http://www.starbucks.co.jp/products/|http://www.facebook.com/pages/InterContinental-Moscow-Tverskaya/60503256719?sk=photos#!/pages/InterContinental-Moscow-Tverskaya/60503256719?sk=wall&filter=2|http://www.grandfront-osaka.jp/facility/dwelling.html|http://twitter.com/#!/pedroj_ramirez|http://ihg.jobs.net/search/?keyword=&tn_did=CB000000000000000018&mxdl42=1%2c2%2c0&ihg_jobfield=-1&location=&ihg_location=208360120548|http://ihg.jobs.net/search/?ihg_jobfield=-1&ihg_location=206160120548&keyword=&pageid=430|http://ihg.jobs.net/search/?keyword=&tn_did=CB000000000000000018&mxdl42=1%2c2%2c0&ihg_jobfield=-1&location=&ihg_location=208660120548|http://www.motogp.com/|http://www.espagnolfacile.com/guide/index.php?niv=1|http://www.allocine.fr/film/fichefilm_gen_cfilm=192865.html|http://www.zeit.de|http://www.gfo525.com/|http://www.amazon.co.jp/s/ref=nb_sb_noss?__mk_ja_JP=%E3%82%AB%E3%82%BF%E3%82%AB%E3%83%8A&url=search-alias%3Daps&field-keywords=%E5%B5%90%E3%80%80beautiful+world+dvd&rh=i%3Aaps%2Ck%3A%E5%B5%90%E3%80%80beautiful+world+dvd&ajr=0
FF - plugin: c:\documents and settings\nandor\application data\mozilla\firefox\profiles\zahmmcml.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_183.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\Program Files\malwarebytes' anti-malware\mbamservice.exe [2012-1-25 652872]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\ocs inventory agent\OcsService.exe [2009-4-16 69632]
R2 OfcPfwSvc;OfficeScanNT Personal Firewall;c:\program files\trend micro\officescan client\OfcPfwSvc.exe [2006-4-3 233552]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2005-11-9 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-11-9 36432]
R2 TsService;TsService;c:\windows\system32\TsService.exe [2009-6-25 167936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-25 20464]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-1-23 253600]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2012-01-27 15:37:51 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-27 14:06:25 -------- d-----w- C:\sh4ldr
2012-01-27 14:06:25 -------- d-----w- c:\program files\Enigma Software Group
2012-01-26 08:58:09 -------- d-----w- c:\documents and settings\nandor\local settings\application data\Sun
2012-01-25 08:58:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 17:09:13 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-01-24 17:07:50 -------- d-----w- c:\windows\ERUNT
2012-01-24 17:05:45 -------- d-----w- C:\SDFix
2012-01-23 14:23:24 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-23 14:21:48 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-23 08:53:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2012-01-23 08:53:31 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-23 08:53:26 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-01-20 14:13:53 -------- d-----w- c:\documents and settings\nandor\application data\Malwarebytes
2012-01-20 14:13:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-19 10:04:37 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-19 10:01:29 -------- d-sha-r- C:\cmdcons
2012-01-19 10:00:30 98816 ----a-w- c:\windows\sed.exe
2012-01-19 10:00:30 518144 ----a-w- c:\windows\SWREG.exe
2012-01-19 10:00:30 256000 ----a-w- c:\windows\PEV.exe
2012-01-19 10:00:30 208896 ----a-w- c:\windows\MBR.exe
2012-01-19 09:21:34 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2012-01-19 09:21:33 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2012-01-19 09:21:33 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2012-01-19 09:21:33 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2012-01-19 09:21:32 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2012-01-19 09:21:32 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2012-01-19 09:21:31 83096 ----a-w- c:\windows\system32\SSSensor.dll
2012-01-18 16:28:29 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-01-18 16:28:03 -------- d-----w- c:\documents and settings\nandor\application data\QuickScan
2012-01-18 13:34:55 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-18 13:33:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-18 12:00:08 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-18 11:44:11 118784 --sha-r- c:\windows\system32\rdpwsx3.dll
2012-01-18 08:52:28 387072 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-18 08:52:27 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-18 08:52:27 180736 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-18 08:52:03 61952 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-16 08:42:22 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-16 08:42:08 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2012-01-23 14:23:07 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 14:23:07 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-23 14:21:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 14:43:58 26624 ----a-w- c:\windows\system32\userinit.exe
2011-11-25 21:57:09 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40:17 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12:29 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22:22 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13:29 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:33 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:33 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:16 1288192 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 10:09:10,66 ===============





/********************************/
/********** attach.txt **********/
/********************************/

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2008 10:58:54
System Uptime: 30/01/2012 09:50:19 (1 hours ago)
.
Motherboard: Dell Inc. | | 0DR845
Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz | CPU | 2392/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 14,989 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Port série PCI
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: Port série PCI
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 2700 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 2700 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1: 19/01/2012 10:00:32 - Point de vérification système
RP2: 19/01/2012 10:21:26 - Installed Sygate Personal Firewall
RP3: 19/01/2012 11:25:12 - Removed Ad-Aware
RP4: 20/01/2012 12:16:25 - Point de vérification système
RP5: 23/01/2012 10:00:13 - Software Distribution Service 3.0
RP6: 23/01/2012 15:22:59 - Installé Java™ 7 Update 2
RP7: 25/01/2012 10:38:16 - Software Distribution Service 3.0
RP8: 26/01/2012 12:28:25 - Point de vérification système
RP9: 27/01/2012 13:50:20 - Point de vérification système
RP10: 27/01/2012 15:06:24 - Installed SpyHunter
RP11: 27/01/2012 16:38:11 - Removed SpyHunter
.
==== Installed Programs ======================
.
??????????
32 Bit HP CIO Components Installer
Abdio MOV Video Converter v6.66 (Try)
Add-in ODF pour Microsoft Office
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Ant Renamer
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Archiveur WinRAR
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB2633952)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
dBpoweramp Music Converter
Dell Resource CD
DigiDelivery
Digidesign DigiDelivery
DVDVideoSoftTB Toolbar
EasyPHP 1.8
FileHippo.com Update Checker
FileZilla Client 3.5.3
Foxit Creator
Foxit Reader
Free Audio CD Burner version 1.4.7
Free Audio Converter version 2.3.4.920
Free AVI to FLV Converter 3000 ver.1.0.0
Free DVD Video Burner version 3.0.0
Free Studio version 5.0.5
Free Video Converter V 2.9
Free Video to Flash Converter version 4.7.23.324
Free Video to MP3 Converter version 4.3.815
Free YouTube Download 3 version 3.0.4.628
Free YouTube Download version 3.0.0.602
Free YouTube to DVD Converter version 2.7.24.305
Free YouTube to MP3 Converter version 3.9.35.324
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Imagen
Inkscape 0.48.1
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Interface Intel® Management Engine
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 2
K-Lite Codec Pack 4.7.0 (Full)
Lecteur Windows Media 11
Macromedia Contribute 3
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Microsoft Windows (KB2564958)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2559049)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2618444)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2160329)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476490)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2507938)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB2535512)
Mise à jour de sécurité pour Windows XP (KB2536276-v2)
Mise à jour de sécurité pour Windows XP (KB2544893-v2)
Mise à jour de sécurité pour Windows XP (KB2555917)
Mise à jour de sécurité pour Windows XP (KB2566454)
Mise à jour de sécurité pour Windows XP (KB2567680)
Mise à jour de sécurité pour Windows XP (KB2570222)
Mise à jour de sécurité pour Windows XP (KB2570947)
Mise à jour de sécurité pour Windows XP (KB2584146)
Mise à jour de sécurité pour Windows XP (KB2585542)
Mise à jour de sécurité pour Windows XP (KB2592799)
Mise à jour de sécurité pour Windows XP (KB2598479)
Mise à jour de sécurité pour Windows XP (KB2603381)
Mise à jour de sécurité pour Windows XP (KB2618451)
Mise à jour de sécurité pour Windows XP (KB2619339)
Mise à jour de sécurité pour Windows XP (KB2620712)
Mise à jour de sécurité pour Windows XP (KB2624667)
Mise à jour de sécurité pour Windows XP (KB2631813)
Mise à jour de sécurité pour Windows XP (KB2633171)
Mise à jour de sécurité pour Windows XP (KB2639417)
Mise à jour de sécurité pour Windows XP (KB2646524)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB938464-v2)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979559)
Mise à jour de sécurité pour Windows XP (KB979683)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980218)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour de sécurité pour Windows XP (KB982802)
Mise à jour pour Windows Internet Explorer 8 (KB971180)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB976749)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2641690)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Module de compatibilité pour Microsoft Office System 2007
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Monal2008
MonalLE
Mozilla Firefox 9.0.1 (x86 fr)
Mozilla Thunderbird (3.1.9)
MSVC80_x86_v2
Nucleus Kernel VBA Password Recovery Demo ver 4.02
OCS Inventory Agent 4.0.5.4
OpenOffice.org 3.3
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Palm Desktop
PasswordTools
PC Connectivity Solution
PDFCreator
QuickTime
Riva FLV Encoder 2.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Sothink SWF Decompiler
SoundMAX
ST Microelectronics TPM Driver Installer
Sygate Personal Firewall
Temp Cleaner
Trend Micro OfficeScan Client
UltraEdit 14.20
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoMach
VisiFly
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinTopo
.
==== End Of File ===========================





/**********************************/
/********** RKUnhookerLE **********/
/**********************************/

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8C16000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5779456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D9000 C:\WINDOWS\System32\igxpdx32.DLL 2621440 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Noyau et système NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1617920 bytes (Intel Corporation, Component GHAL Driver)
0x9C67E000 C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 1327104 bytes (Trend Micro Inc., VsapiNT )
0x9C7C2000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 815104 bytes
0xB9E5B000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D3E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA1964000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA1AFB000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB8A77000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA1A6F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9C4E5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA1B7F000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x9C632000 C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 311296 bytes (Trend Micro Inc., Post Filter For XP)
0xBF459000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB8BC1000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0x9C314000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8AD5000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x9C5B5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D11000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA19D4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB8B75000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA1A21000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F22000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, Pilote E/S du Gestionnaire de disques NT)
0xA1A49000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA1B5B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8B9D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8B2D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9BBD7000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA19FF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F48000 ftdisk.sys 126976 bytes (Microsoft Corporation, Pilote de disque à FT)
0xB9CF4000 Teefer.sys 118784 bytes (Sygate Technologies, Inc., Teefer Driver)
0xB9CDA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E43000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E2B000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DE2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8B16000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9DCB000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9BFE8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8B61000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Pilote de port parallèle)
0xB8C02000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1AC8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DF9000 sr.sys 73728 bytes (Microsoft Corporation, Pilote de filtre de système de fichiers pour la restauration du système)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0xB8B05000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8B50000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Pilote de périphérique série)
0x9D5F7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA5B5D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA158000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Pilote de filtre audio Livre rouge)
0xA746D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA5B6D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA168000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA5B7D000 C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xBA188000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA5599000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Pilote de cryptographie FIPS)
0xBA128000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA178000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Pilote de périphérique processeur)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, Pilote de bus PNP ISA)
0xA5B8D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9B644000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9D677000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0x9BB5F000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA198000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA55B9000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA55D9000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA55C9000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 36864 bytes (Sygate Technologies, Inc., wpsdrvnt)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xA59DE000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA59F6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0xA59C6000 C:\DOCUME~1\nandor\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xBA368000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA59EE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA59E6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9D582000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9C3D000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 16384 bytes (Microsoft Corporation, Pilote vidéo plein écran)
0x9DA3B000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0xB9199000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA568000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9F9A0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9C45000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0x9D3F9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9DEFB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9D41D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0xB9C39000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA64E8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9F136000 C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0x9EBCA000 C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0x9EBC2000 C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0x9DA37000 C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0xA2E72000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA664000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA662000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA666000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0x9CF39000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Pilote parallèle VDM)
0xBA668000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA65C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA75F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA1C89000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA285A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Pilote de bus générique PCI IDE)
==============================================
>Stealth
==============================================


Thanks again.

#6 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 30 January 2012 - 05:21 AM

Hi, Gringo,

Thank you so much for helping me !

Here are my reports :


/******************************************/
/********** defogger_disable.log **********/
/******************************************/

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:08 on 30/01/2012 (nandor)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


/*****************************/
/********** dds.txt **********/
/*****************************/

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0
Run by nandor at 10:08:27 on 2012-01-30
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2005.1380 [GMT 1:00]
.
AV: Trend Micro OfficeScan Client *Enabled/Updated* {4C5B0CD4-189A-4F19-86F6-EF9A9EF694ED}
FW: Sygate Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\sygate\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TsService.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\TEMP\OD8831.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\PrintKey2000.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\EasyPHP1-8\EasyPHP.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PRG~3\EASYPH~2\Apache\apache.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PRG~3\EASYPH~2\MySql\bin\mysqld.exe
C:\PRG~3\EASYPH~2\Apache\apache.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.cmc.fr/telephones
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {AEF44653-C059-42CB-A5B7-41C640DA4A67} - No File
TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [PrintKey2000] c:\windows\PrintKey2000.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [EasyPHP] "c:\Program Files\easyphp1-8\EasyPHP.exe"
mRun: [SmcService] c:\prg~3\sygate\smc.exe -startgui
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\Program Files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\nandor\menudm~1\progra~1\dmarra~1\adobeg~1.lnk - c:\program files\fichiers communs\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\nandor\menudm~1\progra~1\dmarra~1\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Free YouTube Download - c:\documents and settings\nandor\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\nandor\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Sothink SWF Catcher - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\fichiers communs\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {29BC57E0-018D-46D2-B233-338B779C169C} - hxxp://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223913321641
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.199.203.5 10.199.202.2
TCP: Interfaces\{81837CBE-B108-4B4B-ABB4-3F763502F02E} : DhcpNameServer = 10.199.203.5 10.199.202.2
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nandor\application data\mozilla\firefox\profiles\zahmmcml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://127.0.0.1/toto/date.php|http://www.google.fr/|http://fr.yahoo.com/?p=us|http://www.yahoo.co.jp/index.html|http://laposte.net/|http://mail.alta6.net/|http://elmundo.es/|http://aptc.supermercadoelcorteingles.es/elmundo/recetas|http://www.elmundo.es/elmundo/opinion.html|http://elmundo.orbyt.es|http://www.veo.es/|http://www.amazon.co.jp|file:///C:/Documents%20and%20Settings/nandor/Bureau/toto.html|http://www.eonet.ne.jp/~building-pc/oosaka/oo-174kontena-c.htm|http://www.or-change-numismatique.com/devises-courantes.php|http://www.thepja.co.uk/champ_flat.aspx|http://www.hr/hrvatska/language/pozdrav.en.htm|http://browse.guardian.co.uk/search?search=kieren+fallon&sitesearch-radio=guardian&go-guardian=Search|http://www.travelzoo.com/jp/|http://www.travelzoo.com/fr/|http://www.travelzoo.com/de/|http://www.travelzoo.com/es/|http://www.travelzoo.com/de/hotels/|http://www.travelzoo.com/es/ofertas-locales/Otros-paises/ofertas|http://www.mitsukoshi.co.jp/store/world.html|http://www.mitsukoshi.co.jp/store/eclip/roma.html|http://www.mitsukoshi.co.jp/store/eclip/london.html|http://boardingarea.com/blogs/loyaltytraveler/|http://www.priorityclubinsider.com/all-current-points-offers/|http://www.fr.jal.com/er/ja/jalmile/camp_info/#campaign|http://www.starbucks.co.jp/products/|http://www.facebook.com/pages/InterContinental-Moscow-Tverskaya/60503256719?sk=photos#!/pages/InterContinental-Moscow-Tverskaya/60503256719?sk=wall&filter=2|http://www.grandfront-osaka.jp/facility/dwelling.html|http://twitter.com/#!/pedroj_ramirez|http://ihg.jobs.net/search/?keyword=&tn_did=CB000000000000000018&mxdl42=1%2c2%2c0&ihg_jobfield=-1&location=&ihg_location=208360120548|http://ihg.jobs.net/search/?ihg_jobfield=-1&ihg_location=206160120548&keyword=&pageid=430|http://ihg.jobs.net/search/?keyword=&tn_did=CB000000000000000018&mxdl42=1%2c2%2c0&ihg_jobfield=-1&location=&ihg_location=208660120548|http://www.motogp.com/|http://www.espagnolfacile.com/guide/index.php?niv=1|http://www.allocine.fr/film/fichefilm_gen_cfilm=192865.html|http://www.zeit.de|http://www.gfo525.com/|http://www.amazon.co.jp/s/ref=nb_sb_noss?__mk_ja_JP=%E3%82%AB%E3%82%BF%E3%82%AB%E3%83%8A&url=search-alias%3Daps&field-keywords=%E5%B5%90%E3%80%80beautiful+world+dvd&rh=i%3Aaps%2Ck%3A%E5%B5%90%E3%80%80beautiful+world+dvd&ajr=0
FF - plugin: c:\documents and settings\nandor\application data\mozilla\firefox\profiles\zahmmcml.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_183.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\Program Files\malwarebytes' anti-malware\mbamservice.exe [2012-1-25 652872]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\ocs inventory agent\OcsService.exe [2009-4-16 69632]
R2 OfcPfwSvc;OfficeScanNT Personal Firewall;c:\program files\trend micro\officescan client\OfcPfwSvc.exe [2006-4-3 233552]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2005-11-9 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2005-11-9 36432]
R2 TsService;TsService;c:\windows\system32\TsService.exe [2009-6-25 167936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-25 20464]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-1-23 253600]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
S4 vsdatant;vsdatant; [x]
.
=============== Created Last 30 ================
.
2012-01-27 15:37:51 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-27 14:06:25 -------- d-----w- C:\sh4ldr
2012-01-27 14:06:25 -------- d-----w- c:\program files\Enigma Software Group
2012-01-26 08:58:09 -------- d-----w- c:\documents and settings\nandor\local settings\application data\Sun
2012-01-25 08:58:19 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 17:09:13 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-01-24 17:07:50 -------- d-----w- c:\windows\ERUNT
2012-01-24 17:05:45 -------- d-----w- C:\SDFix
2012-01-23 14:23:24 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-23 14:21:48 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-23 08:53:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2012-01-23 08:53:31 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-23 08:53:26 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-01-20 14:13:53 -------- d-----w- c:\documents and settings\nandor\application data\Malwarebytes
2012-01-20 14:13:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-01-19 10:04:37 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-19 10:01:29 -------- d-sha-r- C:\cmdcons
2012-01-19 10:00:30 98816 ----a-w- c:\windows\sed.exe
2012-01-19 10:00:30 518144 ----a-w- c:\windows\SWREG.exe
2012-01-19 10:00:30 256000 ----a-w- c:\windows\PEV.exe
2012-01-19 10:00:30 208896 ----a-w- c:\windows\MBR.exe
2012-01-19 09:21:34 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2012-01-19 09:21:33 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2012-01-19 09:21:33 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2012-01-19 09:21:33 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2012-01-19 09:21:32 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2012-01-19 09:21:32 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2012-01-19 09:21:31 83096 ----a-w- c:\windows\system32\SSSensor.dll
2012-01-18 16:28:29 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-01-18 16:28:03 -------- d-----w- c:\documents and settings\nandor\application data\QuickScan
2012-01-18 13:34:55 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-01-18 13:33:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-18 12:00:08 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-18 11:44:11 118784 --sha-r- c:\windows\system32\rdpwsx3.dll
2012-01-18 08:52:28 387072 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-18 08:52:27 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-18 08:52:27 180736 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-18 08:52:03 61952 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-16 08:42:22 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-16 08:42:08 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
==================== Find3M ====================
.
2012-01-23 14:23:07 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 14:23:07 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-23 14:21:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 14:43:58 26624 ----a-w- c:\windows\system32\userinit.exe
2011-11-25 21:57:09 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40:17 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12:29 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22:22 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22:22 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13:29 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24:16 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:33 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:33 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:16 1288192 ----a-w- c:\windows\system32\ole32.dll
.
============= FINISH: 10:09:10,66 ===============





/********************************/
/********** attach.txt **********/
/********************************/

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2008 10:58:54
System Uptime: 30/01/2012 09:50:19 (1 hours ago)
.
Motherboard: Dell Inc. | | 0DR845
Processor: Intel® Core™2 Duo CPU E4600 @ 2.40GHz | CPU | 2392/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 14,989 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Port série PCI
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Manufacturer:
Name: Port série PCI
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_02111028&REV_02\3&172E68DD&0&1B
Service:
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 2700 classic
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 2700 classic
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1: 19/01/2012 10:00:32 - Point de vérification système
RP2: 19/01/2012 10:21:26 - Installed Sygate Personal Firewall
RP3: 19/01/2012 11:25:12 - Removed Ad-Aware
RP4: 20/01/2012 12:16:25 - Point de vérification système
RP5: 23/01/2012 10:00:13 - Software Distribution Service 3.0
RP6: 23/01/2012 15:22:59 - Installé Java™ 7 Update 2
RP7: 25/01/2012 10:38:16 - Software Distribution Service 3.0
RP8: 26/01/2012 12:28:25 - Point de vérification système
RP9: 27/01/2012 13:50:20 - Point de vérification système
RP10: 27/01/2012 15:06:24 - Installed SpyHunter
RP11: 27/01/2012 16:38:11 - Removed SpyHunter
.
==== Installed Programs ======================
.
??????????
32 Bit HP CIO Components Installer
Abdio MOV Video Converter v6.66 (Try)
Add-in ODF pour Microsoft Office
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Ant Renamer
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Archiveur WinRAR
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
CCleaner
Compatibility Pack for the 2007 Office system
Conduit Engine
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB2633952)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
dBpoweramp Music Converter
Dell Resource CD
DigiDelivery
Digidesign DigiDelivery
DVDVideoSoftTB Toolbar
EasyPHP 1.8
FileHippo.com Update Checker
FileZilla Client 3.5.3
Foxit Creator
Foxit Reader
Free Audio CD Burner version 1.4.7
Free Audio Converter version 2.3.4.920
Free AVI to FLV Converter 3000 ver.1.0.0
Free DVD Video Burner version 3.0.0
Free Studio version 5.0.5
Free Video Converter V 2.9
Free Video to Flash Converter version 4.7.23.324
Free Video to MP3 Converter version 4.3.815
Free YouTube Download 3 version 3.0.4.628
Free YouTube Download version 3.0.0.602
Free YouTube to DVD Converter version 2.7.24.305
Free YouTube to MP3 Converter version 3.9.35.324
Google Earth Plug-in
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Imagen
Inkscape 0.48.1
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Interface Intel® Management Engine
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 2
K-Lite Codec Pack 4.7.0 (Full)
Lecteur Windows Media 11
Macromedia Contribute 3
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Microsoft Windows (KB2564958)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2544521)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2559049)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2618444)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB969897)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB972260)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB976325)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB978207)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2160329)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476490)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2507938)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB2535512)
Mise à jour de sécurité pour Windows XP (KB2536276-v2)
Mise à jour de sécurité pour Windows XP (KB2544893-v2)
Mise à jour de sécurité pour Windows XP (KB2555917)
Mise à jour de sécurité pour Windows XP (KB2566454)
Mise à jour de sécurité pour Windows XP (KB2567680)
Mise à jour de sécurité pour Windows XP (KB2570222)
Mise à jour de sécurité pour Windows XP (KB2570947)
Mise à jour de sécurité pour Windows XP (KB2584146)
Mise à jour de sécurité pour Windows XP (KB2585542)
Mise à jour de sécurité pour Windows XP (KB2592799)
Mise à jour de sécurité pour Windows XP (KB2598479)
Mise à jour de sécurité pour Windows XP (KB2603381)
Mise à jour de sécurité pour Windows XP (KB2618451)
Mise à jour de sécurité pour Windows XP (KB2619339)
Mise à jour de sécurité pour Windows XP (KB2620712)
Mise à jour de sécurité pour Windows XP (KB2624667)
Mise à jour de sécurité pour Windows XP (KB2631813)
Mise à jour de sécurité pour Windows XP (KB2633171)
Mise à jour de sécurité pour Windows XP (KB2639417)
Mise à jour de sécurité pour Windows XP (KB2646524)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB938464-v2)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979559)
Mise à jour de sécurité pour Windows XP (KB979683)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980218)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour de sécurité pour Windows XP (KB982802)
Mise à jour pour Windows Internet Explorer 8 (KB971180)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB976749)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2641690)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Module de compatibilité pour Microsoft Office System 2007
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Monal2008
MonalLE
Mozilla Firefox 9.0.1 (x86 fr)
Mozilla Thunderbird (3.1.9)
MSVC80_x86_v2
Nucleus Kernel VBA Password Recovery Demo ver 4.02
OCS Inventory Agent 4.0.5.4
OpenOffice.org 3.3
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Palm Desktop
PasswordTools
PC Connectivity Solution
PDFCreator
QuickTime
Riva FLV Encoder 2.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Sothink SWF Decompiler
SoundMAX
ST Microelectronics TPM Driver Installer
Sygate Personal Firewall
Temp Cleaner
Trend Micro OfficeScan Client
UltraEdit 14.20
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoMach
VisiFly
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinTopo
.
==== End Of File ===========================





/**********************************/
/********** RKUnhookerLE **********/
/**********************************/

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8C16000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5779456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D9000 C:\WINDOWS\System32\igxpdx32.DLL 2621440 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, Noyau et système NT)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1863680 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1863680 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1617920 bytes (Intel Corporation, Component GHAL Driver)
0x9C67E000 C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 1327104 bytes (Trend Micro Inc., VsapiNT )
0x9C7C2000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 815104 bytes
0xB9E5B000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D3E000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA1964000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA1AFB000 C:\WINDOWS\system32\drivers\Senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB8A77000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA1A6F000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9C4E5000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA1B7F000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x9C632000 C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 311296 bytes (Trend Micro Inc., Post Filter For XP)
0xBF459000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB8BC1000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0x9C314000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8AD5000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F78000 ACPI.sys 192512 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0x9C5B5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D11000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA19D4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB8B75000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA1A21000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F22000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, Pilote E/S du Gestionnaire de disques NT)
0xA1A49000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA1B5B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8B9D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8B2D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9BBD7000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA19FF000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0B000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F48000 ftdisk.sys 126976 bytes (Microsoft Corporation, Pilote de disque à FT)
0xB9CF4000 Teefer.sys 118784 bytes (Sygate Technologies, Inc., Teefer Driver)
0xB9CDA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E43000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E2B000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9DE2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8B16000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB9DCB000 WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9BFE8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8B61000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Pilote de port parallèle)
0xB8C02000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1AC8000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DF9000 sr.sys 73728 bytes (Microsoft Corporation, Pilote de filtre de système de fichiers pour la restauration du système)
0xB9F67000 pci.sys 69632 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0xB8B05000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB8B50000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Pilote de périphérique série)
0x9D5F7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA5B5D000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA158000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Pilote de filtre audio Livre rouge)
0xA746D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA5B6D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 VolSnap.sys 57344 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA168000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA5B7D000 C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys 53248 bytes (Trend Micro Inc., Pre-Filter For XP)
0xBA188000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA5599000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Pilote de cryptographie FIPS)
0xBA128000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel® Management Engine Interface)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA178000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Pilote de périphérique processeur)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, Pilote de bus PNP ISA)
0xA5B8D000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0x9B644000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0x9D677000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0x9BB5F000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xBA198000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA55B9000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA55D9000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xA55C9000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 36864 bytes (Sygate Technologies, Inc., wpsdrvnt)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xA59DE000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA59F6000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA400000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0xA59C6000 C:\DOCUME~1\nandor\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA408000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xBA368000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA59EE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA59E6000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9D582000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9C3D000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 16384 bytes (Microsoft Corporation, Pilote vidéo plein écran)
0x9DA3B000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0xB9199000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xBA568000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9F9A0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB9C45000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0x9D3F9000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0x9DEFB000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9D41D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Pilote de filtre souris HID)
0xB9C39000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA64E8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9F136000 C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0x9EBCA000 C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0x9EBC2000 C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0x9DA37000 C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys 12288 bytes (Sygate Technologies, Inc., wgxn)
0xA2E72000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA664000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA662000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA666000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0x9CF39000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Pilote parallèle VDM)
0xBA668000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5E2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA65C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA75F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA1C89000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xA285A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Pilote de bus générique PCI IDE)
==============================================
>Stealth
==============================================


Thanks again.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 AM

Posted 30 January 2012 - 06:28 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 30 January 2012 - 08:35 AM

Hi again,

Here's the log from Combofix:


ComboFix 12-01-30.01 - Nandor 30/01/2012 14:10:13.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2005.1479 [GMT 1:00]
Lancé depuis: c:\documents and settings\Nandor\Bureau\ComboFix.exe
AV: Trend Micro OfficeScan Client *Enabled/Updated* {4C5B0CD4-189A-4F19-86F6-EF9A9EF694ED}
FW: Sygate Personal Firewall *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-28 au 2012-01-30 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-27 15:37 . 2012-01-27 15:38 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-27 14:06 . 2012-01-27 15:38 -------- d-----w- C:\sh4ldr
2012-01-27 14:06 . 2012-01-27 14:06 -------- d-----w- c:\program files\Enigma Software Group
2012-01-26 08:58 . 2012-01-26 08:58 -------- d-----w- c:\documents and settings\Nandor\Local Settings\Application Data\Sun
2012-01-25 08:58 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 17:09 . 2012-01-24 17:09 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-01-24 17:07 . 2012-01-24 17:07 -------- d-----w- c:\windows\ERUNT
2012-01-24 17:05 . 2012-01-24 17:24 -------- d-----w- C:\SDFix
2012-01-23 14:23 . 2012-01-23 14:23 -------- d-----w- c:\program files\Fichiers communs\Java
2012-01-23 14:23 . 2012-01-23 14:23 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-23 14:21 . 2012-01-23 14:21 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-23 08:53 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2012-01-23 08:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-23 08:53 . 2009-04-20 17:18 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-01-20 14:13 . 2012-01-20 14:13 -------- d-----w- c:\documents and settings\Nandor\Application Data\Malwarebytes
2012-01-20 14:13 . 2012-01-20 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-19 10:04 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2012-01-19 09:21 . 2004-10-15 17:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2012-01-19 09:21 . 2004-10-15 17:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2012-01-19 09:21 . 2004-10-15 17:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2012-01-18 16:28 . 2011-09-28 07:06 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-01-18 16:28 . 2012-01-23 12:23 -------- d-----w- c:\documents and settings\Nandor\Application Data\QuickScan
2012-01-18 13:37 . 2012-01-18 13:37 -------- d-----w- c:\documents and settings\LocalService\Bureau
2012-01-18 13:34 . 2012-01-19 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-18 13:33 . 2012-01-18 13:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-18 13:32 . 2012-01-18 13:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2012-01-18 13:32 . 2012-01-19 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-18 12:15 . 2012-01-18 12:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-18 12:06 . 2012-01-18 12:06 -------- d-----r- c:\documents and settings\LocalService\Favoris
2012-01-18 12:00 . 2012-01-19 09:34 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-18 11:44 . 2012-01-18 11:44 118784 --sha-r- c:\windows\system32\rdpwsx3.dll
2012-01-18 08:52 . 2011-11-03 15:28 387072 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-18 08:52 . 2011-10-14 14:47 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-18 08:52 . 2011-10-14 14:47 180736 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-18 08:52 . 2011-11-20 06:12 61952 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-16 08:42 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-16 08:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 14:23 . 2010-04-15 09:22 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 14:23 . 2009-05-11 10:20 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-23 14:21 . 2011-05-19 11:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 14:43 . 2004-08-05 10:00 26624 ----a-w- c:\windows\system32\userinit.exe
2011-11-25 21:57 . 2004-08-05 10:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-05 10:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-05 10:00 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2004-08-05 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2004-08-05 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2006-03-04 03:35 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-05 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-05 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-08-05 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-05 10:00 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-05 10:00 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-05 10:00 1288192 ----a-w- c:\windows\system32\ole32.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-11 137752]
"PrintKey2000"="c:\windows\PrintKey2000.exe" [1999-08-05 795136]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-09-28 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"EasyPHP"="c:\program files\EasyPHP1-8\EasyPHP.exe" [2005-03-31 172032]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Nandor\Menu Démarrer\Programmes\Démarrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nandor^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\Nandor\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Nandor^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Nandor\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:07 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2006-04-03 18:45 356352 ----a-w- c:\program files\Trend Micro\OfficeScan Client\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
2004-10-15 18:40 2577632 ----a-w- c:\PRG~3\sygate\Smc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OfcPfwSvc"=2 (0x2)
"ntrtscan"=2 (0x2)
"tmlisten"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\mt\\mt_PrgFls\\EasyPHP1-8\\EasyPHP.exe"=
"c:\\mt\\mt_PrgFls\\Mozilla\\firefox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\mt\\mt_PrgFls\\Mozilla\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [09/11/2005 20:34 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [09/11/2005 20:34 36432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/01/2012 09:58 20464]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2011 18:02 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/01/2012 09:58 652872]
S2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [16/04/2009 15:24 69632]
S2 TsService;TsService;c:\windows\system32\TsService.exe [25/06/2009 16:18 167936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23/01/2012 15:21 253600]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2011 18:02 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
upperdev
MREMPR5
ATIVTUTW
ErrDev
Intel_MIPMNMP
crystalaps
avsinc
CdaD10BA
GTSCSER
SGIR
mcontrol
interactivelogon
websenseclientdeployservice
s116mdm
ifxtcs
FontCache3.0.0.0.
elnkupdateservice
SE26mgmt
CTEDSPFX.DLL
BLKWGU(Belkin)
afs2k
zntport
KS0108
XilinxPC4Driver
pdlncfwk
3compxe
rwbackupsrv
StkScan
Sntnlusb
mail2ec
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-23 14:21]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 17:02]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 17:02]
.
2012-01-30 c:\windows\Tasks\jrykue.job
- c:\windows\system32\rdpwsx3.dll [2012-01-18 11:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.cmc.fr/telephones
IE: Free YouTube Download - c:\documents and settings\Nandor\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Nandor\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 10.199.203.5 10.199.202.2
DPF: {29BC57E0-018D-46D2-B233-338B779C169C} - hxxp://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
FF - ProfilePath - c:\documents and settings\Nandor\Application Data\Mozilla\Firefox\Profiles\zahmmcml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.google.fr/ - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-HijackThis - c:\documents and settings\Nandor\Bureau\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 14:15
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
Heure de fin: 2012-01-30 14:16:44
ComboFix-quarantined-files.txt 2012-01-30 13:16
ComboFix2.txt 2012-01-19 10:23
.
Avant-CF: 16 028 225 536 octets libres
Après-CF: 16 050 491 392 octets libres
.
- - End Of File - - C0A6F43342B0A448BAC153631CC28BED



And... I keep having my search results redirected.
Most often towards http://thealltimes.com

Do you see anything wrong?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 AM

Posted 30 January 2012 - 12:07 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 30 January 2012 - 12:16 PM

Here's TDS Killer the report :


18:11:03.0116 2824 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
18:11:04.0132 2824 ============================================================
18:11:04.0132 2824 Current date / time: 2012/01/30 18:11:04.0132
18:11:04.0132 2824 SystemInfo:
18:11:04.0132 2824
18:11:04.0132 2824 OS Version: 5.1.2600 ServicePack: 3.0
18:11:04.0132 2824 Product type: Workstation
18:11:04.0132 2824 ComputerName: Nandor
18:11:04.0132 2824 UserName: Nandor
18:11:04.0132 2824 Windows directory: C:\WINDOWS
18:11:04.0132 2824 System windows directory: C:\WINDOWS
18:11:04.0132 2824 Processor architecture: Intel x86
18:11:04.0132 2824 Number of processors: 2
18:11:04.0132 2824 Page size: 0x1000
18:11:04.0132 2824 Boot type: Normal boot
18:11:04.0132 2824 ============================================================
18:11:04.0382 2824 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:11:04.0382 2824 \Device\Harddisk0\DR0:
18:11:04.0382 2824 MBR used
18:11:04.0382 2824 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x94D3772
18:11:04.0413 2824 Initialize success
18:11:04.0413 2824 ============================================================
18:11:05.0601 0812 ============================================================
18:11:05.0601 0812 Scan started
18:11:05.0601 0812 Mode: Manual;
18:11:05.0601 0812 ============================================================
18:11:05.0883 0812 Abiosdsk - ok
18:11:05.0898 0812 abp480n5 - ok
18:11:05.0929 0812 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:11:05.0929 0812 ACPI - ok
18:11:05.0961 0812 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:11:05.0961 0812 ACPIEC - ok
18:11:05.0992 0812 ADIHdAudAddService (0f0a69496989912351284bb1baa2ce57) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:11:05.0992 0812 ADIHdAudAddService - ok
18:11:06.0008 0812 adpu160m - ok
18:11:06.0023 0812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:11:06.0023 0812 aec - ok
18:11:06.0039 0812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:11:06.0039 0812 AFD - ok
18:11:06.0055 0812 Aha154x - ok
18:11:06.0055 0812 aic78u2 - ok
18:11:06.0070 0812 aic78xx - ok
18:11:06.0086 0812 AliIde - ok
18:11:06.0086 0812 amsint - ok
18:11:06.0101 0812 asc - ok
18:11:06.0101 0812 asc3350p - ok
18:11:06.0117 0812 asc3550 - ok
18:11:06.0148 0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:11:06.0148 0812 AsyncMac - ok
18:11:06.0180 0812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:11:06.0180 0812 atapi - ok
18:11:06.0195 0812 Atdisk - ok
18:11:06.0211 0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:11:06.0211 0812 Atmarpc - ok
18:11:06.0242 0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:11:06.0242 0812 audstub - ok
18:11:06.0258 0812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:11:06.0273 0812 Beep - ok
18:11:06.0351 0812 catchme - ok
18:11:06.0398 0812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:11:06.0398 0812 cbidf2k - ok
18:11:06.0398 0812 cd20xrnt - ok
18:11:06.0414 0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:11:06.0414 0812 Cdaudio - ok
18:11:06.0445 0812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:11:06.0445 0812 Cdfs - ok
18:11:06.0477 0812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:11:06.0477 0812 Cdrom - ok
18:11:06.0523 0812 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:11:06.0523 0812 cercsr6 - ok
18:11:06.0523 0812 Changer - ok
18:11:06.0539 0812 CmdIde - ok
18:11:06.0555 0812 Cpqarray - ok
18:11:06.0555 0812 dac2w2k - ok
18:11:06.0570 0812 dac960nt - ok
18:11:06.0602 0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:11:06.0602 0812 Disk - ok
18:11:06.0633 0812 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
18:11:06.0633 0812 dmboot - ok
18:11:06.0664 0812 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
18:11:06.0664 0812 dmio - ok
18:11:06.0664 0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:11:06.0664 0812 dmload - ok
18:11:06.0695 0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:11:06.0695 0812 DMusic - ok
18:11:06.0695 0812 dpti2o - ok
18:11:06.0711 0812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:11:06.0711 0812 drmkaud - ok
18:11:06.0758 0812 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:11:06.0758 0812 e1express - ok
18:11:06.0820 0812 esgiguard - ok
18:11:06.0852 0812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:11:06.0852 0812 Fastfat - ok
18:11:06.0867 0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:11:06.0867 0812 Fdc - ok
18:11:06.0883 0812 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
18:11:06.0883 0812 Fips - ok
18:11:06.0899 0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:11:06.0899 0812 Flpydisk - ok
18:11:06.0945 0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:11:06.0945 0812 FltMgr - ok
18:11:06.0977 0812 FsVga (b71a69bb9cc88803f455341bd3992e0c) C:\WINDOWS\system32\DRIVERS\fsvga.sys
18:11:06.0977 0812 FsVga - ok
18:11:06.0992 0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:11:06.0992 0812 Fs_Rec - ok
18:11:07.0008 0812 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:11:07.0008 0812 Ftdisk - ok
18:11:07.0039 0812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:11:07.0039 0812 Gpc - ok
18:11:07.0055 0812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:11:07.0055 0812 HDAudBus - ok
18:11:07.0070 0812 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys
18:11:07.0070 0812 HECI - ok
18:11:07.0102 0812 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:11:07.0102 0812 hidusb - ok
18:11:07.0117 0812 hpn - ok
18:11:07.0149 0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:11:07.0149 0812 HTTP - ok
18:11:07.0164 0812 i2omgmt - ok
18:11:07.0180 0812 i2omp - ok
18:11:07.0211 0812 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\drivers\i8042prt.sys
18:11:07.0211 0812 i8042prt - ok
18:11:07.0352 0812 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:11:07.0383 0812 ialm - ok
18:11:07.0477 0812 iastor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:11:07.0477 0812 iastor - ok
18:11:07.0524 0812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:11:07.0524 0812 Imapi - ok
18:11:07.0539 0812 ini910u - ok
18:11:07.0539 0812 IntelIde - ok
18:11:07.0571 0812 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:11:07.0571 0812 intelppm - ok
18:11:07.0586 0812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:11:07.0586 0812 Ip6Fw - ok
18:11:07.0618 0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:11:07.0618 0812 IpFilterDriver - ok
18:11:07.0633 0812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:11:07.0633 0812 IpInIp - ok
18:11:07.0664 0812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:11:07.0664 0812 IpNat - ok
18:11:07.0696 0812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:11:07.0696 0812 IPSec - ok
18:11:07.0727 0812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:11:07.0743 0812 IRENUM - ok
18:11:07.0758 0812 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:11:07.0758 0812 isapnp - ok
18:11:07.0774 0812 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:11:07.0774 0812 Kbdclass - ok
18:11:07.0805 0812 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:11:07.0805 0812 kbdhid - ok
18:11:07.0836 0812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:11:07.0836 0812 kmixer - ok
18:11:07.0868 0812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:11:07.0868 0812 KSecDD - ok
18:11:07.0868 0812 lbrtfdc - ok
18:11:07.0930 0812 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:11:07.0930 0812 MBAMProtector - ok
18:11:07.0961 0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:11:07.0961 0812 mnmdd - ok
18:11:07.0993 0812 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
18:11:07.0993 0812 Modem - ok
18:11:08.0008 0812 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:11:08.0008 0812 Mouclass - ok
18:11:08.0024 0812 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:11:08.0024 0812 mouhid - ok
18:11:08.0040 0812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:11:08.0040 0812 MountMgr - ok
18:11:08.0055 0812 mraid35x - ok
18:11:08.0055 0812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:11:08.0055 0812 MRxDAV - ok
18:11:08.0118 0812 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:11:08.0118 0812 MRxSmb - ok
18:11:08.0133 0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:11:08.0133 0812 Msfs - ok
18:11:08.0180 0812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:11:08.0180 0812 MSKSSRV - ok
18:11:08.0180 0812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:11:08.0196 0812 MSPCLOCK - ok
18:11:08.0196 0812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:11:08.0196 0812 MSPQM - ok
18:11:08.0227 0812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:11:08.0227 0812 mssmbios - ok
18:11:08.0258 0812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:11:08.0258 0812 Mup - ok
18:11:08.0274 0812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:11:08.0274 0812 NDIS - ok
18:11:08.0290 0812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:11:08.0290 0812 NdisTapi - ok
18:11:08.0321 0812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:11:08.0321 0812 Ndisuio - ok
18:11:08.0336 0812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:11:08.0336 0812 NdisWan - ok
18:11:08.0368 0812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:11:08.0368 0812 NDProxy - ok
18:11:08.0399 0812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:11:08.0399 0812 NetBIOS - ok
18:11:08.0430 0812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:11:08.0430 0812 NetBT - ok
18:11:08.0462 0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:11:08.0462 0812 Npfs - ok
18:11:08.0477 0812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:11:08.0477 0812 Ntfs - ok
18:11:08.0540 0812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:11:08.0540 0812 Null - ok
18:11:08.0555 0812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:11:08.0555 0812 NwlnkFlt - ok
18:11:08.0571 0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:11:08.0571 0812 NwlnkFwd - ok
18:11:08.0633 0812 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys
18:11:08.0633 0812 PalmUSBD - ok
18:11:08.0665 0812 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
18:11:08.0665 0812 Parport - ok
18:11:08.0696 0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:11:08.0696 0812 PartMgr - ok
18:11:08.0712 0812 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
18:11:08.0712 0812 ParVdm - ok
18:11:08.0743 0812 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:11:08.0743 0812 pccsmcfd - ok
18:11:08.0774 0812 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
18:11:08.0774 0812 PCI - ok
18:11:08.0774 0812 PCIDump - ok
18:11:08.0790 0812 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:11:08.0790 0812 PCIIde - ok
18:11:08.0821 0812 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:11:08.0821 0812 Pcmcia - ok
18:11:08.0837 0812 PDCOMP - ok
18:11:08.0837 0812 PDFRAME - ok
18:11:08.0852 0812 PDRELI - ok
18:11:08.0852 0812 PDRFRAME - ok
18:11:08.0868 0812 perc2 - ok
18:11:08.0868 0812 perc2hib - ok
18:11:08.0946 0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:11:08.0946 0812 PptpMiniport - ok
18:11:08.0946 0812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:11:08.0946 0812 PSched - ok
18:11:08.0977 0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:11:08.0977 0812 Ptilink - ok
18:11:08.0977 0812 ql1080 - ok
18:11:08.0977 0812 Ql10wnt - ok
18:11:08.0993 0812 ql12160 - ok
18:11:08.0993 0812 ql1240 - ok
18:11:09.0009 0812 ql1280 - ok
18:11:09.0024 0812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:11:09.0024 0812 RasAcd - ok
18:11:09.0024 0812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:11:09.0024 0812 Rasl2tp - ok
18:11:09.0040 0812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:11:09.0040 0812 RasPppoe - ok
18:11:09.0055 0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:11:09.0055 0812 Raspti - ok
18:11:09.0087 0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:11:09.0102 0812 Rdbss - ok
18:11:09.0118 0812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:11:09.0118 0812 RDPCDD - ok
18:11:09.0149 0812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:11:09.0149 0812 rdpdr - ok
18:11:09.0212 0812 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:11:09.0212 0812 RDPWD - ok
18:11:09.0243 0812 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:11:09.0243 0812 redbook - ok
18:11:09.0274 0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:11:09.0274 0812 Secdrv - ok
18:11:09.0321 0812 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
18:11:09.0321 0812 SenFiltService - ok
18:11:09.0352 0812 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:11:09.0352 0812 serenum - ok
18:11:09.0368 0812 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
18:11:09.0368 0812 Serial - ok
18:11:09.0415 0812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
18:11:09.0415 0812 Sfloppy - ok
18:11:09.0431 0812 Simbad - ok
18:11:09.0446 0812 Sparrow - ok
18:11:09.0477 0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:11:09.0477 0812 splitter - ok
18:11:09.0509 0812 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:11:09.0509 0812 sr - ok
18:11:09.0540 0812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:11:09.0540 0812 Srv - ok
18:11:09.0587 0812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:11:09.0587 0812 swenum - ok
18:11:09.0602 0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:11:09.0602 0812 swmidi - ok
18:11:09.0618 0812 symc810 - ok
18:11:09.0618 0812 symc8xx - ok
18:11:09.0634 0812 sym_hi - ok
18:11:09.0634 0812 sym_u3 - ok
18:11:09.0681 0812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:11:09.0681 0812 sysaudio - ok
18:11:09.0712 0812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:11:09.0712 0812 Tcpip - ok
18:11:09.0759 0812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:11:09.0759 0812 TDPIPE - ok
18:11:09.0774 0812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:11:09.0774 0812 TDTCP - ok
18:11:09.0837 0812 Teefer (99336d4da97b4eeaafab46a4f8e512e6) C:\WINDOWS\system32\Drivers\Teefer.sys
18:11:09.0837 0812 Teefer - ok
18:11:09.0853 0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:11:09.0868 0812 TermDD - ok
18:11:09.0931 0812 TmFilter (ac940a15959be57958b91cdb914aaa6c) C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
18:11:09.0931 0812 TmFilter - ok
18:11:09.0946 0812 TmPreFilter (8651a867c78bd2b69f1d5f982138a074) C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
18:11:09.0946 0812 TmPreFilter - ok
18:11:09.0993 0812 TosIde - ok
18:11:10.0025 0812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:11:10.0025 0812 Udfs - ok
18:11:10.0025 0812 ultra - ok
18:11:10.0071 0812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:11:10.0071 0812 Update - ok
18:11:10.0087 0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:11:10.0087 0812 usbehci - ok
18:11:10.0118 0812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:11:10.0118 0812 usbhub - ok
18:11:10.0150 0812 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
18:11:10.0150 0812 usbser - ok
18:11:10.0165 0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:11:10.0165 0812 USBSTOR - ok
18:11:10.0196 0812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:11:10.0196 0812 usbuhci - ok
18:11:10.0228 0812 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:11:10.0228 0812 usb_rndisx - ok
18:11:10.0243 0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:11:10.0243 0812 VgaSave - ok
18:11:10.0243 0812 ViaIde - ok
18:11:10.0259 0812 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
18:11:10.0259 0812 VolSnap - ok
18:11:10.0353 0812 VSApiNt (71a53597bfb4bad7218ad2beaba5c564) C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
18:11:10.0353 0812 VSApiNt - ok
18:11:10.0384 0812 vsdatant - ok
18:11:10.0415 0812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:11:10.0415 0812 Wanarp - ok
18:11:10.0447 0812 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:11:10.0447 0812 wceusbsh - ok
18:11:10.0493 0812 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:11:10.0493 0812 Wdf01000 - ok
18:11:10.0493 0812 WDICA - ok
18:11:10.0525 0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:11:10.0525 0812 wdmaud - ok
18:11:10.0572 0812 wg3n (a67340b874df9eaf5b226e5f3473b9da) C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
18:11:10.0572 0812 wg3n - ok
18:11:10.0587 0812 wg4n (851216e2816b7b7e74b5f7ef1d4acfb7) C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
18:11:10.0587 0812 wg4n - ok
18:11:10.0603 0812 wg5n (aedd1fe0df660411d15da3c57cfc2402) C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
18:11:10.0603 0812 wg5n - ok
18:11:10.0618 0812 wg6n (dd0d719a58df79086462bd5fc972a908) C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
18:11:10.0618 0812 wg6n - ok
18:11:10.0665 0812 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:11:10.0665 0812 WpdUsb - ok
18:11:10.0712 0812 wpsdrvnt (93c145dceb13156322423efd62d4549a) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
18:11:10.0712 0812 wpsdrvnt - ok
18:11:10.0743 0812 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:11:10.0743 0812 WS2IFSL - ok
18:11:10.0759 0812 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:11:10.0759 0812 WudfPf - ok
18:11:10.0790 0812 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:11:10.0790 0812 WudfRd - ok
18:11:10.0822 0812 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
18:11:10.0962 0812 \Device\Harddisk0\DR0 - ok
18:11:10.0962 0812 Boot (0x1200) (2d6adf1919f066ebdac8c63de45f1b6c) \Device\Harddisk0\DR0\Partition0
18:11:10.0962 0812 \Device\Harddisk0\DR0\Partition0 - ok
18:11:10.0962 0812 ============================================================
18:11:10.0962 0812 Scan finished
18:11:10.0962 0812 ============================================================
18:11:10.0978 0524 Detected object count: 0
18:11:10.0978 0524 Actual detected object count: 0


Thanks for your help.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 AM

Posted 30 January 2012 - 12:54 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 31 January 2012 - 05:03 AM

Hello,

here's the aswMBR report:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-31 10:46:54
-----------------------------
10:46:54.351 OS Version: Windows 5.1.2600 Service Pack 3
10:46:54.351 Number of processors: 2 586 0xF0D
10:46:54.351 ComputerName: Nandor UserName: Nandor
10:46:54.851 Initialize success
10:47:35.719 AVAST engine defs: 12013000
10:47:50.378 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:47:50.378 Disk 0 Vendor: ST380815 4.AD Size: 76293MB BusType: 3
10:47:50.394 Disk 0 MBR read successfully
10:47:50.394 Disk 0 MBR scan
10:47:50.456 Disk 0 Windows XP default MBR code
10:47:50.456 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
10:47:50.488 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76198 MB offset 176715
10:47:50.488 Disk 0 scanning sectors +156232125
10:47:50.566 Disk 0 scanning C:\WINDOWS\system32\drivers
10:48:08.101 Service scanning
10:48:09.211 Modules scanning
10:48:14.368 Disk 0 trace - called modules:
10:48:14.368 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:48:14.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89cf9ab8]
10:48:14.384 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a645030]
10:48:14.650 AVAST engine scan C:\WINDOWS
10:48:25.512 AVAST engine scan C:\WINDOWS\system32
10:50:16.069 File: C:\WINDOWS\system32\rdpwsx3.dll **INFECTED** Win32:Diller-B [Trj]
10:51:49.450 AVAST engine scan C:\WINDOWS\system32\drivers
10:52:05.439 AVAST engine scan C:\Documents and Settings\Nandor
10:54:36.773 AVAST engine scan C:\Documents and Settings\All Users
10:57:46.132 Scan finished successfully
10:58:38.833 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nandor\Bureau\MBR.dat"
10:58:38.833 The log file has been saved successfully to "C:\Documents and Settings\Nandor\Bureau\aswMBR.txt"


It seems it finally found something...

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 AM

Posted 31 January 2012 - 08:27 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\WINDOWS\system32\rdpwsx3.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nandorenator

nandorenator
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:42 AM

Posted 31 January 2012 - 10:03 AM

Thank you so much, the redirection seems to be gone!!

Here's the report :



ComboFix 12-01-30.02 - NANDOR 31/01/2012 15:46:30.3.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2005.1496 [GMT 1:00]
Lancé depuis: c:\documents and settings\NANDOR\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\NANDOR\Bureau\CFScript.txt
AV: Trend Micro OfficeScan Client *Enabled/Updated* {4C5B0CD4-189A-4F19-86F6-EF9A9EF694ED}
FW: Sygate Personal Firewall *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
FILE ::
"c:\windows\system32\rdpwsx3.dll"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\rdpwsx3.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-28 au 2012-01-31 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-27 15:37 . 2012-01-27 15:38 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2012-01-27 14:06 . 2012-01-27 15:38 -------- d-----w- C:\sh4ldr
2012-01-27 14:06 . 2012-01-27 14:06 -------- d-----w- c:\program files\Enigma Software Group
2012-01-26 08:58 . 2012-01-26 08:58 -------- d-----w- c:\documents and settings\NANDOR\Local Settings\Application Data\Sun
2012-01-25 08:58 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-24 17:09 . 2012-01-24 17:09 579584 -c--a-w- c:\windows\system32\dllcache\user32.dll
2012-01-24 17:07 . 2012-01-24 17:07 -------- d-----w- c:\windows\ERUNT
2012-01-24 17:05 . 2012-01-24 17:24 -------- d-----w- C:\SDFix
2012-01-23 14:23 . 2012-01-23 14:23 -------- d-----w- c:\program files\Fichiers communs\Java
2012-01-23 14:23 . 2012-01-23 14:23 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-23 14:21 . 2012-01-23 14:21 417440 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-01-23 08:53 . 2010-12-20 17:32 551936 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2012-01-23 08:53 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-01-23 08:53 . 2009-04-20 17:18 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2012-01-20 14:13 . 2012-01-20 14:13 -------- d-----w- c:\documents and settings\NANDOR\Application Data\Malwarebytes
2012-01-20 14:13 . 2012-01-20 14:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-19 10:04 . 2011-07-15 13:29 457856 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg6n.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg5n.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg4n.sys
2012-01-19 09:21 . 2004-10-15 17:32 14568 ----a-w- c:\windows\system32\drivers\wg3n.sys
2012-01-19 09:21 . 2004-10-15 17:18 21075 ----a-w- c:\windows\system32\drivers\wpsdrvnt.sys
2012-01-19 09:21 . 2004-10-15 17:17 60496 ----a-w- c:\windows\system32\drivers\Teefer.sys
2012-01-19 09:21 . 2004-10-15 17:32 83096 ----a-w- c:\windows\system32\SSSensor.dll
2012-01-18 16:28 . 2011-09-28 07:06 606208 -c----w- c:\windows\system32\dllcache\crypt32.dll
2012-01-18 16:28 . 2012-01-23 12:23 -------- d-----w- c:\documents and settings\NANDOR\Application Data\QuickScan
2012-01-18 13:37 . 2012-01-18 13:37 -------- d-----w- c:\documents and settings\LocalService\Bureau
2012-01-18 13:34 . 2012-01-19 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-01-18 13:33 . 2012-01-18 13:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-18 13:32 . 2012-01-18 13:32 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2012-01-18 13:32 . 2012-01-19 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-01-18 12:15 . 2012-01-18 12:15 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-18 12:06 . 2012-01-18 12:06 -------- d-----r- c:\documents and settings\LocalService\Favoris
2012-01-18 12:00 . 2012-01-19 09:34 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-01-18 08:52 . 2011-11-03 15:28 387072 -c----w- c:\windows\system32\dllcache\qdvd.dll
2012-01-18 08:52 . 2011-10-14 14:47 23040 -c----w- c:\windows\system32\dllcache\mciseq.dll
2012-01-18 08:52 . 2011-10-14 14:47 180736 -c----w- c:\windows\system32\dllcache\winmm.dll
2012-01-18 08:52 . 2011-11-20 06:12 61952 -c----w- c:\windows\system32\dllcache\packager.exe
2012-01-16 08:42 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-01-16 08:42 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-23 14:23 . 2010-04-15 09:22 567184 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-23 14:23 . 2009-05-11 10:20 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-23 14:21 . 2011-05-19 11:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-18 14:43 . 2004-08-05 10:00 26624 ----a-w- c:\windows\system32\userinit.exe
2011-11-25 21:57 . 2004-08-05 10:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-05 10:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-05 10:00 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:22 . 2004-08-05 10:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:22 . 2004-08-05 10:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:13 . 2006-03-04 03:35 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2004-08-05 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2004-08-05 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:24 . 2004-08-05 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-05 10:00 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-05 10:00 1298432 ----a-w- c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-30_13.15.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-31 14:34 . 2012-01-31 14:34 16384 c:\windows\temp\Perflib_Perfdata_6e8.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-11 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-09-28 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-09-30 252296]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-04-03 356352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\NANDOR\Menu Démarrer\Programmes\Démarrage\
Adobe Gamma.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^NANDOR^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\NANDOR\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^NANDOR^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\NANDOR\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyPHP]
2005-03-31 15:18 172032 ----a-w- c:\program files\EasyPHP1-8\EasyPHP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:07 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-12-24 16:50 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
2006-04-03 18:45 356352 ----a-w- c:\program files\Trend Micro\OfficeScan Client\PccNTMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintKey2000]
1999-08-05 09:10 795136 ----a-w- c:\windows\Printkey2000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
2004-10-15 18:40 2577632 ----a-w- c:\mt\MT_PRG~3\sygate\Smc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SmcService"=2 (0x2)
"tmlisten"=2 (0x2)
"OfcPfwSvc"=2 (0x2)
"ntrtscan"=2 (0x2)
"MBAMService"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\mt\\mt_PrgFls\\EasyPHP1-8\\EasyPHP.exe"=
"c:\\mt\\mt_PrgFls\\Mozilla\\firefox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
"c:\\mt\\mt_PrgFls\\Mozilla\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [16/04/2009 15:24 69632]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\tmxpflt.sys [09/11/2005 20:34 249424]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [09/11/2005 20:34 36432]
S2 TsService;TsService;c:\windows\system32\TsService.exe [25/06/2009 16:18 167936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23/01/2012 15:21 253600]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/01/2012 09:58 20464]
S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2011 18:02 136176]
S4 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2011 18:02 136176]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/01/2012 09:58 652872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
upperdev
MREMPR5
ATIVTUTW
ErrDev
Intel_MIPMNMP
crystalaps
avsinc
CdaD10BA
GTSCSER
SGIR
mcontrol
interactivelogon
websenseclientdeployservice
s116mdm
ifxtcs
FontCache3.0.0.0.
elnkupdateservice
SE26mgmt
CTEDSPFX.DLL
BLKWGU(Belkin)
afs2k
zntport
KS0108
XilinxPC4Driver
pdlncfwk
3compxe
rwbackupsrv
StkScan
Sntnlusb
mail2ec
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-23 14:21]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 17:02]
.
2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 17:02]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.cmc.fr/telephones
IE: Free YouTube Download - c:\documents and settings\NANDOR\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\NANDOR\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Sothink SWF Catcher - c:\program files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 10.199.203.5 10.199.202.2
DPF: {29BC57E0-018D-46D2-B233-338B779C169C} - hxxp://view.books.yahoo.co.jp/dor/drm/components/WebShell_2_1_0_3.cab
FF - ProfilePath - c:\documents and settings\NANDOR\Application Data\Mozilla\Firefox\Profiles\zahmmcml.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.google.fr/
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 15:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\vsdatant]
"ImagePath"=""
.
Heure de fin: 2012-01-31 15:53:17
ComboFix-quarantined-files.txt 2012-01-31 14:53
ComboFix2.txt 2012-01-30 13:16
ComboFix3.txt 2012-01-19 10:23
.
Avant-CF: 15 908 069 376 octets libres
Après-CF: 15 937 875 968 octets libres
.
- - End Of File - - 34AFBBA53607FD7FC727062B04EAA61B





Could you please keep the topic open for a few more days? Just to be sure it doesn't happen again...

Thanks again.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:42 AM

Posted 31 January 2012 - 04:26 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Conduit Engine
Java™ 6 Update 29
Java™ 7 Update 2
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users